Security Matters

Customers sometimes ask us to explain the value of our managed website services. There are easy and obvious parts. For example, hosting services and the developer subscriptions to tools we use to build sites get allocated across the customers that use them (at a much lower cost than customers buying them individually). Other parts are less obvious.

Today we got notified by the Wordfence security plugin that a client site was seeing an increased attack rate. the attacks were coming from an IP address in the Ukraine and were trying to exploit a remote file upload vulnerability in the timthumb graphics code. This site doesn’t use timthumb so it wasn’t vulnerable but the high rate of attacks were stealing bandwidth from legitimate site visitors.

We actively monitor attacks like this and, when necessary, we manually block IP addresses to reduce the performance impact of the attacks. Hosting companies sometimes shutdown websites with excessive traffic and we never want that to happen to a client’s site. And, of course, we never want a vulnerability to actually get exploited and harm the reputation of a client’s site.

We look at reports like this one from Wordfence and take appropriate action so our clients can stay focused on their mission and their content:

February 2, 2018 2:35am nnn.nnn.nnn.nnn (Ukraine) Blocked for TimThumb <= 1.33 - Remote File Download
February 2, 2018 2:34am nnn.nnn.nnn.nnn (Ukraine) Blocked for TimThumb <= 1.33 - Remote File Download
February 2, 2018 2:34am nnn.nnn.nnn.nnn (Ukraine) Blocked for TimThumb <= 1.33 - Remote File Download
February 2, 2018 2:34am nnn.nnn.nnn.nnn (Ukraine) Blocked for TimThumb <= 1.33 - Remote File Download
February 2, 2018 2:34am nnn.nnn.nnn.nnn (Ukraine) Blocked for TimThumb <= 1.33 - Remote File Download
February 2, 2018 2:34am nnn.nnn.nnn.nnn (Ukraine) Blocked for TimThumb <= 1.33 - Remote File Download
February 2, 2018 2:34am nnn.nnn.nnn.nnn (Ukraine) Blocked for TimThumb <= 1.33 - Remote File Download
February 2, 2018 2:34am nnn.nnn.nnn.nnn (Ukraine) Blocked for TimThumb <= 1.33 - Remote File Download
February 2, 2018 2:34am nnn.nnn.nnn.nnn (Ukraine) Blocked for TimThumb <= 1.33 - Remote File Download
February 2, 2018 2:34am nnn.nnn.nnn.nnn (Ukraine) Blocked for TimThumb <= 1.33 - Remote File Download

There were 356 such attacks in just a few minutes. That makes this attack fairly easy to spot. Other attacks randomly try to exploit your site over a long period of time, making detection and manual blocking more difficult. A good firewall and website security suite is important as it can block these attacks as they happen.