Knowledgebase: Website Security
Sucuri Website Security Service
Posted by Joe Rebis on 07 March 2019 12:34 PM

Sucuri Website Security Service

The following is a list of options to enhance the security service. All items are OPTIONAL. We have indicated some recommendations below where applicable.

Whitelisted Addresses - Allows your IP to bypass some security restrictions. We recommend white listing your IP and locking down the website.

Blacklisted Addresses - Blocks IP from accessing website. We recommend adding IPs here that are abusing the website.

Request to Block User Agent - Block a specific User-agent from accessing website. Use this setting if your logs show abuse from a particular User Agent.

Request to Block Referers - Blocks users coming from a specific Referer. Use this setting if your logs show unwanted traffic from a particular Referer.

Other Protected Pages - This allows you to Password protect pages.

Geo Blocking (Blocked Countries): Highly Recommended

This option allows you to block access to your site from the countries selected. The viewing list is used to prevent anyone from that country from visiting (browsing) the site, while the other option, posting, allows them to view the content in read-only mode, but they won't be able to login, register, buy or send any comments.

Admin panel restricted to only Whitelisted IP addresses: Ideal for selected WP Admins

Most popular content management systems have an administrative panel. Example: "/wp-admin" on WordPress or "/administrator" on Joomla. If you set it on, only whitelisted IP addresses will be able to access those directories. If you have a membership site and you allow anyone to create an account and login there, do not enable this option.

XMLRPC, Comments and Trackbacks blocked: Can Result in False Positives

If your site does not allow comments (or trackbacks/pingbacks), or if you use an external commenting system (like Disqus or Facebook comments), you can block any comment attempt, since it is likely to be spam.

Stop unfiltered HTML from being sent to your site: Can Result in False Positives

This option prevents users from inserting or sending unfiltered HTML content to your site. It will block things like iframes and script calls from being used. If you have a forum or membership site and you allow your users to send messages and post open content, do not enable this option. Note that white listed IP addresses are not affected by this setting.

Stop upload of PHP or executable content: Can Result in False Positives

This option will prevent anyone from uploading PHP, Perl or executable content to your site. We recommend enabling this option unless you do allow users to do uploads. Note that white listed IP addresses are still allowed to do uploads.

Enable Emergency DDoS protection: Only During Emergency

The HTTP flood protection will prevent anyone from using a browser without JavaScript enabled from visiting the site (except major search engines), very useful when the site is under DDoS. You can turn off this option once things normalize.

Block anonymous proxies and the top three attack countries: Highly Recommended

Enabling this option will prevent anyone from China, Russia or Turkey from interacting with your site. They are still able to view all content, but not register an account, submit comments or attempt to login (basically lock to read-only mode). The same restriction applies to users using anonymous proxies services to hide their IP addresses.

Aggressive bot filter: Highly Recommended

This setting will block invalid user agents that do not match real browsers like empty user agents, user agents that start with PHP/, and improper user agents from common browsers.

Force passing the hostname via TLS/SSL: Leave Default

This option will force passing the hostname during the SSL/TLS handshake. NOTE: enabling it may break the site, do not enable it unless it's already broken.

Advanced evasion detection: Leave Default

This option will enable our advanced evasion detection signatures. We recommend keeping it on, but if your site support URLs on non-ascii characters (like Japanese, Indian, Russian, etc), you may need to disable it.

(0 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).

Copyright © 2019 EPhost, Inc. All rights reserved.