1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Cloudflare Fails To Stop Hacking

Discussion in 'Security' started by humtuma, Jan 30, 2013.

  1. #1
    After all my website get hacked. WTH is this.

    I am in trouble.
    SEMrush
     
    humtuma, Jan 30, 2013 IP
    SEMrush
  2. anika

    anika Active Member

    Messages:
    147
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    90
    #2
    Cloudflare can only do so much to stop common attacks. But if you don't update your site or patch the holes, there are nothing Cloudflare can do.
    Contact your Web hosting to see if there is any old backup around, do a clean install of your site w/ the latest version of your scripts and import old DB data from there. G'luck.
     
    anika, Jan 30, 2013 IP
  3. Irop Paze

    Irop Paze Active Member

    Messages:
    147
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    68
    #3
    Are you looking for some sort of advice to fix or secure it? or are you just making a general statement? If you are looking for advice you have to bring in some more details.
     
    Irop Paze, Feb 2, 2013 IP
  4. zacharooni

    zacharooni Well-Known Member

    Messages:
    346
    Likes Received:
    20
    Best Answers:
    4
    Trophy Points:
    120
    #4
    CloudFlare is not a security system, only a reverse proxy. You may want to install mod_rpaf with mod_security and a decent ruleset on the backend to help protect your site.
     
    zacharooni, Feb 2, 2013 IP
  5. pavv

    pavv Active Member

    Messages:
    264
    Likes Received:
    6
    Best Answers:
    1
    Trophy Points:
    70
    #5
    Do you use a script like WordPress for your site?
     
    pavv, Feb 16, 2013 IP
  6. humtuma

    humtuma Notable Member

    Messages:
    1,222
    Likes Received:
    24
    Best Answers:
    3
    Trophy Points:
    200
    #6
    My webhost is saying , please do not install your website here. Go anywhere, host is securesignup.net. Even they are not uploading my old backup to check the website with sucuri.



    There DDOS protection is just for fun or whatever.


    No, it is not like wordpress.
     
    humtuma, Feb 16, 2013 IP
  7. zacharooni

    zacharooni Well-Known Member

    Messages:
    346
    Likes Received:
    20
    Best Answers:
    4
    Trophy Points:
    120
    #7
    @humtuma,

    Poorly configured, yes. It is just for fun. CloudFlare would need to be configured properly in order to effectively protect your site. They can handle quite a bit of traffic though. What script does your website use?
     
    zacharooni, Feb 16, 2013 IP
  8. humtuma

    humtuma Notable Member

    Messages:
    1,222
    Likes Received:
    24
    Best Answers:
    3
    Trophy Points:
    200
    #8
    No, i have select the High security. They can control traffic but hacking they failed. I have ask this to cloudflare and they told ask your webhost.
     
    humtuma, Feb 17, 2013 IP
  9. shuttle

    shuttle Active Member

    Messages:
    429
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    58
    #9
    Have you any stats on the attacks? Protocols, pps, etc? With Layer7 attacks it's best to use a cloud service. My company has been with vistnet for over a year now and these guys seem to be able to deal with anything that gets thrown at them so far. True, more expensive, but then you don't really expect to get real protection for free, do you?
     
    shuttle, Feb 17, 2013 IP
  10. Irop Paze

    Irop Paze Active Member

    Messages:
    147
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    68
    #10
    So does anyone know what kind of "hack" it was? was it an intrusion, did they gain root, SQL injection, or did they exploit a vulnerability in a script? You can have all the boundary protection in the world, but if you have code with holes in it then you are an easy target.

    OP, explain the attack - i.e. how do you know it was an attack, if you are running windows/Linux, php, etc. and give your site so we can see if it has know vulnerable code.
     
    Irop Paze, Feb 17, 2013 IP
  11. Winagain

    Winagain Well-Known Member

    Messages:
    919
    Likes Received:
    33
    Best Answers:
    0
    Trophy Points:
    120
    #11
    Cloudflare can't prevent the hack itself. What it does is:
    1. block potential hackers by identifying them before they reach your site.
    2. showing a cached copy of your site when it is down.

    Also, you have to have your own backups, since your hosting provider may not have them updated.
     
    Winagain, Feb 17, 2013 IP
  12. humtuma

    humtuma Notable Member

    Messages:
    1,222
    Likes Received:
    24
    Best Answers:
    3
    Trophy Points:
    200
    #12
    I do not know more about hacking. According to my webhost , my hosting account get hacked and emails are sending through my email. My website get blacklisted and come in spamhaus. Below is my cloudflare message (unable to quote)...............

    Hello cloudflare.com Abuse Desk,
    This is an automated message from the Spamhaus Block List (SBL) database to advise you that the IP below has been added to sbl.spamhaus.org: IP/cidr: 108.162.198.96 Problem: spam redirectors at yourwebsite.com SBL Ref: SBL174400 The reason for listing the IP address(es) is explained at the url: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL174400 If you have already taken care of this problem and the spammer is no longer operating any domains/sites/servers in 108.162.198.96 you can send a removal request for record SBL174400 by emailing: <mailto:sbl-removals@spamhaus.org?subject=SBL174400_108.162.198.96_SR08> Note that your email must tell us how the spam problem has been terminated (we need to know exactly how the issue has been dealt with and that this spam problem is fully terminated) Please always include "SBL174400 SR08" in the Subject of any emails to sbl-removals@spamhaus.org regarding this listing. SBL System Robot The Spamhaus Project http://www.spamhaus.org ------------------------------------------------------------------------ You can review all current SBL listings concerning your network here: http://www.spamhaus.org/sbl/listings.lasso?isp=cloudflare.com ------------------------------------------------------------------------ You are receiving this notification because you are the designated abuse contact for your network. If you do not want to be alerted whenever IPs on your network are listed in the SBL, please advise us by contacting <mailto:sbl-autonotify@spamhaus.org?subject=STOP_Notify_cloudflare.com> ------------------------------------------------------------------------ ISP Abuse Desk Resources.....: http://www.spamhaus.org/isp Spamhaus Block List (SBL)....: http://www.spamhaus.org/sbl Exploits Block List (XBL)....: http://www.spamhaus.org/xbl Register Of Known Spammers...: http://www.spamhaus.org/rokso ------------------------------------------------------------------------ Please address this issue with your customer. Regards, CloudFlare Abuse
    Code (markup):
     
    Last edited: Feb 18, 2013
    humtuma, Feb 18, 2013 IP
  13. Irop Paze

    Irop Paze Active Member

    Messages:
    147
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    68
    #13
    Okay, that may not technically be a "hack". Someone is just using your SMTP connection to forward mail. Best thing to do right now is to check if your server is an open relay. here are some sites you can use.

    http://www.mailradar.com/openrelay/
    http://www.antispam-ufrj.pads.ufrj.br/
    http://www.checkor.com/

    These tools should shed light on the issue... if not then it could be the script or service you are using. Do you have to have mail enabled? What email server are you using i.e. sendmail, phpmail, hmailserver, etc.?
     
    Irop Paze, Feb 18, 2013 IP
    humtuma and browntwn like this.
  14. humtuma

    humtuma Notable Member

    Messages:
    1,222
    Likes Received:
    24
    Best Answers:
    3
    Trophy Points:
    200
    #14
    As i check, port is aborted. Than how it is open connection. And your other websites are not working.
     
    humtuma, Feb 18, 2013 IP
  15. Irop Paze

    Irop Paze Active Member

    Messages:
    147
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    68
    #15
    Since port 25 and the alternate 587 are closed, then it could be a script you are using on your site. I assume you have a PHP script - if so use phpinfo() (how to use it is here: http://php.net/manual/en/function.phpinfo.php) to see what type of mail software is installed. You will want to look for the sendmail function and disable_functions for more information.

    Do you have access to webmin or similar?

    You should be able to look into your logs and see what IP is connection and forwarding mail.
     
    Irop Paze, Feb 19, 2013 IP
  16. humtuma

    humtuma Notable Member

    Messages:
    1,222
    Likes Received:
    24
    Best Answers:
    3
    Trophy Points:
    200
    #16
    What you want to ask, please ellaborate.

    After hack. My account get suspend.

    How to see log, when i am not able to login at that time. I have already ask them for IP address but they didn't.
     
    humtuma, Feb 22, 2013 IP
  17. Irop Paze

    Irop Paze Active Member

    Messages:
    147
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    68
    #17
    @humtuma with your account suspended it is impossible to resolve the issue. You will have to get your account re-enabled and access to logs before your site can be protected.
     
    Irop Paze, Feb 23, 2013 IP
  18. Johnny Mnemonic

    Johnny Mnemonic Well-Known Member

    Messages:
    186
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    110
    #18
    I'm having issues with CloudFlare as well due to a matter of my very own. I've emailed CloudFlare to ask that they give up the host provider of Encyclopedia Dramatica in order to file an abuse complaint their way, so they emailed me "srsvps.com" as their host name. While that may indeed be their current host, I know that is run by the same people who run ED and therefore I've asked CloudFlare to tell me who hosts srsvps.com, as they too are hiding behind CloudFlare. I've had to write to CloudFlare so many times now telling them the same things over and over again as if I were a parrot, because they keep giving me crap about how they need a reason to give me the host name of srsvps.com, when I've just flipping gave them one, two, maybe even several logical reasons why I require the host name. The quicker I can get the host name of ED, the sooner I can have the necessary complaints sent off.

    They seem unwilling to help me on this matter. Maybe there will be nothing I nor anyone else with a quarrel can do. Plus, if ED really are in Romania after all, it will be harder to get the matter dealt with due to their barring of DMCA notifications and the like.

    CloudFlare better watch out, for they too could be breaking the law.
     
    Johnny Mnemonic, May 14, 2013 IP
  19. infinitnet

    infinitnet Member

    Messages:
    56
    Likes Received:
    7
    Best Answers:
    1
    Trophy Points:
    35
    #19
    CloudFlare will not protect you well from things like MySQL injections - it just blocks DDoS until a certain degree. I recommend to always keep your server and CMS updated and use mod_security with a current ASL (AtomiCorp) rulset.
     
    infinitnet, Jul 4, 2013 IP
  20. MonsteRNaruto

    MonsteRNaruto Member

    Messages:
    51
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    28
    #20
    Hi,
    Cloudflare is to boost your DNS/CDN and has some security features, You can connect to your servers real IP via direct.yourdomain.com, direct-connect.yourdomain.com, and all your mail servers details are out their meaning more then likely your servers IP, if your interested I can help you secure your website, pm me for details. Or I would suggest you A get a email server or email service so you dont use your own server, and setup cloudflare correctly to mask your real server ip and examine logs and your code.
     
    MonsteRNaruto, Aug 13, 2013 IP