Some Security

Hi all,My website is constantly attacked by spammers and I have very few user management softwares. Can anyone advise me which measures should I take and which settings should I use? Thanks beforehand

 

What software are you running ?

If it's WordPress, the akismet plugin is quite popular for detecting spam. There are other plugins that can add a Captcha or require a user to login however I wouldn't suggest those as some users simply won't bother.

If your software is custom made, you will have to custom make your spam filtering software as well. I have written a very simple test on my blog comment form that tests to see if a user is running JavaScript. This method has it's flaws in theory but in practice it has been 100% successful.

 

Ok thans maybe some links?

 

http://www.google.com/ ?

But seriously:
http://codex.wordpress.org/Combating_Comment_Spam
http://akismet.com/download/
http://www.ioerror.us/software/bad-behavior/
http://unknowngenius.com/blog/wordpress/spam-karma

Apparently, Captchas are getting less and less effective and they still piss off your users just as much but if you want to try one out, try ReCaptcha. It has the added advantage of helping to digitise books at the same time as proving that your users are human.

 

What kind of software is suffering from the spamming attack?

 

actually
you are a real FUNNY guy
your site is about site security
and how in heaven or hell do you expect even a single person on this planet to trust your site/services or SW if your very own site is insecure and hacked all the time ???

do a full nessus scan on your site - yourself!
then look at the details and get it all tight

also test your mail server and DNS ( see other current threads on those topics )

 

Really funny,123-protect was not hacked i need some sort of security for other site

 

You haven't answered questions. What scripts are you running, which form is being used for the spam and what do you have in place currently - e.g. any CAPTCHAs?

 

ActionScript 2.0

 

Huh? I think you misunderstood. How about a link to the site with the problem? Preferably a specific page.

 

but still VERY FUNNY !!! !!!
" ... My website is constantly attacked by spammers ... "

why not start with full security scan ( nessus ) or so on your server IF server yours
then see the warnings you get and clean up all

 

The site is down i need some kind of software to prevent my next site down, it was hacked not only spam

Believe me this is not funny,i'll do this before its not helping

 

1.
normally u need no SW to prevent this from happening again
but
you may need to investigate to find exact method of hacking - THEN u need to secure that existing SW allowing hackers to penetrate site,
hence you may need to do EXACTLY as i pubslihed days ago in :

http://forums.digitalpoint.com/showthread.php?t=547049

still funny !! because it happens to almost all
and those who say "not to me" they simply never searched for traces left from previous hacks.

how many sites are hacked these past months ? a very rough guess = millions.
last night a site of a bank in ro ...

so to avoid being hacked
you as much as all others simply need to LEARN the SW you have installed and need to learn to fully configure your entire server securely

after that only you may install monitoring tools to protect
like
snort
nessus
fail2ban
etc

before setting up such SW - FIRST secure every aspect of your site. from apache config to PHP config etc ALL
including DISABLE password login and go strict with serverkey-login
disable any kind of upload of ANY file
for now
do as in above other thread - take time - all time it takes you UNTIL you found 100% evidence of entry of hackers !
get all the log files
then use your system tools on your hopefully Linux box to do all the forensics work

 

If bank site was hacked than what say about small sites?

 

it was no serious bank - one of this modern fast/easy money banks

they all the same like private sites
all want to earn fast easy money
no one nowadays loves to work to earn his money in a totally clean way
it took me decades to learn what i do now
i started high tech electronics/communication some 40yrs ago, junior IT coder some 35yrs ago, own desktop some 22yrs ago and site 10+ yrs ago
and still spending every single yr 500-1000hr in learning site security etc ... and still being challenged every day or week and still having many dozens of sleepless nights to AVOID above problems and to monitor my server ( i run 2 laptops side by side almost continuously for full server remote monitoring and control
and i have ONE single site on my own server under my own full control - while most younger ones love to have many sites on shared / cheapest hosting totally OUT of their own control and even worst .. many such site owners belief that for the few $ a months they pay to hosting, the host will control THEIR site and their misconfigured site-SW ... and all that for 5 or so $/m ...

ALL with zero exception - of those small sites are working/living/publishing FAR beyond their own limits of full understanding !!
hence all this hacker stuff is a solid lesson for all who want to make an easy living within a few months or years ...
and possible spend the other few yrs behind bars for gross negligence and accommodating hackers / risking / damaging other ppls stuff, etc

we ALL started SMALL and some grew slowly but safely over many years - steadily step by step as much as they grow inside they let the site grow,
others however want to be big at once - want to have a fully feautured site within a few months or even weeks, without the strength/time/knowledge and sense of responsibility to first learn then do what they want to do

 

If all that does not help, have someone take a look at your server and coding.. www dot stealth-iss dot com might help

 

I agree with you,but without money its all nothing

 

How to protect Dos attack? without site crush at least 2 hours

 

Depending on the size of the DDoS, you can mitigate it with a software firewall. If it's a large DDoS, you'll either need to purchase or find a host that has upstream firewall control that can help with this, or just nullroute the IP address and ride it out.

 

Well i find all security i need