Snap! Websites
Work in progress
Snap! C++
Work in progress
Snap! C++
Submitted by Alexis Wilke on Sun, 01/30/2011 - 13:48
|
Last Thursday, SourceForge.net was attacked again2.
You would think that they would be safe from such attacks since SourceForge.net offers a free service for users to offer their free (open source) software online. Yes! That's where you download many of the free tools you are using everyday. For instance, if you have an archaic type of a website, you probably need to FTP3 your data to your account. On Microsoft Windows,Mac OS/X, and Linux, this can be done with FileZilla. Although they have their own website, the download comes from SourceForge.net4.
Security is one of the area where our base CMS system is very strong at and we also ensure that our own Snap! code is secure. This starts with your password, but it includes very much more than just that. This being said, we are not looking for hackers to visit us. Well... it's not like that doesn't happen, but so far so good.
For each service offered on your server, you want to have at least one, most certainly several levels of protection. First, any server on the Internet must have a firewall to survive. Our server blocks several thousand connections a day using just the firewall. Also you can have tools that dynamically add IP addresses you do not want to server to your firewall. This saves you a lot of processing time and a lot of bandwidth too! Actually, large companies use several layers and at times even several different levels of protection depending on the department (i.e. Finance's got to be much more secure than the sales guy computer than the clerk's computer.)
To give you an idea, on our servers we stop about 2,500 low level hits with our firewall. That's about 75,000 a month or 1 million a year.
For websites, the second protection is a website firewall, often referenced as a smart firewall. This one knows of the website protocol called HTTP and it checks the requests before forwarding them to your actual website for processing. This is generally not useful if you don't have a dynamic website (i.e. if all your files and HTML files, then it is not necessary.) This type of system blocks attacks on your website by detecting when a hacker tries to access a file that you know does not exist or a public user does not have access to it. This system can also send that IP address of the hacker to your firewall!
On this one, we block some 1,300 hits a day. That's about 39,000 hits a month or half a million a year. We have less in part because the firewall trims many hits in the first place.
Similar processes are available for emails, domain names, VPN, and any other service you might think of.
So... How do we know that your Snap! Website is secure?
Well, first of all we run all of those protection systems on our server. But not only that, we also have backups. Since we can never be 100% certain that nothing will happen, we keep a full copy of all your data in a safe place. If something does happen and we have to reinstall everything, we'll have your site back online as it was within 1 day of the attack.
This is how important your Snap! Website is to us.