Security Suite Documentation
The Sitesassure Security Suite is a PHP-based website security software which provides an all-in-one protection for websites, being able to secure you private data, protect your system files from malicious codes and hacking attacks, and cleans viruses and infected files. It combines the functions of our Anti-Hacker and Anti-Virus software which offers the maximal protection for all PHP based websites.
It's suitable for all kinds of websites that are written in PHP. This includes online stores, small business websites, personal websites, and public institutes, etc. It's easy to use and has a very friendly interface for you to customize for your own demands. The application is competent to perform an advanced protection for ALL PHP systems (for instance Joomla, VirtueMart, Magento, Drupal, PHPBB, Coppermine, and WordPress, etc).
Major technical features
1. A firewall system with double layers of protection
Our anti-hacking solution utilizes two layers to protect your PHP websites. Layer 1 is a signature-based detection system, where it detects the most common hacking behaviors through a surface scanning in the URL. Once a hacking behavior is found in the targetted URL that matches one of the hacking signature defined in the layer 1 rulesets, the activity and the corresponding IP will be banned immediately.
If the Surface scanning in Layer 1 does not detect anything, the system will start analyzing the User Agent and all request methods and values (e.g. COOKIES, POST values from any forms, GET values from the URL) through the Layer 2 detection system. Layer 2 is a pattern-based Instruction Detection Systems, where it scans all request variables against a set of hacking patterns. If it finds a matching pattern, a counter will start accumulating the risk score until the scanning is completed. The attack will be banned or sanitized if the total risk score exceed the pre-configured risk threshold.
2. File upload scanning, a must have for anti-hacking solutions
Hackers usually utilize the file upload vulnerabilities to upload malicious codes, as an anti-hacking solution, file upload scanning is a must-have. With our Security Suite, all files uploaded will be examined for two things:
a) Does the file extension match the real extension of the file?
b) Is the file a malicious file?
With the Security Suite, all uploaded files will be scanned with our Anti-Virus. If your server has installed ClamAV (an open source anti virus software) and the socket access is open to your website, those uploaded files will be scanned by ClamAV as well to ensure no malicious codes are embeded in the files.
Apart from the above, the Security Suite also provides a malicious file type detection function. This checks whether the type of files uploaded by the user is consistent with the real type of the file. If the file is found to be a faked file, e.g. a shell code which pretends to be an image, the system will block the action and the user's IP immediately.
The system has an anti-flooding function which stops users from too frequent visits to your server by throwing a 503 Error page or block the user's IP. Flooding is one of the main method used by hackers to stop the service of your http and mysql servers so anti-flodding is including in the security suite.
4. Three modes of scanning and blocking reaction
There are three modes of scanning and blocking reactions, each of which can help you reduce hacking attempts while maintaining your SEO ranking:
- 'Ban IP and show ban page to stop an attack' with the custom SEO ban page: this mode blocks IP immediately when a hacking attempt is found.
- 'Show a 403 error page and stop the attack': this mode stops the hacking by throwing a 403 error page
- 'Silently filter hacking values': this mode removes the hacking attempts from all hacked variables silently while allowing the attacker's IP active until it reaches the maximum allowed attempts. Once it reaches the maximum attempts, the attacker's IP will be blocked permently.
5. Detailed reporting and blocking reactions
Whenever a hacking attempt is found, the Security Suite will create a detailed report explaining what rules the hacking is violating and the attacking value being found. Meanwhile, an alert email will be sent out immediately to keep the adminsitrators informed. There are two actions the anti-hacker will take to these hacking alerts:
- Block the IP and send email alerts: If the hacking triggers any rules in layer 1 and layer 2 protection, and the total risk score exceeds the pre-configured risk threshold, the IP will be blocked and the alert email will be sent to inform the administrators.
- Monitor the IP and send email alerts: If the total risk score of the suspicious behaviour is lower than the pre-configured risk threshold, the IP will be logged for monitoring purpose. Though this is logged as monitored, it is important to inform the administrators as well so alert emails will also be sent to the administrators in this case.
6. Embeded Virus Scanning function
The embedded Virus Scanner application provides an on-demand scanning of your source codes for malicious codes injections, cleaning of the malicious codes from the infected files, and generating complete scanning reports.
7. 300+ signatures and 70+ security patterns
Our suite has more than 300 signatures for Layer 1 rulesets and more than 70 patterns for Layer 2 rulesets. The rule sets will be updated regularly in order to effectively block hacking attempts.
8. ClamAV Anti-Virus integration
Since version 4, if you have a dedicated server or VPS, or your server has installed ClamAV and open the socket access to your website account (please consult your hosting company), you can turn on the ClamAV integration. With this function turned on, the capability of the virus detection during the on-demand files scanning and uploaded file scanning will be enhanced.
9. Flexible configuration
Not all security rules will apply to your web application, to allow more flexibilities in protecting your web application, OSE Security Suite has built a user-friendly configuration panel to turn on and off different security rules. Also, if false alerts are reported, different signatures and patterns can be set to ignored to avoid future false alerts.
10. Search Engine Friendy
Our suite provides the option for users to turn on or off the scanning of Search Engine bots. While ignoring the hacking scanning of Search engine bots avoids blocking search engine bots falsely, the risk of the hackers who intend to hack a website by spoofing as a search engine bot will increase. The Security has thought about this carefully and develop a method to allow search engine bots to scan your websites while monitoring it closely in case it is a real attack and take actions correspondingly.