4

Hardening of the security measures and Cloudflare

Today I have been doing, as usual, a lot of different tasks. One of them have been to harden the security of the server a little bit – which included adding some rules for the firewall and disabling SSH (except for connections originating from my IP): I did of course disable regular password authentication. I use keys for SSH access.

Today I have been doing, as usual, a lot of different tasks. One of them have been to harden the security of the server a little bit – which included adding some rules for the firewall and disabling SSH (except for connections originating from my IP): I did of course disable regular password authentication. I use keys for SSH access.

Apart from that and some other minor changes I’ve also routed all traffic through Cloudflare (pro-plan) which includes features such as these:

  1. Web application firewall (WAF)
  2. With no hardware to install, you can stop real-time attacks like SQL injection, cross-site scripting and comment spam with CloudFlare’s cloud-based web application firewall, which stops the malicious attack before it can cause damage to your website.
  3. Collaborative security
  4. CloudFlare uses the collective intelligence of its community to get smarter. CloudFlare’s network learns from every new attack and then shares that information with the rest of the CloudFlare community. What this means is that since CloudFlare continually learns, every site, regardless of size, makes the system smarter.
  5. Browser integrity
  6. Automatically performs a browser integrity check for all requests to your website by evaluating the HTTP headers for threat signatures. If a threat signature is found, the request will be denied.
  7. Visitor reputation
  8. CloudFlare uses threat data from a variety of sources to build a reputation for every visitor online. You set the desired security setting for your site and then CloudFlare’s network stops the threats before it reaches your website. Reputation-based security provides a first line of defense for your website.
  9. Block list / trust list
  10. In addition to CloudFlare’s automatic detection, you can easily add an IP address, IP ranges or entire countries to your Trust and Block list.
  11. Saved bandwidth and server resources
  12. By stopping threats before they get to your website you save bandwidth and resources. Your server is also freed up to serve your legitimate traffic optimally.
  13. Protect SSH / Telnet / FTP ports
  14. Add a layer of protection to ports like SSH, FTP and Telnet by disabling them for your root domain. Continue to access them from a subdomain of your choosing.

Amongst others! It’s a really nice service which I’ve been using on other web pages I have – and now it’s also online for k0nsl.org!

Oh, and something totally unrelated (yeah I’m notorious for this):

The Criminalization Of “Holocaust” Doubt (k0nsl)

It’s a short movie I made, check it out and leave a comment if you liked it. You can also share the video with others who might appreciate it!

That’s all for now.

-k0nsl

k0nsl

k0nsl

k0nsl is a programmer, server administrator, designer, moderator, spokesman and factotum of a wide-variety of web pages. You can reach k0nsl via e-mail — i.am@k0nsl.org.

4 Comments

  1. This is really fascinating, You’re a very skilled blogger. I’ve joined your feed and look forward to looking for more interesting posts. Also, I have shared your site in my social networks!

  2. Tremendous issues here. I’m very glad to see your post. Will you kindly drop me a e-mail?

  3. Wonderful .. I’ll bookmark your web site, I’m happy to find a lot of helpful information here.

Leave a Reply

Your email address will not be published. Required fields are marked *