Greendays Group WatchDog works hard to protect your site from attacks by unauthorized visitors.  While no system is impenetrable, we pro-actively work on your behalf to do as much as we can to protect your site from malicious behavior and hacking attempts.  The Greendays Group WatchDog works behind the scenes in a transparent manner -meaning there is little to no noticeable impact on page serving speeds.

System Management

The best practice for preventing attacks is to have a managed system where security patches are applied on a regular basis and core platform systems are updated regularly.  Part of our Managed Hosting Solution includes keeping these core files up-to-date without you needing to lift a finger.

Data Center Security

All data centers utilized by Greendays Group are required to pass SAS70 audits.  A service auditor’s examination performed in accordance with SAS No. 70 (“SAS 70 Audit”) is widely recognized because it represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes.  All Email services are co-located with DataPipe.  All other services are co-located with Switch.

Firewall

We use dual redundant Juniper ISG 2000 firewalls.  We block all inbound traffic except http and https requests by default.  We offer protection against ICMP, SYN, and UDP flood attacks and basic DOS packet floods.

Hacking

Most hackers try to break into sites for nothing more than bragging rights.  Others seek to do real economic damage.  We have identified the major types of hacking attempts and have worked to protect our system as much as possible from such attacks.

1. Directory Traversal¹ -a hacker’s attempt to expose proprietary information.
2. SQL Injection¹ -These attacks seek to obtain or modify information from databases in a way that the hosting environment doesn’t expect.
3. Executable File Upload¹ -These seek to upload executable files that will then allow an attacker to take control of your site.
4. Field Truncation¹ -An attempt to use whitespace characters to pass information that would otherwise not be permitted.
5. Brute Force Password Attacks -Hacker’s use automated systems to try and guess passwords.  We suppress the error messages such systems rely upon thus complicating the password guessing process.  We also lockdown access to the login screen from IP addresses that have had too many failed login attempts in a row.  Our system administrators can unblock logins from a restricted IP address with permission from an authorized user.
6. System Vulnerability Attacks -Hackers share the system vulnerabilities they find with other hackers.  As a result, hackers use scanners to seek out identical systems deployed using the same technology in an effort to apply the same hacking techniques across multiple deployed sites that may have identical vulnerabilities.  We mask the majority of details about our system and even include some false information as well.  This helps to confuse these automated systems.
7. Design Vulnerability Attacks -Hackers often find ways to break sites by attacking the site’s core design files.  We employ a number of security measures to deny access to these files.  However, we also use an active scanning system that monitors for any potential corruption and alerts our staff immediately if anything suspicious has been detected.

¹ NOTE:  System administrators are immediately notified if suspicious activity is detected and geolocation information is recorded for verification if suspicious activity is not from an expected IP address.

Encryption

We enforce an https connection using SSL 3.0 /TLS 1.0 while working within our administration systems.  One cannot access any edit controls without utilizing the latest, most secure https connection.  Some browsers may report the connection is not fully encrypted.  This has to do with how certain graphic elements are displayed, but rest assured, the important content (anything you type) is sent via encryption.

Databases

To enhance performance and maximize flexibility, our system uses a number of databases instead of serving pure HTML pages.  We actively monitor database security and use techniques to protect that component from intrusion.

Traffic Blocking

World-wide, just 9 countries represent roughly 40% to 50% of all “bad behavior” on the Internet -everything from comment spam through to Email address spam scrapers.  We actively block *all* traffic from these “top 9″ countries which include Brazil, China, France, Germany, India, Russia, Turkey, Ukraine, and Vietnam.  (Technically, the U.S. is the source of a huge portion of all bad traffic, but we cannot directly block that traffic since we serve a predominantly North American customer base.)

In addition to overtly blocking traffic from certain countries, we actively participate in a special project that helps to block additional IP addresses associated with malicious behavior.  To date there are over 45,000,000 trap addresses participating in this project that monitor for bad behavior:

• We protect against spam harvesters -so far about 79,369 have been identified.  A harvester is a computer program that surfs the internet looking for email addresses. Harvesting email addresses from the Internet is the primary way spammers build their lists. Harvesters must connect to the Internet through an IP address.
• We protect against Dictionary Attackers -so far about 9,967,011 have been identified.  In addition to harvesting, spammers also use a technique known as a dictionary attack in order to find new email addresses. A dictionary attack involves making up a number of email addresses, sending mail to them, and seeing what is delivered. Dictionary attackers typically send to common usernames.
• We protect against known Comment Spammers -so far about 302,852 have been identified.  Comment spammers do not send email spam. Instead, comment spammers post to blogs and forums. These posts typically include links to sites being promoted by the comment spammer. The purpose of these links is both to drive traffic from humans clicking on the links, as well as to increase search engine rankings which are sometimes based on the number of links to a page.
• We also protect against “Bad Search Engines” that actually have malicious intentions -about 303,000 have been identified.  In addition to denying access to malicious search engines, we also utilize an aggressive set of robots rules that help to filter out questionable search activities performed by lesser known search engines which seem to be associated with content scraping, etc.

IP Banning

While we offer a system that is highly secure, we also give our customers the ability to ban specific IP addresses from visiting their sites.  Clients may ban users by IP, IP Range, host name, user agent and referer url from visiting their site.  This allows each site owner additional security flexibility.

Users

• Administration:  We provide several standard classes of users -from Administrators to Authors to Subscribers -and a few extra in-between.  This affords our customers significant flexibility in controlling who has access to what within your site’s infrastructure.  In addition, if our standard settings aren’t appropriate for your circumstances -the security settings can be defined even more tightly for each user class.
• Passwords:  We enforce a password policy requiring passwords to be of a minimum size.  In addition, our system analyzes passwords at the moment of creation and provides you with a report on the password’s strength.

Captcha

We utilize captcha to help further prevent comment and form spam.