1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Which website security do you use? Sucuri or other

Discussion in 'BlackHat Lounge' started by ladyboyboom69, Jun 27, 2017.

  1. ladyboyboom69

    ladyboyboom69 Regular Member

    Joined:
    Feb 15, 2016
    Messages:
    309
    Likes Received:
    104
    Occupation:
    Tony Stark
    Location:
    Your closet
    Whats up ya'll, Im in the market for some website security. Which do you recommend? Similar services to Sucuri but possibly cheaper. Any suggestions?
     
  2. Vapys

    Vapys Regular Member

    Joined:
    Aug 17, 2016
    Messages:
    433
    Likes Received:
    226
    Wordfence.
     
    • Thanks Thanks x 1
  3. Count Dracula

    Count Dracula BANNED BANNED

    Joined:
    May 9, 2017
    Messages:
    96
    Likes Received:
    49
    Gender:
    Male
    Stop the hacker dot com
     
  4. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    626
    Likes Received:
    588
    edit: misread post. deleted previous writing.

    Wordfence is a good option. Combine it with a decent htaccess.
     
  5. TiagoS

    TiagoS Jr. VIP Jr. VIP

    Joined:
    Jul 5, 2014
    Messages:
    350
    Likes Received:
    178
    You can use cloudflare. With their 20/mo plan you get their WAF (which is pretty good and with lots of custom and preset rules such as for Wordpress, Drupal, general , etc.) , basic ddos protection and the cdn features. I'm using it and it works very well. Many big websites use them.
     
  6. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    626
    Likes Received:
    588
    Your cheapest security would be with the following code added into your htaccess

    Code:
    #####################################################
    
    # Script: htaccess Security                                                                   #
    
    # Version: 1.0                                                                                     #
    
    #  ### Changelog ###                                                                        #
    
    # v1.0 - 2012-02-14                                                                            #
    
    #####################################################
    
    # No web server version and indexes
    
    ServerSignature Off
    
    Options -Indexes
    
    
    # Enable rewrite engine
    
    RewriteEngine On
    
    
    # Block suspicious request methods
    
    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
    
    RewriteRule ^(.*)$ - [F,L]
    
    
    # Block WP timthumb hack
    
    RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    
    RewriteRule . - [S=1]
    
    
    # Block suspicious user agents and requests
    
    RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
    
    RewriteCond %{HTTP_USER_AGENT} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    
    RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
    
    RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
    
    RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
    
    RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
    
    RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
    
    RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
    
    
    # Block MySQL injections, RFI, base64, etc.
    
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
    
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
    
    RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
    
    RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
    
    RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
    
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    
    RewriteCond %{QUERY_STRING} http\: [NC,OR]
    
    RewriteCond %{QUERY_STRING} https\: [NC,OR]
    
    RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
    
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    
    RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
    
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    
    RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
    
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    
    RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
    
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
    
    RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
    
    RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]
    
    RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
    
    RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
    
    RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
    
    RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
    
    RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
    
    RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
    
    RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
    
    RewriteRule ^(.*)$ - [F,L]
    
    
    # Deny browser access to config files
    
    
    Order allow,deny
    
    Deny from all
    
    #Allow from 1.2.3.4
    
    #  It should work fine with most PHP scripts and has been tested with WordPress and Joomla!. If you want to run your  install.php or directly #access a config file with your browser, remove the hash symbol at the end of the file  before "Allow from 1.2.3.4" and replace "1.2.3.4" with your # external IP. .htaccess files will only work with #Apache #and LiteSpeed.