cPGuard’s Latest Features: Enhanced Protection Against DoS Attacks and AI Bot Crawling

cPGuard’s Latest Features: Enhanced Protection Against DoS Attacks and AI Bot Crawling

New Features in cPGuard

In the ever-evolving world of web security, staying ahead of cyber threats is critical. cPGuard, a robust security solution, has introduced new features to its IPDB (IP Database) module, designed to block denial-of-service (DoS) attacks and prevent unwanted crawling by AI bots. These upgrades not only enhance the security of web services but also address some of the most pressing issues faced by website owners today.

1. DoS Mitigation for Web Services

A Denial-of-Service (DoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. The goal is to make the website or service unavailable to legitimate users by exhausting the resources of the targeted system.

Traditionally, DoS attacks come from a single IP address that bombards a server with an overwhelming number of requests. To combat this, the new feature in cPGuard monitors traffic patterns and can detect when a single IP address begins sending an unusual volume of requests in a short period of time. When this occurs, the system triggers an alert and temporarily blocks the offending IP. This strategy allows the system to recover quickly from the attack without affecting the service for legitimate users. 

One of the key benefits of this system is its reliance on centrally trained data to avoid mistakenly blocking legitimate traffic from proxies, CDNs, or major search engines. This ensures the DoS mitigation tool works effectively without disrupting vital services.

A customer recently shared feedback highlighting the success of this feature, explaining how it helped their server recover from a persistent DoS attack.

The blocking is working, I see blocking due to DoS in the LOG. The server no longer suffers from instability. Your Dos system is working perfectly. This protection that you implemented deserves to be highlighted and publicized. I have already tested Bitninja, CPFence, but only cPGuard with this new protection is able to efficiently block these Dos attacks.

2. Blocking AI Bots from Crawling Websites

AI bots, while useful in some contexts, can become a nuisance when they aggressively scrape data from websites. These bots are used by various AI-powered tools and search engines to collect data, but their activity can cause a number of problems, including excessive resource usage and potential security risks. Some bots may even gather information about vulnerabilities on your site or scrape valuable content.

Depending on the type of website you operate, you may want to prevent these bots from accessing your site. With the latest cPGuard update, users have two main ways to block unwanted AI bots:

Using Web Application Firewall (WAF): Users can enable “Crawler Rules” within the WAF settings. This will block many well-known AI bots as well as rogue user agents. cPGuard constantly updates its list of bots based on new reports, ensuring comprehensive protection against these automated crawlers.

 

Using IPDB: The IPDB feature allows users to block AI bot IPs more effectively. cPGuard monitors bot traffic and maintains a dynamic list of over 40,000 IP addresses associated with AI bots. This list is regularly updated to keep up with new threats, giving users peace of mind that their websites are protected from unwanted scraping.

Use the following command to enable
 cpgcli ipdb --block-ai-bots enable

Looking Ahead: cPGuard’s Future Enhancements

Our team is dedicated to continuously improving the software based on customer feedback and technological advancements. In 2024, We plan to introduce an in-house AI engine to power our malware scanner, along with a database scanning feature specifically tailored for WordPress websites. This upcoming release is expected to provide even more value to users, maintaining cPGuard’s focus on offering effective solutions without over-promising features like “0% false positives” or full DDoS protection.

The primary goal of cPGuard is to offer real, actionable security features at an affordable price, ensuring that customers get exactly what they need to protect their websites without unnecessary extras.

With these new features, cPGuard strives to be the go-to solution for website and server owners, minimizing server admin time by offering simple, effective answers to all common web security needs. From blocking unwanted bots to mitigating DoS attacks, cPGuard’s latest update provides an efficient, comprehensive layer of protection, making web security easier to manage for everyone.

WordPress Security – Secure WordPress sites in cPanel/Plesk/DirectAdmin or any web server using cPGuard

WordPress Security – Secure WordPress sites in cPanel/Plesk/DirectAdmin or any web server using cPGuard

WordPress is a well-known Content Management System ( CMS ) that is powering millions of websites around the world. Along with its popularity to build and manage websites, it is also the hot target of various types of attacks. A WordPress website hosted on a server will face attacks from time to time and it is essential to set up a secure environment for the website to avoid a security compromise.

 What are the major threats to a  WordPress website?

Following are some of the major threats/attacks a WordPress website can face generally. The type of attack is not just limited to these but can be more in number in certain cases.

  1. Brute force attacks
  2. Attacks to scan WordPress core vulnerabilities and attempts to exploit them
  3. SQL Injection Attacks
  4. Attacks to exploit known plugin and theme vulnerabilities
  5. Malware uploads
  6. etc

Again, the attack types are not just limited to the above and you may experience more type of attacks based on scenarios ( other common web attacks like DDoS is excluded in this article ).

How to secure WordPress sites from these types of attacks?

Due to the popularity of WordPress and the increased number of security incidents, there are so many options provided for website owners to secure their websites. These include

  1. Keep the WordPress core, plugins, and themes up to date
  2. Install a security plugin on the website
  3. Take general WordPress site hardening measures
  4. Enable proper website integrity checks and monitoring
  5. etc

Each of the above options is expensive in terms of the paid plugins/themes that you choose and the man-hours to set up the site. Also, this is possible only when you have complete control over the WordPress websites on your server.

What are the challenges a host can face on a shared server with multiple WordPress sites?

On a shared server, there is a high probability to have a good percentage of WordPress websites owned by multiple clients. Since the websites are created and managed by different people, the standards that are taken to ensure website security must be different.  The installed WordPress version may be old, but installed plugins and themes can be different…in many cases, the sites may contain outdated/unused components with vulnerabilities. In some cases, the website may leave without any security settings and such sites can be a big threat for other websites on the server as well if there is no account isolation enabled.

How cPGuard can help to secure WordPress websites?

cPGuard as a web security suite can help the hosting providers to enforce security to all websites on the server with minimal or no manual effort. Once you install and configure cPGuard on your server, it can detect all websites and enable security for them. The beauty of cPGuard is the minimal effort and the expense to secure websites owned by multiple clients and with multiple components with different versions. Give below are some of the major modules that can protect WordPress sites on your web hosting server.

  1. Powerful scanner engine:- The cPGuard scanner engine can do both automated, scheduled ( daily/weekly ), and on-demand scans against the website files. This ensures that your  files are constantly monitored for malware
  2. Infection cleanup:- If the scanner engine detects viruses on your WordPress site, the cPGuard cleanup function can clean them up. We also restore the infected WordPress core files from the original copy and thus ensure the website integrity
  3. WordPress Core Checksum match:- This will check the core checksum of each website and restore the core files from the original source if there is a mismatch. This can remove the hidden malware in core files
  4. Web Application Firewall:- The cPGuard WAF powered by Malware Expert Commercial ModSec rules is very powerful to stop most generic and specific web attacks. The WAF has explicit rules for WordPress security and keeps updated for the latest vulnerabilities reported
  5. Captcha protection:- This is the unique method that we have to stop brute-force attacks against websites on your server. This can largely help to stop bots and thus reduce server load.
  6. Automated notifications to the customers:- cPGuard allows you to send automated email notifications to your customers about the outdated WordPress, plugins, themes, and other potentially vulnerable files they have on their websites. This will make the customer aware of the possible vulnerabilities contained in their websites and can patch them proactively. This will increase total server security as well. You also have the option to customize this email notification content to brand it

The additional protection to your websites is not just limited to the above but the other modules like IPDB distributed firewall, Process monitoring, CMS threats overview, etc can give additional protection to the websites. Also, the feature-rich App Portal UI can give you an overview of the threats that your server is facing…the App Portal enables centralized management for all your servers as well.

How can you try cPGuard?

The installation and configuration are pretty straightforward. You have the option to test cPGuard for 30 days without any cost…you can order the 30 days TRIAL from our cart.  After the trial you can purchase a paid license to continue using cPGuard and cPGuard is the cost-effective solution to protect your websites and it can reduce your license costs by up to 70%.

WordPress core checksum verification and check suspicious cPanel user activity in cPGuard version 4.58

WordPress core checksum verification and check suspicious cPanel user activity in cPGuard version 4.58

We have released cPGuard version 4.58 recently with 2 major features added. We believe the latest features will be helpful for our customers to automatically manage abusive attempts to compromise an account/website and send alerts to the end user and the server administrator. The  2 new features are explained below.

Suspicious User Activity Tracking for cPanel

We have been noticing so many suspicious activities reported, especially on cPanel servers where the hackers could authenticate using valid credentials and do malicious activities on the account. By gaining access to the compromised accounts, the hackers usually upload virus files, backdoors, phishing contents, or completely wipe the website files. The actions are not limited to these but they can do anything they wish to do on the account. This is a widespread compromise and there are thousands of cPanel accounts compromised mostly happened mostly collected through the compromised user’s system and spam campaigns. It is possible that such credentials are being sold on the web for money. In such cases, the only and first fix is to reset the user account password and possibly enable 2FA.

By watching the activities and repeated incidents across some of our customer’s servers, we have added a new option to monitor the user activities after a virus incident is reported under a user. Please note that this new option will not help if the hacker wipes all files, but if they upload bad files and cPGuard can find them, the new logic will trigger. You can enable the new option from cPGuard >> Settings >> Additional Settings. Please note that, this will option will disable all new logins and you need to force reset the user password to restore the login access. Everything else like the websites, emails, etc will work fine.

WordPress file checksum verification and restoration 

It is another major issue we have been noticing where some random WordPress core files get bad code injection and thus cause a website malfunction. Many times such injections install malware, a backdoor, or a malicious redirect. Many times the injected code can repeatedly replace the index.php or the .htaccess file with malicious content and that actually disables the actual use of the reported file cleanup. We have been noticing that the injected code patterns are different in many cases and it is very difficult to identify such malware initially.

So we have started developing this feature using which you can ensure that the core WordPress files are clean always. We use the wp-cli tool to check the file hash and replace the files which do not match the original source. It is an automated process and we will send an email alert if any such incidents happen. You can control this option from Settings >> Additional Settings.

cPGuard now supports Ubuntu 22.04 LTS

cPGuard now supports Ubuntu 22.04 LTS

You can install cPGuard on various operating systems with or without control panels. We are happy to announce that we have added Ubuntu 22.04LTS to the supported Operating Systems list. So now you can install cPGuard on Ubuntu 22.04 with or without control panels. We are one of the first companies that offer the web hosting security suite for your websites offering support for Ubunutu 22.04.

Now you can install cPGuard on the following Operating Systems.

  • CentOS 7/Stream 8
  • RHEL 7/8
  • CloudLinux version 7/8
  • AlmaLinux 8
  • RockyLinux 8
  • Debian 10/11
  • Ubuntu 18.04/20.04/22.04 LTS
WordPress Core Files Cleanup with cPGuard

WordPress Core Files Cleanup with cPGuard

The file cleanup engine is an important part of the scanner module and that helps to automate removing file injections/infections without any manual effort. The importance of such cleanup is when any core file required for the website is infected and quarantined, and that can lead to website downtime.  This is one of the major problems that we were facing especially with WordPress websites.

So we have been checking for additional options to handle such cases and how to fix such issues using our cleanup engine. Conventionally we clean files based on the patterns and virus type, which seems to be not very effective because the hackers keep changing the pattern of the infection

Up on receiving multiple website down complaints after a virus scan and identifying most are WordPress websites, we have started looking for an option to handle such issues. We have finally come up with the file replace option from the original core file which is very effective based on our testing. So it works as the following

  • cPGuard Scanner engine detects an infected file
  • The file will then pass to the cleanup engine and it will identify the framework
  • If it detects WordPress, it will check whether the affected file is a WordPress core file
  • When it verifies a WordPress core is infected, it will detect the WordPress version
  • Then it will replace the affected file from the copy of the original file in the specific version
  • Finally, it verifies the restore after checking the file checksum

 It will also keep a copy of the infected file in the quarantine folder if you wish to check the injection later.

We have been testing this workflow and released it with version 4.37 today as it was found to be very effective to recover WordPress websites from the core file injections.

We hope this will give additional benefit to our customers to run their WordPress websites safely and with less downtime. If yuo need any additional information regarding this feature, please feel free to contact our support team.