INFORMATION, TIPS AND NEWS ABOUT WEBSITE security
June 28, 2018 07:06 am
Author: Agnes Talalaev
WebARX is a cybersecurity company, founded in 2015 with an idea to make the web a safer place for website owners. Since 2015 the idea to make a web application firewall has been developed into something bigger and we can finally say, that WebARX is ready to take off.
We have already made the every-day work much easier for a lot of freelancers and web agencies. The website firewall, uptime monitoring, security scans and alerts from our cloud-based dashboard reduces a lot of maintenance time (security alerts, uptime monitoring etc.) and saves money (No need to spend money on malware clean-ups or to restore the SEO rankings after the site gets blacklisted).
In this article, we will explain how our product has changed in time and what kind of features does WebARX have today.
This is the main view of our old portal where you could see how many sites have been added, how many security scans were completed, and how many attacks it has blocked so far. Also, it gives an overview of how many websites were running on vulnerable software (CMS, plugins, themes etc.).
Today it looks like a new product. Additionally to the website firewall, we included uptime monitoring by default. We have updated the website firewall with OWASP 2017 guidelines and included a lot of threat intelligence to the firewall engine which comes from analyzing around 3000 hacked websites per day. WebARX website firewall effectively blocks hacking attempts, stops brute-force attacks and even malicious traffic (bots).
What is a web application firewall? – Read more here.
To start protecting and monitoring your website, just click on the button + Add new websites. Sites can be added separately or by a bulk add.
Setting up the website firewall has been made extremely easy in the new portal. There is a simple on-off button that will prompt a tutorial about how to install the website firewall on your site. After connecting your website with WebARX, you can get the full security overview of your site on the portal.
Every website that has been added to the WebARX Portal has its own view, which will show you uptime/downtime and response time on the right side. On the left side you can see how many attacks have been blocked (you can also see weekly reports, by clicking the vertical lines next to the number of attacks blocked.) Under the site name, you can see a green dot, which indicates if the site is up or not (if your site is down the dot will be red).
If you have more than one website, you can easily search for sites by using the search option on the dashboard at your right.
If we update our firewall agent or the plugin, you will be notified and recommended to do the update or set up an automated update from the portal.
When any of the websites you add to WebARX Portal has known vulnerabilities or when suspicious behaviour is detected – you (or your team) will receive an alert to eliminate risks in time.
WebARX will analyze every single software version that is used by your website, starting from the Apache and PHP versions, ending up with CMS, Plugins, and Themes. WebARX checks if the website is mentioned in hacker forums and communities, if there are any signs of malware on the site or if the site is blacklisted on any search-engines or antivirus vendors. Security scans will trigger alerts when vulnerable software or errors are detected on any of your sites.
WebARX performs uptime monitoring on every website every five minutes. From that, you will get a weekly SLA% report for each website you have added.
As you know, when a website ends up in a blacklist it’s a long and infuriating process to get out. WebARX will perform frequent checks if any of your websites is listed in Search Engines or in any Anti-Virus company blacklists right after you have added your site so you can act before any real damage to your website reputation.
With monitoring, you can set up and choose your most preferred alerting options. You can currently choose between Slack and Email.
WebARX website firewall (WAF) is always up to date with the latest attack information and is protecting your sites in real time. Thanks to our own Threat Intelligence we update our website firewall frequently so that your website could be safe from the latest methods which hackers use to gain access to the sites. Over the last couple of months, we have improved the effectiveness of over 30%. You can also set up your own preferred hardening options for the website via plugin settings (autoconfigured recaptcha, admin-panel hider etc.).
Under the firewall logs view you can see what kind of attacks have been blocked on your website, what are they targeting and where they are coming from. The attack severity varies from low to high depending on the type of attacks and relevance to the software the site is using.
When hovering on the attack vector marked as ‘TYPE’ you can see a quick explanation about what kind of threat was blocked by our website firewall. When you click on ‘POST’ under Method – you will get the information about the blocked content.
Would you like to know if someone was trying to guess your WordPress password? With activity logs, you can see how many attempts of failed logins you have on your site, where they are coming from. It comes especially handy when you have a website that has more than one admin so you can easily monitor their activity.
After connecting the site with WebARX, you can easily hide the default admin panel which usually reduces brute-force attempts by 90%.
In many cases, out-dated software is the biggest issue on the website when it comes to security. It’s important to keep an eye on the software versions, keep them frequently updated. WebARX will monitor your software versions and will give alerts when any of those are linked to a known vulnerability or posing any security risk to your site.
At the end of 2018, we will introduce a PHP native version which allows you to enable website firewall on any PHP based CMS (Joomla, Magento, Drupal etc.). Also, a software management tool to remotely keep software version up to date on every site.
We have the free trial version open already so feel free to start protecting and monitoring your sites now.
2018 has already been a great year for us and will definitely continue to rock.