09.11
2013

access_deniedWill start this post with a bit of history. This site was infected by some Russian mallware years ago. At that time we mainly used hack4fun.eu domain [which was disabled] and somehow using one of WordPress vulnerability mallware was injected into several config files. No major harm done as recovering from recent backup fixed that and site was not even blacklisted by Google, but point was taken – even fully upgraded CMS can be easily owned. During years site was moved from one data center to another, also switching shared servers from time to time, repaired after performance issues and secured by various plugins and using Cloudflare with a bit custom security settings.

Like every 10 minutes some dummy script tried to scan or bruteforce into WordPress accounts. Some redirections and restrictions are in place as logs proved thousands weird crawlers last year, but site should be reachable relatively fast even if have thousands of visitors. Two restrictions are a bit unfair to readers [but helpful], so this post explains things a bit.

First, those who tried to browse site using proxy such as Squid with some anonymity options are banned based on browser’s signature [with error 1010]. This happens because of CloudFlare’s Browser Integrity Check which performs integrity checks for all requests by evaluating HTTP headers for threats. It will also challenge visitors that do not have a user agent or a non standard user agent (also commonly used by abuse bots, crawlers or visitors). While building anonymous HTTP proxy using Squid I discover that it is not possible to browse serverfault.sk [and serverfault.eu] with this Cloudlfare’s feature active. This is not affecting “standard” Squid deployment.

Turbolift_access_denied

Second after few thousand attack coming from TOR network, exit nodes are banned also for more than a year. We do not have an issue with TOR itself, and do not believe in censorship, but over the years, it has been widely used and abused by attackers.

Sorry! There are times when you need to choose performance specially when using shared hosting services…

2 comments so far

Add Your Comment
  1. ahoj,mas tu XSS dieru..

    http://www.serverfault.sk//wp-content/plugins/wp-cumulus/

  2. Thx, “fixnute”.