How To Overcome If Our Server Is Abuse

Written By Support Team (Administrator)

Updated at April 14th, 2022

PT Biznet Gio Nusantara  as a Cloud Computing service provider, you certainly have a policy regarding abuse that you can access at the following link: T&C Privacy Policy


This abuse is very common on your server, the abuse itself has many types, types and sizes.


In this guide, we will provide some examples of common abuse and how to solve it.

 

The following are examples of abuse that often occurs on servers:

 

  1. Spam
  2. Outgoing Brute Force Attacks
  3. Phishing and Malware
  4. Copyright Infringement / Copyright Infringement.
  5. Outgoing (D) DoS-attacks (e.g. UDP / SYN floods)

The following is a discussion and how to deal with abuse according to the abuse list above:

 

1. Spam 

The most common cause when this occurs, usually because of spam scripts that are injected (injected) through exploits into popular CMS such as WordPress, Joomla, Drupal, and others into the server.

Here's how to deal with spam abuse with the spam case study on the CMS above:

  • Make sure that the CMS components (core, theme, plugins) are always up to date.
  • Make sure you don't download themes and plugins from unknown websites. Usually themes and plugins (nulled) that are downloaded from unknown sites have embedded shells or backdoors which are very dangerous.
  • Make sure that the application folder permission settings are correct, there is no directory with 777 permissions that allows others to execute or modify the folder.
  • Periodic system update (patch).
  • If you are using a WordPress CMS you can use a security plugin like WordFence to increase the security of your WordPress CMS.
  • If your website does not use mail forms, you can disable PHPMailer, or disable email sending via port 25 for your website, usually if it is enabled spam can occur on the website by using port 25 which is publicly accessible and can be used for spam email abuse. .
  • If you wish to use PHP based mail forms on the website, please make sure the mail address 'TO:' cannot be changed directly. Otherwise, you allow visitors to start spamming right from the form on the website.
  • If you are using a Linux server you can use a scanning tool like ClamAV or Linux Malware Detect (LMD) to scan for malware that is on your Linux server.
  • To prevent abuse of email addresses, we recommend that you use an SSL connection for each email address so that your email is encrypted.

2. Outgoing Brute Force Attacks

These abuse attacks are very common on servers, to find out about abuse outgoing brute force attacks you can view all list processes currently running on the server using the following command:

  • See the process on the server, use the command top , htop or ps auxf
  • To view user login history, use the w , last or grep -i command "accepted" /var/log/auth.log
  • Viewing the history of commands executed by the user, use the history command
  • Make sure there are no cronjob anomalies executed by the user, use the command crontab -l or crontab -l -u [username]
  • Checking the contents of the / tmp directory for any anomalies or oddities in it.

Here are tips to prevent brute force attacks:

 

  • If you use Biznet Gio Cloud or Neo Cloud, you can take advantage of the firewall features that have been provided. Please allow certain IP addresses that can access the server
  • Use a malware scanning tool like ClamAV, rkhunter, chkrootkit or Linux Malware Detect (LMD) to detect malware on your server as soon as possible. You can plan these scans in a cronjob for example.
  • Update your own software and OS frequently.
  • Disables unnecessary ports and services on the side of the Firewall server you are using, for incoming and outgoing traffic. When you only use the server to host the web server and don't use mail or SSH, there's no reason to turn on these services and open up the appropriate ports. If a port is closed, any services that use that port cannot be abused by others. It's therefore important to check which services and ports are really needed for your server's needs
  • Use a password consisting of a combination of letters, numbers, and symbols for each user on the server (ssh, ftp, email, website dashboard) so that they are not easily hacked by the brute-force method.

3. Phishing and Malware

In most cases phishing websites often occur because of many factors, it could be because the CMS or server you are using has been infected with malware, and if your website has been phished the impact is very large, such as your website domain being blocked by Google because of this phishing.

Here are tips for preventing phishing and malware:

  • Make sure the CMS and plugins you use are always updated to the latest version or a stable version.
  • Make sure you don't download themes and plugins from unknown websites.
  • Make sure that the application folder permission settings are correct, there is no directory with 777 permissions that allows others to execute or modify the folder.
  • Use a malware scanning tool like ClamAV, rkhunter, chkrootkit or Linux Malware Detect (LMD) to detect malware on your server as soon as possible. You can plan these scans in a cronjob for example.
  • Periodic system update (patch).

4. Copyright Infringement / Copyright Infringement.

When you share (share) content illegally, you may receive reports of copyright or trademark infringement. Usually caused by torrents.

Another possible cause of the infringement notification could also be a brand image or logo displayed on your webshop. The simplest solution is to simply remove the Copyright content from your server.

Here are tips to prevent Copyright:

  • Make sure you are not running a torrent program on your server. In addition, it is not recommended to share the media (privacy) that you upload to the VPS server publicly.
  • When you use a VPN server on your server, make sure that connected users cannot use torrent traffic.
  • When selling a particular brand / company product and you use their image (such as a logo), make sure you have an agreement (license) with the brand owner.
  • Don't register or host domains that have strong similarities to popular brands or large companies. In almost every case you will be forced to delete content and / or transfer the domain to the brand holder.

5. Outgoing (D) DoS-attacks

There are a large number of types of 'DDoS' attacks used by malicious individuals / organizations on the Internet. In a DDoS attack, your server will send a large number of packets to other servers to make it unreachable for other visitors. Two of the most common attacks seen were flooding UDP and SYN processes.

 

  1. In a UDP attack, your server will continue to be forced to send a large number of UDP packets to a random (usually unused) port to the server that is being attacked. Since this port has no active service, the 'ICMP Destination Unreachable' packet will be sent back, which will cause excessive resource usage and make the server unreachable.

 

  1. In a SYN attack never an ACK signal is sent (this can also be caused by IP spoofing) after your server sends a SYN (the signal used to set up a connection between 2 servers). Since no ACKs were sent, the server under attack will continue to wait for this ACK which will eventually cause the server to become unreachable.

 

In either case, it is likely that your server has been infected with malware and is now part of a 'botnet'. Because of this, someone else can take control of your server and abuse it for this attack.

 

Here are tips for preventing DDOS:

 

  • Make sure the CMS and plugins you use are always updated to the latest version or a stable version.
  • Use a malware scanning tool like ClamAV, rkhunter, chkrootkit or Linux Malware Detect (LMD) to detect malware on your server as soon as possible. You can plan these scans in a cronjob for example.
  • Update your own software and OS frequently!
  • Disable unnecessary ports and services on the side of the Firewall servers you use.
  • Use a password consisting of a combination of letters, numbers and symbols for each user on the server (ssh, ftp, email, website dashboard) so that they are not easily hacked and ddos.

Was this article helpful?