Website Security?

Software. Marketing. Training. Running your business.
#1
Posts:
8156
Joined:
4-Mar-2018 9:03pm
Location:
The Office
I think this is becoming even more relevant, as you've probably already gathered from recent news headlines.

Small businesses, particularly US small businesses, are being targeted by hacker groups. I believe the ultimate goal is usually to steal sensitive customer or client info and/or hold the data or website hostage for ransom. A good percentage of US small businesses do not have the know-how to implement even basic website security measures, and often do not have the resources to pay someone to implement and maintain these systems.

I have noticed that brute force attempts on my website are up noticeably vs last year. Recently I've been seeing anywhere between 40 and 100 unique IP addresses a day attempting to brute force a login for my website. Note this is unique IP addresses, not attempts. I'd imagine attempts are in the hundreds each day.

While I have established a safe guard for brute force by limiting login attempts and blocking IP addresses from logging in for a set amount of time if they exceed the login attempt limit, the increase in activity has me re-evaluating my safeguards for my website and got me thinking about paying for extra peace of mind.

I have been evaluating certain third-party contractors such as Cloudflare and Sucuri to provide certain services for my website such as:

--DNS firewall services (which would protect against DDoS attacks and malicious bots)
--additional security surrounding logins and admin access to the site
--periodic scans for intrusions and malware, and remediation if a scan reveals a problem
--website response time and performance boost through CDN caching
--a dashboard and audit reports of security events for me as the owner

I am currently leaning toward Sucuri based on my research and...to be transparent... their fee level. Cloudflare has a free version, but it's very stripped down. Their pro level is $20 per month and their business level is $200 per month. By contrast, Sucuri's top tier plan is $500 per year.

Does anyone have any experience with or thoughts on either Cloudflare or Sucuri?
 

#2
Posts:
6043
Joined:
22-Apr-2014 3:06pm
Location:
WA State
I'm very interested in this. As I continue to build out my firm's online presence, this is an area of increased concern.
I think it should be for all of us.
~Captcook
 

#3
Posts:
8156
Joined:
4-Mar-2018 9:03pm
Location:
The Office
Completely agree. The thought of reputational damage that would come with a security event...even if nothing was compromised...should make everyone think at least a little.
 

#4
Posts:
2887
Joined:
21-May-2018 7:50am
Location:
Northern MI and Coastal SC
I am the opposite--I have a threat management and prevention system installed on my website and the blocked IPs due to brute force or incorrect login attempts were much higher 12-24 months ago than current. It definitely ebbs and flows.

I will look into Securi. Nothing on my website is all that confidential, and what is would require them to gain entry to third-party provider servers, too. But, cannot ever be too safe.
 

#5
BFStax  
Posts:
496
Joined:
21-Apr-2014 4:01pm
Location:
CT
My site got hacked a few years back and had malware installed on it. All sorts of messed up. Sucuri claimed to be able to fix it, so I gave them the $200 and they worked fast! Site was cleaned and back to normal. The fee was an annual subscription for monitoring and scanning and even a firewall. My site got messed up again a few months ago (php server update or something) and the only reason I knew was because of their monitoring. I submitted a ticket and it was fixed within an hour.

For $200 I love their service. It's a no brainer these days.
 

#6
Posts:
8156
Joined:
4-Mar-2018 9:03pm
Location:
The Office
Thanks BFS. Good to hear.
 


Return to Business Operations and Development



Who is online

Users browsing this forum: TaxThatAsset and 30 guests