Our Premium Web Hosting service includes an active firewall. Not only does a great job of preventing hackers from compromising your website, it also captures data about them which provides a rare insight to website hackers in the wild, so I thought I’d share some details with you:
Most hackers come from China
Sorry to my good friends over there, but the numbers of smart firewall blocks by country is hugely stacked against visitors from Chinese IP addresses.
Here’s a table of country codes to help you decipher it further.
Im surprised the numbers are disproportionately high and my apologies go out to Russians who I have previous condemned…
Maybe Chinese IP addresses are easier to spoof… or the IP Geo mapping is wrong… If you have a theory on why so many Chinese blocks I’d love to hear your thoughts…
SSH is the most popular form of attack
This pie chart shows the distribution of attack ‘triggers’ i.e. the type of attack that trigger our smart firewall to say Whoa! to the visitor and block them
My apologies that this is not clear, but it does provide good information
LF_SSH refers to Login Failures via SSH
Secure Shell abbreviated to SSH is used to run ‘old world’ computer screens typically on Unix systems
SSH provides primitive albeit direct and powerful access to the web server. Gaining access to your hosting package via SSH would almost certainly result in your website being compromised, and probably all other sites on the same web server. Most mere mortals would never even consider using SSH, but clearly its popular with website hackers 😉
PS_Limit is the number of times a site was port scanned
Port scanning is the process of scanning to find an exploitable entry point. A tedious process, so port scanning is likely to be performed using specially designed software.