How cPGuard protects your websites?

by | Oct 2, 2020

This is one of the first questions that will raise when someone decides to try cPGuard on their servers. The answer is not simple and it needs to be explained from top to bottom as the protection is offered at multiple levels.

So let us check what all protection that cPGuard offers

  • Malicious file uploads/updates
  • Web attacks/exploits
  •  Incoming Spam Emails and IP/Domain  Reputation Checks
  • Extensive Reports

1. Malicious File uploads/updates

This is one of the common problems that every website owner is facing and affecting website reliability and integrity. This happens most commonly because of any exploits open in the website, compromised user account, or logins or possibly due to a compromised account hosted in the same shared environment. So to detect the malicious file contents, cPGuard has multiple layers of file scanning options to make sure that every file is passed through our scanner engine.

  • Layer 1 HTTP Upload Scanner:- This is the first level of file scanning if the file is uploaded/updated via Web. So whenever a file is uploaded using your website, it will pass through the scanner engine. We carefully manage this step to scan only relevant files and in case we detect any malicious pattern for which we do not have any definition, we will scan ti through our central system and take necessary actions.
  • Layer 2 Automatic Scanner:- This is the second level of scanning, which can catch any files updated/uploaded regardless of how it is done. We monitor the operation of the files to fetch the list of files to monitor and pass it through the scan engine. Since we monitor only website files and process them as batches, this consumes a very small amount of server resources and takes very little time to complete the scan compared to the competition.
  • Layer 3 Weekly automatic scan:- We run a weekly scanner to scan all files updated/uploaded in the last 7 days and scan them. This helps to ensure that all recent files are analyzed based on our constantly updated virus database and thus fetch new types of attacks even if they can bypass initially.
  • Layer 4 manual scan:- This is the last layer of scanner which needs manual intervention to start the scan against a defined target. This can help to find all new/old malicious files under the targeted path and help to create custom reports.

So the multi-layer file scanning that you can flexibly enable on your server ( you can customize each based on your preference from cPGuard Settings ) can scan all types of file changes on your server and take action on them. There is also a file auto-clean option using which you can attempt to clean files automatically and restore them to the original location, and it can prevent website outage due to core files infection.

 

2. Web attacks/exploits 

This is the WAF layer that actually helps to mitigate most of the attacks before it reaches your Web Applications. Our WAF is powered by Malware.Experts Commercial WAF rules and cPGuard ModSec rules. In this layer, it has multiple components to mitigate varieties of web attacks.

  • The WAF Integration:- It is the core WAF rules enabling that you can do from settings and it will load the core rules into your web server. This ruleset contains the mitigation rules for generic attacks, some latest CVEs reported, targeted CMS attacks ( WordPress, Joomla, etc ). We always recommend you to enable this and it can protect your websites from many web attacks.
  • Brute-force protection:- This module protects your websites from brute-force attacks against the defined URLs. This can effectively monitor the real IPs and block them if they cross the access threshold.
  • Scanner Rules under WAF :- When you enable this rules set, it will protect your websites from common abusive botnets. It can save server resources and unnecessary processing of the requests.
  • Webshell Rules under WAF :- These rules can stop processing any web shells if they are already uploaded ot your websites. This is a highly sensitive rules set and we do not recommend it unless you have complete control across all the websites on the server
  • Captcha Protection under WAF :- This module protects your websites from brute-force attacks against the defined URLs. This can greatly reduce your server load and protect your websites from abusive accesses.

The multiple protection layers in HTTP can protect your websites from most generic and common attacks and sources. We constantly monitor the Web abuses reported by WAF from our centralized system and making adjustments accordingly to increase the protection level.

3. Incoming Spam Emails and IP/Domain  Reputation Checks

cPGuard helps to reduce Incoming Spam Emails using the SRBL system which uses an intelligent algorithm to check all incoming email sources and find whether they are abusive or not and take actions accordingly. This can stop emails from now abusive IPs and thus reduce the incoming spam email count.

Additionally the systems helps to keep rack of the IPs/Domains on the server and check whether they are listed in major blacklists. It will alert you promptly when there is a blacklist detected and helps to take note of the total server reputation. You can even choose to suspend an account when a domain is blacklisted and it can save your IPs from being blocked in SEO and search engines.

4. Extensive Reports and Notifications

cPGuard produces a lot of reports and notifications which can give an overview of the total attacks against your server and security issues for particular accounts. There is more graphical representation of the web/virus attacks per day or certain period and the notifications are instant to alert you about recent attacks. You can flexibly turn on/off certain notifications and define the email addresses to which that you want to receive alerts.

The protection is not limited to above points….

Yes, the software offers more protection like automated Rootkit scanning, CSF integration, wp-cron.php job mangement, etc to ensure smooth managemrn tand security on your server. We constantly add more features, enhance the exisiting features and do everything that we can to deliver the best services to our customers.

If you really think that cPGuard can improve in any certain point by adding or enhancing any feature, please feel free to reach us and we will do every possible things to meet the requirements.