Securing your emails

Discussion in 'Websites' started by marsh, Oct 16, 2017.

  1. marsh

    marsh Kenya Active Member

    Joined:
    Dec 23, 2016
    Messages:
    227
    Likes Received:
    29
    Trophy Points:
    28
    Location:
    TA
    Most, if not all businesses, rely on emails for their day-to-day operations. There a huge chance that sensitive information is also exchanged in this way. I hear stories of email servers being hacked and wonder how can any business avoid this? Is encryption always enough?
     
  2. JackD

    JackD United States Active Member

    Joined:
    May 1, 2017
    Messages:
    752
    Likes Received:
    234
    Trophy Points:
    43
    Location:
    USA
    Home Page:
    Encryption is not enough by itself. My email server is constantly bombarded hackers. I have a stringent policy against hack attempts. My main protection is cPHULK Brute Force protection. I also require users to have very high strength passwords including length, special characters, numbers, lower and uppercase passwords. It is a real pain but so far it has worked for my server.
     
    Foroux likes this.
  3. Jeff
    • Staff / Moderator

    Jeff Canada Administrator Staff Member

    Joined:
    Mar 26, 2008
    Messages:
    4,639
    Likes Received:
    650
    Trophy Points:
    113
    I'm noticing this too - like a dozen or more attempts per day. Really surprised at the level of attempts.
     
    Foroux likes this.
  4. Foroux

    Foroux Member

    Joined:
    Jul 15, 2017
    Messages:
    92
    Likes Received:
    28
    Trophy Points:
    18
    Location:
    US
    Do you have sites with a shopping cart or anything else you feel is drawing the attention of hackers? I hate that it's happening to you both, but it sounds like you're dealing with it better than most others. It was discerning to find out that Amazon had malware on its server, mining bitcoins. Just odd to see a big business like that, not catching issues sooner.
     
  5. JackD

    JackD United States Active Member

    Joined:
    May 1, 2017
    Messages:
    752
    Likes Received:
    234
    Trophy Points:
    43
    Location:
    USA
    Home Page:
    That is what is so surprising to me. Other than one site that has domain names for sale and no real shopping cart, no other site on my server has anything that I thought would attract a hacker. There are so many other, better targets than what my server would have to offer. Maybe I'm just getting the small time hackers trying to learn how. Either way, it's very annoying!
     
    Foroux likes this.
  6. ritchie

    ritchie Kenya Active Member

    Joined:
    Dec 23, 2016
    Messages:
    228
    Likes Received:
    25
    Trophy Points:
    28
    Location:
    SA
    I just had to check online to understand what 'brute force' is all about. Apparently, this is a hacking method that uses an automated system to try and guess the password(s) to the many web services. Is there a chance that most of these hackers are creating bots to target the numerous websites?
     
    Foroux likes this.
  7. JackD

    JackD United States Active Member

    Joined:
    May 1, 2017
    Messages:
    752
    Likes Received:
    234
    Trophy Points:
    43
    Location:
    USA
    Home Page:
    That's correct. Most that are attacking my server are using bots. In the log files I see the attempts and before using cPHULK there would be as many as two attempts per second to guess passwords and the attempts would last for an hour or more. And as you can imagine it also slows down the server when these attacks were happening. Now, invalid login attempts are limited to 5 then the users ip address is block for 360 minutes Some hackers even use multiple ip addresses so I also get an email for each of these blocks and if I see multiple attempts from the same subnet then I can blacklist the entire subnet.
     
    Foroux likes this.
  8. marsh

    marsh Kenya Active Member

    Joined:
    Dec 23, 2016
    Messages:
    227
    Likes Received:
    29
    Trophy Points:
    28
    Location:
    TA
    This is exactly what I was going to comment on because no business, with a huge online presence, would ever want to experience slowed down server speeds. I can imagine how these bots have an easy time, especially with the easy passwords. Can this software still be used to monitor hackers trying to access a PC?
     
    Foroux likes this.
  9. JackD

    JackD United States Active Member

    Joined:
    May 1, 2017
    Messages:
    752
    Likes Received:
    234
    Trophy Points:
    43
    Location:
    USA
    Home Page:
    cPHULK is only for servers running cPanel. I am sure there are other software programs available for the pc, I just haven't used any as I maintain a strict firewall with my AntiVirus software.
     
    Foroux likes this.
  10. Foroux

    Foroux Member

    Joined:
    Jul 15, 2017
    Messages:
    92
    Likes Received:
    28
    Trophy Points:
    18
    Location:
    US
    I wonder if they're attempting to use your server power to mine for bitcoins? The payoff is certainly there. Some of Amazon's servers were hacked for that reason. Allegedly, computer forensics showed that the hackers never attempted to even look at the buyers' and sellers' payment information.
     
  11. JackD

    JackD United States Active Member

    Joined:
    May 1, 2017
    Messages:
    752
    Likes Received:
    234
    Trophy Points:
    43
    Location:
    USA
    Home Page:
    I guess that could be the case. Either to mine for bitcoins or to use the server resources for spamming. Or maybe even both. I just know that you have to be constantly on your guard to block them.
     
  12. ritchie

    ritchie Kenya Active Member

    Joined:
    Dec 23, 2016
    Messages:
    228
    Likes Received:
    25
    Trophy Points:
    28
    Location:
    SA
    I just had this discussion with a business friend of mine who had his website hacked and it just reminded me of the importance of being vigilant in blocking all the 'bad' elements online. Hackers are always devising new ways of beating technology.