I have a website hosted on Azure which I use for my trainings. Today I received a number of alerts from Azure showing High CPU usage for the Service in question. After investigating the error logs it seems it was Brute for attack for the database. The IP address of the attack is Chinese but no surprise there. The good thing is I already have a number of inbuilt security features enabled within the system so after a number of attacks the server simply shutdown and restarted and that was that.
The good thing was it was a honeypot meant exactly for this purpose and now that I know the site is actively being targeted, I can simply take additional steps to harden the security. The cloud is only as secure as your implementation in fact in most cases its more however that doesn’t mean its immune. So do yourself a favor check if you have implemented at least the following on your environments
- Enable Firewalls
- Disabled sa accounts or admin accounts and replace with non-conventional names
- Use non-standard ports
- Don’t host the database and the website on the same machine (domain names give IP > IP can be used to connect to databases)
- Enabled Auditing – Look at the audit logs every once in a while
- Separate data into parts that do not compromise your business and those that do, follow different processes for each.
- Try hacking your own site / database – don’t know how? Google it
- Localize for your geography – Never had customers from China ? then don’t allow Chinese IPs
- Change your passwords regularly and don’t use the same password everywhere
- Share as little info on the internet as possible ( esp. social media)
To the question have I hit the bigtime? NO, the fact that Chinese hackers are trying to attack my site doesn’t mean anything, they simply try every site they can lay their hands on. The key to avoiding data theft is to make it a major pain to do so. If it takes me 20 hours to penetrate your network I better be getting paid for it else it’s just not worth my time.
PS: – you don’t need to have a site to get hacked, emails are much more enticing than databases.