Hacking of your website by another country has become more frequent in recent times. Wars do not only mean soldiers killing each other, wars are also being fought online where countries try to hack into the resources of another country. In fact, it is the easiest way to bring a country down. All of our systems are online and on the cloud, from our electricity to our cars, even our identities can get stolen in a matter of seconds.
Just going through this article will provide you with a glimpse of how old and dangerous this method is.
Our objective today is to provide you with the first line of defense. There are various complex ways of stopping such attacks, using firewalls, but we will be discussing how you can do this on your own (or your head of infrastructure/DevOps person could assist in the same).
You can block a range of IP addresses at the hosting level, or/and at the server level. Keep in mind that your page speeds will go down a bit using this as the IP addresses are compared with the existing list.
Here we are going to talk about the IIS server and blocking IP addresses from Russia.
Download this file. This consists of the IP addresses from Russia and the Sub Mask Details.
Login to your server, open IIS Manager and check if you have the “Restrict IP Address and Domains” option available in the IIS section of your site.
If the above is not available go to Control Panel -> Turn windows features on or off -> Select your server-> Server Roles-> Web Server-> Web Server-> Security Enable all options in this.
You will have to restart your server post this.
Open the file that you downloaded in step 1. Copy the first IP address and subnet mask. Go to IIS Manager, open the IP Address and Domain Restrictions. In Actions, click on Add Deny Entry. Add the IP address and the Subnet Mask here, click OK.
Step 4 helps in placing the IP address to be denied at the right place in the configuration file and becomes a placeholder for us to add the rest of the IP addresses.
Keeping that in mind, open the configuration file:
Find the section where you added the IP address. On finding that, add all remaining IP addresses to this configuration file. Keep checking your website that it does not go down (if it does, the usual issue is that the IP address is repeated, as config files use keys, there can be only 1 unique key, or there could be an issue with your syntax).
Use any of the available tools online to replicate the traffic from the country you trying to block. You should get a 403 from the server. This response can also be customized if required. We used BrowserStack to test our approach.
Following these steps can be your first line of defense against a large-scale attack. Keep in mind that there are various ways in which your website can be hacked and you should follow the best practices while programming, setting up the infrastructure, user settings, database connections, security ports, and keeping your server up to date to help prevent any unfortunate incident. There are advanced firewalls available in the market, they can be explored if you are an advanced user and have the budget for the same.
For more interesting blogs, check out our latest articles here.