Docs
uantiddos
Basic Protection
External DDoS Self-Inspection of the Host

Self-Check for Host DDoS Attacks

A cloud host with vulnerabilities may be attacked by hackers and potentially serve as a host for DDoS attacks. This help you perform security self-checks on your cloud host to avoid potential security risks.

PHPMyAdmin

Check

  • Whether it is installed
  • Whether the /install/ directory has been deleted
  • Whether there is a password

Repair

  • Enhance mysql password
  • Restrict access to phpmyadmin

Tomcat

Check

  • Whether the management page /manager/ exists
  • Whether the backend uses weak passwords, common weak passwords include admin/admin, tomcat/tomcat, manager/manager

Repair

  • If no need to use the tomcat management page, delete it. If necessary, enhance the password. The specific settings are to increase the password strength in conftomact_user.xml

Other Common Open Source CMS

Check

  • Whether they are using common open source CMS, dede, and whether the version has vulnerabilities.
  • Whether the backend uses weak passwords

Repair

  • Upgrade to the latest version
  • Enhance password

Struts2

Check

  • Whether using Struts2 framework
  • Query whether there are vulnerabilities in this version of the Struts2 framework

Repair

  • Perform access control on the management backend
  • Enhance password

Editor

Check

  • Check whether fckeditor is installed
  • Whether anyone is allowed to access
  • Whether there is a page like fckeditor/editor/filemanager/connectors/test.html fckeditor/editor/filemanager/*

Repair

  • Restrict access to fckeditor
  • Delete the test page

Common Pages

  • Check if ewebeditor is installed, whether the default password is admin, admin888
  • There are many problems with ewebeditor itself, it’s recommended to avoid use it if possible
  • Repair: Enhance the password. The database of ewebeditor can be downloaded, weak password is useless

FTP Brute Force Cracking

Check

  • Whether the FTP has a weak password, check /var/log/vsftpd.log for abnormal logins

Repair

  • Enhance password

SSH Weak Password

Check

  • Use the last command to check for abnormal logins
  • Check /var/log/secure to confirm whether there is brute force cracking, and whether it was successful

Repair

  • Enhance password

ElasticSearch

Check

  • ElasticSearch 1.2 and below versions enable dynamic script execution by default, leading to being hacked

Repair

Modify the configuration file, add “script.disable_dynamic: true” to disable dynamic script

  • Disable dynamic script execution
  • Perform access control

SQL Server

Check

  • Whether SQL server allows external connections, whether the password strength is sufficient

Repair

  • Enhance password
  • Perform access control

Windows Remote Desktop

Check

  • Whether there is a weak password

Repair

  • Enhance password

Open Source Software like mysql, nagios, zabbix, phpmyadmin, cacti, redis, etc.

Check

  • If these open source software are used, check the version
  • Confirm with the official whether there are vulnerabilities in this version
  • Whether these open source software system accounts have weak passwords, or null passwords

Repair

  • Upgrade to the latest version
  • Perform access control
  • Enhance password
  • If these service accounts do not need to log into the system with SSH, set the login shell to /sbin/nologin
Blocking Cleaning Warning Callback DescriptionFAQ