Oct 22, 2020

Security Improvements to the Hosting Platform

We have applied some new security measures designed to protect our clients from malicious bots and spoofed emails:

Blocking Malicious Web Requests

We have implemented a new security mechanism that blocks POST requests from malicious IP addresses. We are using the database of Stop Forum Spam to get a list of malicious/suspicious IPs. The list gets automatically updated every 6 hours.

If a website receives a POST request from an IP address that has been listed in the Stop Forum Spam database, it will be automatically blocked by our Web Application Firewall (WAF). In almost all cases these requests come from bots, so users won't even notice them. However, if the POST request turns out to be legitimate, there is an easy way to allow future requests from that particular IP address. Whenever the protection gets triggered, a "412 REQUEST BLOCKED" page will be shown, asking the website visitor to prove they are human by completing a simple test (CAPTCHA). If the test is completed successfully, the POST request can be repeated and will no longer be blocked by our WAF.

Stricter Spam Rules for Better Filtering of Spoofed Messages

We use Sender Policy Framework (SPF) to check which mail servers are allowed to send email for a particular domain. If our mail server receives a message from an SPF-protected domain from a mail server that is not listed as an allowed sender for that domain, the system assigns spam points to the message, making it easier for SpamAssassin to recognize it as spam and filter it.

We have now enhanced the SPF protection by improving the spam scoring system for domains that use SPF. From now on the system will assign more spam points to messages that break the SPF policy of the sending domain. There is also a new SpamAssassin plugin in place that protects against the so-called "display name spoofing", where spammers alter an email's display name to make it look like it comes from a trusted source.

And since we are on the topic of security, now may be a good time to throw in some well-known web security tips:

SSL Certificates - Get Yourself One (or More) ASAP

Hopefully, you already know that SSL certificates are important for many a reason, and you are already using an encrypted connection on your website. If you have not done this yet for some reason, don't wait any longer and get your SSL certificate now. ICDSoft offers free SSL certificates from Let's Encrypt, as well as paid SSL certificates from GeoTrust and Sectigo, so you have a variety of SSL options to choose from. And if you are still wondering whether you actually need an SSL certificate, you may want to check our blog post which addresses this very question:

What is an SSL Certificate, and Do You Need It?

The Importance of Security

Although here at ICDSoft we constantly monitor our infrastructure for vulnerabilities, and we do our best to protect our customers from various attacks, it is essential that you do your part in the protection process. Please make sure that you always set a strong, unique password for each service/interface/website/mailbox/etc. you use, and that you always keep all your software updated. You should also regularly scan all your devices for viruses and malware.

You can check the following section from our documentation for more information about security:

https://www.icdsoft.com/en/kb/security_1

We also have some great articles about security in our blog at:

https://www.icdsoft.com/blog/category/security