A checklist to prevent data scraping from your server
Scenario
If your server isn't properly secured, an attacker can target it with automated scrips in order to scrape data from it.
Your business could face loss of confidential information and potential lawsuits.
Luckily, you can implement technical solutions for you to eliminate, or at least mitigate, this problem.
Solutions
- Supposing you can track down the attacker's IP (which is highly unlikely), e-mail its ISP, asking for its account to be suspended.
- Gradually change the code, making it harder for the attacker to scrape data from your website.
- Implement specific firewall/IDS-IPS rules dropping all traffic responding to specific patterns you've discovered in the previous attacks.
- Blacklist certain countries (where the attacker results to be located) altogether, totally denying them access. There is to say, though, this measure could not be very effective. The attacker will most likely use Tor and mask its real location.
- Configure a new more secure server real quick and bring it up, taking down the old one until you understand what's going on.
- Create a honeypot and study what the attacker is doing.
- Hire someone like me to study a customized solution.
Wrap-up
Most valuable information is on the Internet nowadays and this is good and bad.
Though information is made readily available for customers all around the world, this exposes the organizations handling their data to unprecedented threats.
Not all webmasters have a solid security background, especially when Content Management Systems (CMS) solutions (such as Drupal, WordPress, or Joomla!) are used.
Surfing the Internet, it can be very easy for you to stumble upon poorly implemented websites, having severe security vulnerabilities.
Sadly not everyone is like me and bad guys can easily take advantage of any hole they find.
This scenario can have dramatic consequences, exposing your business to loss of information, lawsuits but, most of all, to a damaged reputation.
You can't afford it.
Luckily, you can put solutions in place for you to face, or mitigate this threat.
Take your security seriously. Each dollar spent in information security is a saved dollar.
Comments
Post a Comment