Stratus - Security Guides on Webscale Product Documentation

Stratus Security Guides - Blocking Countries

Mon, 01 Jan 0001 00:00:00 +0000

Webscale STRATUS gives you the ability to block traffic from selected countries.

To block certain countries from accessing a Webscale STRATUS install, use Access > Block Countries in the Webscale STRATUS Control panel.

Stratus Security Guides - Securing a Magento Store

Mon, 01 Jan 0001 00:00:00 +0000

Regardless of these efforts, an e-commerce store remains accessible by the public-at-large and therefore can be subject to additional attempts to compromise security.

To give your store additional protections,

Don’t use the default admin or backend login path. Using /admin is a common path too often used by hackers to make repeated attempts to gain access. Magento 2 automatically creates an obscure admin path. For Magento 1.x stores, the default “admin” path should be changes to a obscure value resembling a very secure password (e.g., “Uy49kkT” or “j87PenM”).
Install all updates and patches. The Magento Security Center is a Magento resource for recent and past updates. The community site, magesec.org , has open source scanning and patching tools.
Many sites hosted on Mojo STRATUS use WordPress for their blog feature. Using Nginx Includes or the built-in STRATUS panel access restriction , restrict the WordPress login by IP and prevent brute-force attacks.

location ~* /wordpress/wp-login.php$ {
 allow 1.1.1.1;
 try_files $uri $uri/ /index.php?$args;
 location ~* \.php$ { try_files /dummy @proxy; }
 deny all;
}

Remove all extraenous files from the Magento web root. Extra database dumps, un-needed files and test scripts, and other code that isnt necessary for production is often left exposed.
Use strong passwords!
Block countries for which shipping is not available.

Stratus Security Guides - Traffic Limits

Mon, 01 Jan 0001 00:00:00 +0000

Certain services are restricted in terms of how much CPU and memory they can use to prevent memory leaks and other issues from affecting your site. Services that need fluid limits, like PHP, are handled differently.

The Redis, memcache, Nginx and Elasticsearch services all have lower memory limits with less than 4GB as a maximum. A majority of stores do not exceed them and our team can adjust them if needed.

SStratus Security Guides - Securing Magento 1.x against malware and brute force attacks

Mon, 01 Jan 0001 00:00:00 +0000

Our support team at Webscale can help implement any of the changes below to help protect your store.

To help protect your store against attacks, do the following:

Change the admin path from /admin to something less obvious. This is adjusted in the local.xml file near the bottom. Change the frontName variable and clear the Magento cache.
Password or IP restrict the downloader using the Webscale STRATUS [Access > Protect URL][2] panel access restrictions or a .htaccess file. The downloader can also be moved out of the Magento web root completely when not actively using Magento Connect.
Update Magmi, as older versions of Magmi are unsecure and can allow remote users to upload files for remote execution.
Keep any WordPress installations up to date within the Magento web root. WordPress plugins can often be found to introduce or allow malware.
Apply any missing patches for your store. Our support can help apply these for you. Most Magento 1.x patches are **critical **to security

Further securing your Magento admin

If changing the admin path is not sufficient, it is also possible to IP restrict it entirely. Contact stratus-support@webscalenetworks.com for details on how to restrict this.

Stratus Security Guides - External CDNs and Firewalls

Mon, 01 Jan 0001 00:00:00 +0000

Whitelisting Validation for Sucuri

When using Sucuri’s firewall that adds a JS protector in front of the site, whitelist a specific path for our validation to work properly. Whitelisting this path will not compromise the protection on the rest of your site. Our validator uses a simple curl request and cannot process Sucuri’s JS.

Note the UUID of your Webscale STRATUS instance.
- Go to Info panel in the Webscale STRATUS Admin panel.
- Account Name is the UUID of the install.
Log into the Sucuri.net account

Stratus Security Guides - OSCP Stapling

Mon, 01 Jan 0001 00:00:00 +0000

According to Amazon Web Services:

When a viewer submits an HTTPS request for an object, either CloudFront or the viewer must confirm with the certificate authority (CA) that the SSL certificate for the domain has not been revoked. OCSP stapling speeds up certificate validation by allowing CloudFront to validate the certificate and to cache the response from the CA, so the client doesn’t need to validate the certificate directly with the CA.