Westboro Baptist Church Hit By DOS Attack
The Westboro Baptist Church is best known for its controversial picketing of military funerals, its anti-gay slogans and its recent contentiousvictory at the Supreme Court.
Needless to say the church has made a lot of enemies online, including The Jester (th3j35t3r), a ‘hacktivist’.
The Jester took it upon himself to silence the Church’s infamous God Hates Fags website on February 21st by launching a denial of service attack.
At the time of posting, the site was still down.
The DDOS Attack
According to Jester, the attack is being executed through XerXeS, which uses an exploit found in Apache to take sites offline.
Unlike the distributed denial of service attack (DDOS) we normally see, the XerXeS denial of service (DOS) only requires one machine and does not need a botnet or a group of assistants. According to the hacker, this makes the attack more focused.
What does the attack mean for hosting security in general?
Is Apache Vulnerable?
We understand that XerXeS works by using an exploit in Apache, the most common web server application in use today.
This doesn’t mean Apache is any more vulnerable than other web servers. Most viruses are written for Microsoft Windows. This isn’t because Windows is any more vulnerable than Linux or Mac OS, but because most home and business computers are running Windows, so it’s more profitable to hack.
Likewise, hackers looking for access to the most servers spend their time hunting for vulnerabilities in Apache.
Apache is still a highly trusted, and the most popular, web server application. And it should be. Only the most accomplished hackers tend to find these kinds of security holes. And once they are exploited, the Apache team acts quickly to seal them up.
In fact, XerXes has also beenmodified to attack IIS systems, a prime target for hackers looking to shut down business servers. Any machine can be vulnerable, so it’s critical to stay on top of updates.
So while this new type of DDOS attack is worrying, we can all stay safe from many hacking attempts simply by being vigilant and sensible.
How to Stay Secure
To be clear, there is no such thing as being ‘completely secure’, but you can do your best with the resources you have.
That means keeping server software up to date and monitoring your server constantly. These types of hacks only work twice because hackers keep trying them until they find a server that hasn’t applied the latest patch or update.
If you don’t have time to regularly update your server, it might be time to consider a switch tomanaged hosting so that your host’s team can do the legwork on your behalf.
How to Make Your Website Less Appealing
Let’s face it, your local community church isn’t terribly worried about DOS attacks on its website. They probably aren’t a national name, and they probably don’t spend their days spreading hate and getting themselves atop the hacktivist hit-list. The easiest way to avoid a DOS attack is to stay off the radar and try not to offend people.
But, depending on your situation, that may not be possible. Don’t worry, there are other ways to limit your appeal.
If you want to avoid viruses on your home computer, buy a Mac. This isn’t a sure-fire solution, but it will help. You’re less likely to fall victim to a computer-based attack if you’re on a less popular platform. How many Windows Phone hacks have you heard about?
The same is true for web servers. If you want to limit your vulnerability, choosing a less popular server, likeLiteSpeed orNginx can help. Of course, there are drawbacks to using a less popular server. LiteSpeed may be targeted less, but most professionals agree Apache is still more secure. Nginx may scale better than Apache, but it can’t touch Apache in terms of third-party compatibility. There are plenty of otherweb servers out there, but finding the one for you takes time.
And don’t be surprise it you wind up right back at Apache. There’s a reason it’s so popular.
Find a Host that Provides DOS and DDOS Protection
Many hosts now offer some level of protection for DOS and DDOS attacks. For the former, this will typically include managed updates, afirewall, or some combinations of the two. Keep in mind, these may require you to purchase a higher level hosting plan or an additional add on, such as a dedicated IP address if you’re on a shared plan.
For DDoS, there are a number of hosts that provide protection exclusively for this type of attack. Many of them including a filtering system, which allows legitimate clients to access your website while blocking the attackers. A firewall can also help with these type of attacks. While keeping your software up-to-date won’t prevent the massive amount of hits your page will receive, but it may allow your server to detect this type of attack sooner, allowing your protections to kick in before it’s too late.
Of course, the cheapest, most important step you can take to protect yourself against DOS, or any other type of attack, is to keep your system up to date. Do it manually or get your host to do it for you. Just make sure it happens.