Web Application Firewall

Solr Dataimport Vulnerability Becomes a New Attack Method for Mining Organizations

Alibaba Cloud security team has detected a new attack method using the Solr dataimport RCE vulnerability (CVE-2019-0193) that implants mining programs into target hosts.

CIA Triad and SSH Brute-Forcing

In this blog, we'll discuss about the CIA triad for information security, and share a simple implementation to protect our servers against SSH brute force attacks.

Exploring the Business Advantages of Cloud Security

By learning from failed attacks and detected threats, cloud security can outperform even large corporate teams of seasoned security professionals.

Defending against TB-level Traffic Attacks with Advanced Anti-DDoS systems

This article discusses the evolution of anti-DDoS technology and describes how each element can affect the overall protection robustness and efficiency.

Windows Networking Troubleshooting 5: HTTPS Exceptions in WAF and IIS

This article discusses the possible causes of web applications running on IIS web servers to be returning HTTPS exceptions.

ImposterMiner Trojan Takes Advantage of Newly Published Jenkins RCE Vulnerability

Alibaba Cloud Security team has recently detected a crypto-mining attack which uses the newly published Jenkins RCE vulnerability as its attack vector.

Deep Dive into Cloud Firewall: Addressing Aggressive Mining Worms

This article provides an in-depth analysis of how Alibaba Cloud's Cloud Firewall addresses aggressive mining worms.

How Alibaba Cloud Can Empower Your Business Growth In 2019

In this blog, we will talk about why cloud computing is necessary for innovation and how companies can further leverage Alibaba Cloud for growth in 2019.

Protecting Against DDoS Attacks with Secure Content Delivery Network (SCDN)

Alibaba Cloud has developed the SCDN solution to equip conventional CDN solutions with security protection capabilities to cope with large-scale DDoS attacks.

Protect against Web Crawlers with Alibaba Cloud's Anti-Bot Service

Alibaba Cloud Anti-Bot Service is an advanced anti-bot protection service that reduces the effect of automated attacks on your website.

How China Is Different (Part 3) – Security and Compliance

This article provides a brief insight into doing business in China and discusses how you should navigate through China's unique security and compliance policies.

ProtonMiner Gains Momentum via Expanded Attack Surface

The post provides a detailed analysis of ProtonMiner, a new cryptocurrency miner hijacker discovered by Alibaba Cloud, and security recommendations to avoid it.

How to Install ConfigServer Firewall (CSF) on Ubuntu 16.04

In this tutorial, we will install and configure ConfigServer Firewall (CSF) on an Alibaba Cloud ECS with Ubuntu 16.04.

New Vulnerability Found in the Decade-Old phpCMS 2008 Can Lead to Fresh WebShell Attacks

This article describes Alibaba Cloud Security's discovery of the web shell vulnerability in phpCMS 2008 content management system, still in use to manage many websites today.

Fighting an Endless War with Crawlers

What is crawling and how does it affect your organization? Learn about Alibaba Cloud Security Team's approach to cope with crawlers and other advanced "anti-anti-crawler" technologies.

Keeping Your Data Secure with Web Application Firewall

According to the 2016 Verizon Data Breach Investigations Report, 81.10% of network attackers can successfully intrude another computer within one minute.

Protecting Websites through Semantics-Based Malware Detection

Malware detection is a fundamental feature of web security for most websites. Alibaba Cloud has released a web application firewall (WAF) equipped with a semantically intelligent detection engine.

How to defend against a database hit attack in 10 minutes or less

Alibaba Cloud Security team has detected more and more database hit attacks recently. As Big Data sees more and broader application, it would be foolish to discount the significance of these attacks.

The Evolution of Security – Web Application Firewall

A firewall is a system that logically sits between one or more computers and their connection to the Internet.

Stopping the Bots With Alibaba Cloud Web Application Firewall

The Internet as we know it today, which has its roots in the defense industry, was never designed to be secure.