Cloud Security - Secure your website

Overview

• miniOrange cloud security platform prevents and protects your website against Brute Force attack, Denial of Service (DOS) attack, phishing, malware, damage, unauthorized access and other online security threats.
• We protect information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to your hardware as well as protecting against harm that may come via network access, data and code injection and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Brute Force Protection

This protects your site from attacks which tries to gain access / login to a site with random usernames and passwords. A Brute Force Attack is the simplest kind of method to gain access to a website. Hackers tries with random usernames and passwords, over and over again, until they gets in. Most of the time such attacks are automated allowing the hackers to try millions of time in a short span.

We help you protect your website against brute force login attacks by blocking an IP address of the hacker after a specified limit of failed login attempts within a specified time.

Login security and monitoring - Limit login attempts and track user logins

miniOrange login security help you monitor login attempts from your users and hackers. We keep track of user’s login attempts and we send alerts to administrators for unusual activities if someone exceeds allowed failed login attempts.

Live Traffic Monitoring

With our platform you can monitor live traffic on your website. We categorize traffic into different categories like all hits, humans, registered users, crawlers, google crawlers etc. And also you can block traffic from particular category you want.

IP Blocking

IP address blocking prevents connection between a server or website and certain IP addresses or ranges of addresses. We provide you option for IP blocking which includes both automatic ( based on user behavior ) and manual IP blocking. It also includes blacklisting and whitelisting of IP addresses.

Advanced Blocking

With Advanced Blocking you can use to block users with different criterias like:

• Block access based on range of IP addresses
• Block access based on HostName(DNS)
• Block access based on user-agent(browser)
• Block access based on referer(user from a particular site)

Country Blocking

The majority of website attacks come from specific countries. If you have a website which gets inundated with SPAM or hacking attempts from visitors or bots originating from certain countries we can help you blocking those attempts. We give you an option to choose list of countries from which you want to block access to all your resources.

Comment spam filter and site spam check

We check if your website is generating SPAM to protect you website getting blocked by search engines. Also we help you to filter comments for malware and phishing urls.

Enforce Strong Passwords

We check for the passwords of your users against their strength. This helps to enhance security for their accounts as simple passwords can be phished or guessed easily.

2 Step Verification (Two Factor)

Rather than relying on a password alone, which can be phished or guessed, Two Factor authentication adds a second layer of security to your accounts. We support QR code, OTP over SMS and Email, Push, Soft token (15+ methods to choose from).



Features :

• You can login using only password OR password + two-factor
• All types of phones are supported Smart Phones (iPhone, Android, BlackBerry), Basic Phones, Landlines, etc.
• If your phone is lost or stolen or discharged, we offer alternate login methods like OTP Over Email and Security Questions (KBA).
• If your phone is offline, you can use a one time passcode generated by app to login.
• We support multiple authentication methods along with their backup method.
• We support Device Identification. If the user select remember device then in the next login from same device, user will not be prompted for Two Factor.
• It is very difficult to login into your site from mobile browser with second factor enabled. We provide you option that will convert any authentication method into Security Questions (KBA) on mobile browser.

Notifications

Get email alerts for unusual activities with you user accounts. If we notice any unusual activity like signing in from new location or new device we send email alert to user with device, IP and time information which can help him save access to his account from hackers.

We also support customized email templates which you can use for branding.

Reporting

Our advanced reporting help you keep track of activities on your website. Also you get the option for filtering reports with various criterias like username, IP address, date. Also you can export reports in csv and pdf.

htaccess website security protection

An htaccess file is an optional configuration file for the Apache web server to interpret, for each directory. We can store various settings in that file such as: password protect a directory, block IPs, block a file or folder from public access, etc.

miniOrange platform help you secure your website from unintended user with htaccess website security protection which blocks user request on server(apache) level.

Security Log

We keep logs of various activities which help you improve your security, find corrupted pages on your website, increase your performance etc.

Security logs includes :

• Logging Blocked IPs
• Logging Spammers, Bots
• Logging HTTP 404,403 and 400 requests.

Denial of Service (DOS) protection

Denial of Service (DoS) attacks against web sites occur when an attacker attempts to make the websites unavailable to serve up to legitimate visitors. These types of attacks are generally used against government sites or large corporations to disrupt their web presence.

We help you protect your resources from DOS attacks by slowing down attackers by delaying response and increasing delay in each of his requests and eventually blocking them entirely.

Verify Email

miniOrange email verification tool actually connects to the mail server of user registering and checks whether the mailbox exists or not. This decreases bounce rate from your email address and saves your email address getting blacklisted.

Block Registrations from Fake users

We helps you to detect suspicious email addresses instantly. Most of the users use disposable,fake or temporary email addresses for registering on online websites. We help you stop accepting registrations from those emails.

Honeypot

Honeypot consists of data (for example, in a network site) that appears to be a legitimate part of the site but is actually isolated and monitored, and that seems to contain information or a resource of value to attackers, which are then blocked. Just as honeypots are weapons against spammers, honeypot detection systems are spammer employed counter-weapons.

We use honeypot mechanism to keep unintended audience (attackers) away from valuable resources on your website.

Risk Based Access

• miniOrange Fraud Prevention product dynamically analyzes user requests and apply business security policies to application access which minimizes the risks of unauthorized access.
• miniOrange Fraud Prevention complements the existing traditional access controls by using contextual elements (e.g. device, location, time of access and user behavior) to allow for a more dynamic policy decision.

Advanced User Verification

OTP Verification plugin verifies Email Address/Mobile Number of users by sending verification code(OTP) during registration. It removes the possibility of a user registering with fake Email Address/Mobile Number. This plugin checks the existence of the Email Address/Mobile Number and the ability of a user to access that Email Address/Mobile Number.

Social Login Integration

Social Login allows your visitors to choose from their favourite social login apps to login, comment, share and optionally auto-register with your website or blog. One-click login to your website using social login applications like Google, Twitter, Facebook, Vkontakte, LinkedIn, Instagram, Amazon, Salesforce, Windows Live. Easy integration with your website with options to add Social login on login page, registration page and comments section.