Blog

Be the (Web) Master of your own (Secret) Domain

We are very pleased to announce that all websites signing up for DDoS protection with Deflect will now receive an authenticated password giving them easy access to their admin panel without having to reconfigure settings on their host server.

In the past, our practice has always been to set up a special secret login address which we would send to each site (known as a nocache address) and webmasters would then have to configure their servers to respond accordingly whenever they needed to access their admin page (as detailed in Step 5 of the Walkthrough on our wiki)

We did this to avoid any problems with the admin panel itself being cached. In such circumstances, any changes in content made to the website would be subject to the caching process rather than take effect immediately, thus affecting the user experience.

The problem has been solved by tweaking our detection software to distinguish between legitimate users and attackers – just as it does with traffic to the public website – by checking that the authenticated password and authenticated cookie match up whenever a request is made to log in. If everything does match up, the user gets access to the admin panel and any changes made take effect immediately rather than being affected by the caching procedure. Unauthenticated users will be blocked.

We are in the process of offering current Deflect users the opportunity to switch to the authenticated password system.

In the previous procedure, hiding the URL added an extra layer of security for the site since it made it much more difficult for hackers to guess the address (…/admin , /login etc) and brute force their way in using password-cracking software. Of course it is good practice to keep a secret URL address to increase security by one more layer, so we will always provide the option for new users to change their admin URL from the default address to a secret one.

Today’s announcement marks another stage in our goal to simplify every step of the Deflect signup procedure. Below is a preview of the new Dashboard, the first thing you will see after signing up and receiving your login details. Notice the magnificently reduced steps involved in becoming a full Deflectee.

new_setup_screen_1

Coming very soon!

Related Posts

np1sec challenge

The challenge involve partially implementing some of our XMPP test client event handlers...

Deflect Stats July 2016

From what we can conclude from our statistics, during the month of July bot controllers...