Kingsoft Cloud Host Security (KHS) provides server and website protection, as well as various detection measures to improve the security. The proactive defense engine prevents against all kinds of script attacks in real time to ensure website security. The unique anti-attack algorithm protects KEC instances from traffic attacks. The comprehensive webshell detection mechanism effectively prevents more than 50 types of common Trojans.
- Weak system password: Checks whether there is a weak password in the system.
- Weak database password: Checks whether there is a weak password in the database. Only MySQL is supported now.
- Database privilege: Checks whether the database account is started as the system user to avoid the manipulation due to too high privilege. Only MySQL is supported now.
- Brute-force attack: Protects KEC instances from remote desktop login and FTP brute-force attacks. The default interval is 12 seconds, and default number of login attempts is 10. If 10 login attempts fail within 12 seconds, an alert is triggered.
- Webshell protection: Checks whether the system has a webpage backdoor and intercepts webshell upload.
- Server vulnerability: Checks whether the system has high-risk vulnerability, and fixes the vulnerability once it is found. Only Windows operating systems are supported.
- Web application vulnerability attack: The proactive defense engine detects SQL injection and XSS attacks in real time.
- Virus detection: Detects whether there is virus on the server.
- CC attack prevention: The unique anti-attack algorithm effectively prevents CC attacks and various types of traffic attacks. Only Windows operating systems are supported.
After the server security client is installed, you can use these server security protection features without the need of any other operation. However, the security features and settings are only supported on the old version of the console at present.
The server security client will involve the following changes to your system files (Linux system).
- If it is found that you are involved in brute-force attacks, the IP address will be automatically added to /etc/hosts.deny.
- The client will change the MaxAuthTries parameter in the /etc/ssh/sshd_config file to 5. If your attempts to log in to the server through SSH with the same IP address fail for five times, this behavior will be treated as brute-force attacks, and this IP address will be prohibited from logging in to the server again.