The following website security guidelines are appropriate for all BluellaDNS customers.
- Make sure you are seeing original visitor IP addresses in your logs.
- Remove all DNS records you are not using.
- Use separate server to run email services.
- Customize/modify the challenge page.
- Two-factor authentication is recommended on web application login page.
- Block Bot Access to restrict clients (search bot, crawler, etc.) from visiting the site.
- Block Countries to restrict traffic based on geo-location of the visitor, it can be deployed based on: URL, IP, Country, Client app ID.
- Block ULs to restrict traffic to specific resources, it can be deployed based on: URL, IP, Country, Client app ID.
- Block IPs to restrict traffic to specific resources, it can be deployed based on: URL, IP, Country, Client app ID.
- Whitelist Specific IP sources, where the IPs are trusted and considered to be safe.
- Recommended to separate URLs between wildcard exceptions and exceptions for exact paths.
- Avoid Generic Sub-domain Names, for example if you are using a subdomain to establish FTP connection you should avoid the obvious choice of ftp.mydomain.com instead, go with something more secure and unique like 8secureftp.mydomain.com.
- Lock Down Sensitive Data, systems and server logs (phpinfo, for example) might be publicly accessible.
Refer page FAQ to learn about Most Common Questions.