How to minimize damages, if your CDN has been hacked?

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

If you already use a CDN (content delivery network), you know that this is a highly valuable service that allows speeding up delivery of all static content (images, scripts and JavaScript). CDN providers render large networks of servers scattered around the world which helps to decrease the distance between server and user and make up for faster connection.

Unfortunately, content delivery networks are not failure-proof, and attacks or hacking take place here and there. Attackers have learnt to change content and intercept user credentials with hacked CDNs, and this is a crucial question that hasn’t been exposed to the spotlight much. Today we will discuss how to configure your website to minimize possible damage, if a CDN network has been hacked.

Advantages of using CDN service

CDN network can be beneficial for both minor and large-scale websites. It boosts loading for customers, decreases loading on your server and often helps to save money. Major advantages of CDNs can be summarized in the following points:

  • Closer physical location of server to end-users and faster response times.
  • When popular scripts are being loaded from the biggest CDNs, they are likely to have already been cached in user’s web browser.
  • In case of traffic spikes, CDN service can be instantly scaled up to handle the load.

It goes without mentioning affordable cost of CDN solutions. If a few years ago CDNs were available for big sites only, now even minor personal blogs can easily implement this service. There are many free and cheap solutions on the market.

Downsides and problems with CDN

If a CDN goes malicious, or is hacked from the outside, it’s a big problem. Since CDN services are controlled by scripts executed on the website, all content can be easily modified, and sensitive user data may also become visible. Keep in mind that CDN should be trusted just like you trust your own server.

Therefore, before you resolve to order this or that CDN network solution, ask yourself whether it’s trustworthy. You can contact with other users and read reviews to determine the reliability of possible variants.

What if the CDN gets hacked?

As any other Internet service, CDN can be hacked. Make sure that provider’s team knows security. You can either check their reputation online, or contact them and ask how to they handle security issues and establish protection. It’s more important than you think, because if a CDN breaks down, all content stored on edge servers will become inaccessible. It goes without mentioning the fact that your visitors’ personal information and your data can be easily compromised.

Solutions

You can simply hope that disasters will come by, or you can take measures to prevent hacking. There’s an old trick to ensure privacy. Buy an additional domain: it will cost you as low as $10/year. Store content on both sites – the data will be easily separated. It applies to cookies, personal data and limits the exposure to client-side attacks such as XSS.

Integrity attribute can be included in script-tags that figure out the hash of a received script. This way you won’t mind if CDN tries to change the content, of if it’s hacked and someone tries to replace the script. If the script does not match the hash in user’s browser, it will simply be rejected.

Pay attention that files with the word “latest” and files without a version number are updated regularly. In this case, you cannot leverage the above-mentioned method, so you should find a specific version instead.

When you use the integrity attribute, it’s also necessary to implement crossorigin attribute by adding crossorigin=”anonymous” in the script-tag. It will stop sending of credentials along with the request, e.g. no cookies and no basic authentication will be sent.

When a CDN network decides to change the script for this or that reason, it’s good to still have your website functioning. To ensure normal work of your project, you should implement a backup solution. Then you will check whether the included script from the CDN was fully loaded, and if not, you can just load it again, but this time from the server itself. This way, you will also prevent CDN being down for any other reason.

Vadim Kolchev

52 publications

Vadim has graduated from Moscow Institute of Entrepreneurship and Law as finance and credit specialist. Prior to starting to work in hosting business directly, he occupied various roles in several companies, including but not limited to banking sphere and sports. As of 2015 he works for INXY Holding, with SpaceCDN being a vital part of the hosting branch of its business. Being tech enthusiast, he has started writing articles about dedicated servers, CDN, storage solutions and other hosting services long ago, and since then accumulated a lot of experience and knowledge in the field. Building hosting sales and support departments from scratch has added even more experience and knowledge and allowed to see the business from the inside and build required expertise. Now Vadim is CPO and COO of a successful hosting business. Having several important interviews and publications at platforms such as Hosting Journalist and Forbes, he continues to share knowledge about this branch of technology that has become not only his job but also a passion.

Learn more about us
in social networks