Introducing cPGuard

Recently we’ve started to notice an uptrend in attacks on WordPress sites and brute-force attempts on other CMS’. This has resulted in higher than expected load on some web sites and servers. cPGuard is being progressively rolled out across Net Virtue’s hosting fleet to provide protection to customer web sites and applications.

WordPress and CMS Vulnerability fix
Protect your WordPress, Joomla and Drupal website from attacks and vulnerabilities.

Optimized ModSecurity rules
Rules for SQL injection, XSS, local and remote file include, file upload vulnerabilities, zero day attack, web shell executions

Generic Apache and PHP rules
Advanced filtering, security and intrusion protection for PHP websites and applications.

Real-time Intrusion protection
Protect your web applications effectively against malwares, botnets and hacker attacks at all times.

Smart Antivirus
Detect and block viruses, malware, spyware, redirects and symlinks before they affect your web site.

Captcha Protection

We protect your CMS and website login pages from bad bots, brute-force and dos attacks. All requests to wp-admin and other CMS or custom web app login pages are intercepted and forwarded to robust captcha servers where requests are screened for bots and automated scripts. All valid human requests are automatically redirected to the user requested login page after verification. Our algorithms analyse multiple failed attempts and add the IP to our real-time blacklist which further helps reduce server load caused by these unwanted bad bots.


Q. Does cPGuard add anything to my files in order for Captcha to work?
A. No. In cPGuard the Captcha protection works at the ModSec [HTTP] level to detect the bad traffic and redirect to the Captcha page. There are two cases where the visitor will be forwarded to the Captcha page…

1. If the IP address exceeds the POST threshold:- If we detect an unusual amount of POST requests against WP/Joomla login page or XMLRPC, we will force the visitor to the Captcha page to ensure that the requester is not a bot. Once the Captcha is verified, the visitor’s IP address will be whitelisted in the system. If the IP address continuous to send the traffic without verifying the Captcha, we will mark it as DoS attack and block the IP address in CSF if it is enabled.

2. If the IP address is listed in our central blacklist:- We analyze the traffic against certain URLs and constantly detect IP addresses sending traffic from web bot. From each server where cPGuard is installed, we collect such abusive IP addresses and add it to our central database with 30 days grace period. This list is shared across all the servers in the cPGuard network, which helps to prevent brute-force DDoS on the servers we protect. So whenever the traffic is received from an IP address which is marked as bad in our central database, the traffic will be redirected to verify Captcha to continue to the website.

Q. Does cPGuard actively protect my WordPress, Joomla or Drupal site?
A. Yes! The Web Application Firewall from cPGuard is based on Malware.Experts commercial rule set with in-house rules from cPGuard to prevent brute-force login attempts against WordPress and Joomla.

Q. Why did you install cPGuard?
A. Over the past 12 months we’ve been trialling various software packages. Some have performed better than others, and we feel cPGuard has made the most difference in terms of exploit prevention and detection on customer web sites.

Q. When will my server have cPGuard installed?
A. We are actively installing cPGuard on servers and intend to have the rollout of this completed by the end of March 2021.