Frequently asked questions
How to get started, how I will be charged, how to use the dashboard? For more detailed FAQ please visit the Cloudbric Help Center at: https://cloudbric.zendesk.com/hc/en-us/
Step 1: Create an Account
Go to waf.evolink.com and press the Get Started button. Fill in the form for a free trial.
Your account will be activated within one work day and you will receive all necessary details by email.
Follow the link to the dashboard of the service.
Step 2: Add Your Website
Once you’ve signed up, you’ll see a page that asks you to add your website. Simply type in the domain of your website – for example, yourwebsite.com.
Step 3: Choose Your Cloudbric Server
You’ll be asked to choose a Cloudbric server. CHOOSE SOFIA!
Simply click on Sofia the select.
Step 4: Choose Your Website's SSL Status
You'll be asked if your website has an SSL certificate or not. If you aren't sure, you may visit here to check your website's SSL status. Once you've clicked NO/YES, then click ‘Next.’
Step 5: Update Your DNS Information 1. Name Servers 2. DNS Records (A-record & CNAME)
Updating your DNS information is important.
You’ll now see the page above. Simply log-in to the domain's registrar account of your website (this isn’t Cloubric, but your website host, such as GoDaddy or Superhosting), and find the ‘Settings’ page. There you will be able to see information about your website such as what ‘DNS’ your website points to, along with other information such as A-records.
Replace the ones you see to the ones shown on our site above. If you plan to change name servers, then make sure you see four name servers by the time you’re done. Also, add all missing records. But if you plan to change A-record and CNAME only, then make sure you change yourwebsite.com (A-record) and www.yourwebsite.com (CNAME) DNS records only.
And that’s it! All you need to do is sit back and relax while Evolink takes care of the rest!
If you log into your own dashboard, you can see which types of attacks attempted to attack your website by month. Just filter the dates that you want to analyze, and you can see your total website visits compared to the attempted hack attacks.
In the below example, you can see that this month, there were a variety of hack attacks attacking this website (Include Injection, Cross Site Scripting, Identity Theft, etc).
However, what exactly are these web attacks and their risks? Below, you can find the purposes associated to each of the attacks that your website was protected against as well as their implications.
Types of Web Attacks and Their Purposes and Implications
| Buffer Overflow | Triggers server overrun by excessive data input beyond its capacity. |
| SQL Injection | Inserts malicious SQL queries in a website in order to access unauthorized data in a database. |
| Cross Site Scripting | Redirects visitors to phishing sites or extracts their information by malicious code insertion in a web server. |
| Stealth Commanding | Involves code execution, which can allow a hacker to take over the server. |
| Error Exposure | Intentionally causes server-side errors in order to investigate server information. |
| Directory Listing | Attempts to disclose directory structure in a server. |
| Abnormal Request Header | Discloses server information or causes server-side error by sending abnormal request headers. |
| Unicode Directory Traversal | Tries to move to a higher directory through unicode vulnerability. |
| Abnormal Request Method | Potentially shuts down the server by sending abnormal request methods. |
| Access to Abnormal File Extension | Tries to upload a file with suspicious file extensions. |
| Invalid URI | Could cause error by requesting an abnormal URI to the server. |
| Abnormal Response Header | Exposes web server data due to attacks focusing on information included in HTTP Response. |
| Identity Theft | Extracts sensitive data in a server. |
| Notorious Attack Pattern | Malicious attack pattern requests identified by Cloudbric. |
| Invalid HTTP | Causes an error by sending an abnormal HTTP request form. |
| Include Injection | Redirects visitors to other unrequested sites by inserting malicious code in the server. |
| Malware Upload | Tries to upload malware onto a server. |
| HTTP DoS | Continuously sends abnormal requests to cause server malfunction. |
| Parameter Tampering | Sends parameter values that were not originally requested by the web server or manipulates parameters sent from the web server. |
| Cookie Poisoning | Modifies cookie settings of web visitors. |
| Privacy File Theft | Steals sensitive information found in private files. |
| Privacy Upload | Uploads sensitive information files to a web server. |
| Suspicious Access | Continuously sends abnormal requests. |
| URI Access Control | Attempts to gain access to certain URIs and files. |
| Website Defacement | Attempts to deface or vandalize a website. |
| Improper Contents | Sends improper strings/contents to the server. |
Evolink WAF detects and constantly monitors these suspicious activities and blocks all malicious attacks.
When does Evolink WAF accept payments?
Evolink sends out invoice on the 1st day of the month and accepts payment on the 5th day of the month. But if the payment wasn't successfully processed, then we will send out another e-mail to check card balance and/or card expiration date.
How does Evolink accept payments?
Evolink accepts PayPal and bank transfer. When the free trial is over we will contact you with a proposal for a pricing plan that fits best the traffic of your websites.
If you do not receive payment on time, we will change your websites to bypass mode. Bypass mode means that there will be no protection. After 3 days of bypass mode, your websites will be deleted from Evolink WAF.
EVOLINK WAF SERVICE LEVEL AGREEMENT (“SLA”) is incorporated into the EVOLINK WAF Service Agreement (“SA”) and applicable separately to each account using Services. Unless otherwise provided herein, this SLA is subject to the terms of the SA and capitalized terms will have the meaning specified in the SA. EVOLINK reserves the right to change the terms of this SLA in accordance with the SA.
This SLA does not apply to the availability of Third Party Services. The SLA is binding only on the Customer and EVOLINK and does not apply to any third parties.
The issuance of SLA Credits defined below is the sole and exclusive remedy of Customer and EVOLINK’s sole and exclusive obligation, for any failure by EVOLINK to satisfy the requirements set forth in this SLA.
The terms and conditions of this SLA is not applicable to any and all Services delivered to Customer by EVOLINK during the Beta Period.
DEFINITIONS
“Applicable Monthly Service Fees” means the total fees paid by Customer for the Services that are applied to the month in which a Service Credit is owed.
“Customer Minutes” means the total number of minutes in a month.
“Loss of Services” means a period during all continual WEB requests for the Customer’s Server specified in the Profile that are made throughout the minute to do not result in a valid Web Response within [five (5) continuous minutes] excluding unavailability of the Services due to limitations describe in SLA CREDIT EXCLUSION below.
“Service Credit” is the percentage of the Applicable Monthly Service Fees credited to Customer subject to EVOLINK’s APPROVED PROCEDURE below.
“Service Level” means the performance metric(s) set forth in this SLA that EVOLINK agrees to meet in the delivery of Services, e.g., monthly availability.
“Verified Outage” means Loss of Services that has been verified by EVOLINK using its monitoring logs of accessibility to the Services during any given month.
“Valid Web Response” means a WEB response, received from at least one of the EVOLINK WAF virtual machine, to a Web request for the domain name specified for a given EVOLINK WAF Profile.
“EVOLINK WAF Profile” or “Profile” refers to a deployment of the EVOLINK WAF service created by Customer containing a domain name, IP Address, and other configuration settings, as represented in the EVOLINK WAF Website.
SERVICE LEVEL COMMITMENT
The “Monthly Availability Percentage” for the Services is calculated by the following formula:
Monthly Availability Percentage = 100 x (Customer Minutes - Verified Outage) / Customer Minutes
If the Monthly Availability Percentage falls below 99.95% for any given month, Customer may be eligible for the Service Credit pursuant to EXHIBIT A.
The Service Credits awarded in any billing month shall not, under any circumstance, exceed Customer’s monthly Service fees for that billing month.
APPROVED PROCEDURE
Customer is eligible to receive SLA Credit, subject to the following process:
- Customer will report Loss of Services to EVOLINK at waf@evolink.com. The report must include Service type, IP Address, dates and times, error messages received if any, contact information, and full description of the interruption of Service.
- To receive an SLA Credit, Customer must submit a report of Loss of Services to the EVOLINK WAF Website within [seven (7) days] from occurrence of Loss of Services.
- EVOLINK will review Loss of Services.
- EVOLINK’s evaluation of SLA Credits is final and binding.
- Customer agrees to pay all invoices in full while Loss of Services is being reviewed or SLA Credit is being determined.
- EVOLINK will communicate the SLA Credits to Customer and apply such SLA Credits to the Customer’s future invoice for the relevant Services subject to EVOLINK’s standard policies.
INELIGIBLE CUSTOMER
Customer who, at the time of the report of Loss of Services, is not current on its payment of the fees for the Services do not qualify for SLA Credits for such Loss of Services. In addition, Customer who has not paid fees when due for the Services three or more times in the previous twelve calendar months do not qualify for SLA Credits.
USE OF SLA CREDITS
The SLA Credits may not be sold or transferred to other parties. False or duplicative claims by Customer shall be deemed as a violation of the SA and may, at EVOLINK’s sole discretion, result in a suspension of the Services. SLA Credits shall expire on the termination or expiration of the SA.
SLA CREDIT EXCLUSION
This SLA and any applicable Service Levels do not apply to any performance or availability issues:
Service Credits do not apply for periods during which the Services are not available for the following reasons:
- EVOLINK or its third party service providers performing system upgrades, enhancements and routine maintenance activities which are announced on the EVOLINK WAF Website [upon two (2) days advance notice] or for maintenance determined by EVOLINK to be an emergency upon notice provided through the [EVOLINK WAF Website] (“Scheduled Maintenance”);
- Any unscheduled maintenance initiated by EVOLINK (“Unscheduled Maintenance”);
- Customer use of the Services in violation of the SA;
- Issues relating to the Customer Content;
- Problems with Customer’s access to Internet;
- System administration, commands, file transfers performed by Customer representatives;
- Events described in the Force Majeure provision in the SA;
- Suspension of Customer’s access to the Services or blocking to Customer’s site as provided in the SA;
- Violation of the AUP;
- Problems caused by Customer’s use of the Services as a result of not following EVOLINK's modification advisement;
- Problems arising from Customer’s or any third party’s software, hardware, or other technology or equipment;
- Bypass by Customer as provided in the SA.
EXHIBIT A EVOLINK WAF Service Commitments and Service Credits
Monthly Availability Percentage | Service Credit Percentage |
< 99.95% but >= 99% | 10 % |
< 99% | 30 % |
