Faq

Frequently asked questions

How to get started, how I will be charged, how to use the dashboard? For more detailed FAQ please visit the Cloudbric Help Center at: https://cloudbric.zendesk.com/hc/en-us/

Step 1: Create an Account

Go to waf.evolink.com and press the Get Started button. Don’t worry about the paid plans as all users start with free access until you reach 4GB of traffic in the same month.

4GB is equal to about 1,000 visitors if you have minimal graphics (think 1-2), or about 2-300 if you have moderate graphics (think a typical blog). We’ll let you know if you’ve reached 4GB, and you can decide whether to continue using our service or not before being charged.

 

You’ll receive an e-mail in your inbox asking for confirmation of the account. Don’t forget to click the link!

Step 2: Add Your Website

Once you’ve signed up, you’ll see a page that asks you to add your website. Simply type in the domain of your website – for example, yourwebsite.com.

Step 3: Choose Your Cloudbric Server

You’ll be asked to choose a Cloudbric server. CHOOSE SOFIA! If you prefer to use another IDC you will be charged at the general  Cloudbric pricing terms, avaialble at www.cloudbric.com.

Simply click on Sofia the select.

Step 4: Choose Your Website's SSL Status

You'll be asked if your website has an SSL certificate or not. If you aren't sure, you may visit here to check your website's SSL status. Once you've clicked NO/YES, then click ‘Next.’

Step 5: Update Your DNS Information 1. Name Servers 2. DNS Records (A-record & CNAME)

Updating your DNS information is important.

You’ll now see the page above. Simply log-in to the domain's registrar account of your website (this isn’t Cloubric, but your website host, such as GoDaddy or Superhosting), and find the ‘Settings’ page. There you will be able to see information about your website such as what ‘DNS’ your website points to, along with other information such as A-records.

Simply replace the ones you see to the ones shown on our site above. If you plan to change name servers, then make sure you see four name servers by the time you’re done. Also, add all missing records. But if you plan to change A-record and CNAME only, then make sure you change yourwebsite.com (A-record) and www.yourwebsite.com (CNAME) DNS records only.

And that’s it! All you need to do is sit back and relax while Evolink takes care of the rest!

If you log into your own dashboard, you can see which types of attacks attempted to attack your website by month. Just filter the dates that you want to analyze, and you can see your total website visits compared to the attempted hack attacks.

In the below example, you can see that this month, there were a variety of hack attacks attacking this website (Include Injection, Cross Site Scripting, Identity Theft, etc).

However, what exactly are these web attacks and their risks? Below, you can find the purposes associated to each of the attacks that your website was protected against as well as their implications.

Types of Web Attacks and Their Purposes and Implications

Buffer OverflowTriggers server overrun by excessive data input beyond its capacity.
SQL InjectionInserts malicious SQL queries in a website in order to access unauthorized data in a database.
Cross Site ScriptingRedirects visitors to phishing sites or extracts their information by malicious code insertion in a web server.
Stealth CommandingInvolves code execution, which can allow a hacker to take over the server.
Error ExposureIntentionally causes server-side errors in order to investigate server information.
Directory ListingAttempts to disclose directory structure in a server.
Abnormal Request HeaderDiscloses server information or causes server-side error by sending abnormal request headers.
Unicode Directory TraversalTries to move to a higher directory through unicode vulnerability.
Abnormal Request MethodPotentially shuts down the server by sending abnormal request methods.
Access to Abnormal File ExtensionTries to upload a file with suspicious file extensions.
Invalid URICould cause error by requesting an abnormal URI to the server.
Abnormal Response HeaderExposes web server data due to attacks focusing on information included in HTTP Response.
Identity TheftExtracts sensitive data in a server.
Notorious Attack PatternMalicious attack pattern requests identified by Cloudbric.
Invalid HTTPCauses an error by sending an abnormal HTTP request form.
Include InjectionRedirects visitors to other unrequested sites by inserting malicious code in the server.
Malware UploadTries to upload malware onto a server.
HTTP DoSContinuously sends abnormal requests to cause server malfunction.
Parameter TamperingSends parameter values that were not originally requested by the web server or manipulates parameters sent from the web server.
Cookie PoisoningModifies cookie settings of web visitors.
Privacy File TheftSteals sensitive information found in private files.
Privacy UploadUploads sensitive information files to a web server.
Suspicious AccessContinuously sends abnormal requests.
URI Access ControlAttempts to gain access to certain URIs and files.
Website DefacementAttempts to deface or vandalize a website.
Improper ContentsSends improper strings/contents to the server.

Evolink WAF detects and constantly monitors these suspicious activities and blocks all malicious attacks.

When does Evolink WAF accept payments?

Evolink sends out invoice on the 1st day of the month and accepts payment on the 5th day of the month. But if the payment wasn't successfully processed, then we will send out another e-mail to check card balance and/or card expiration date.

How does Evolink accept payments?

Evolink uses PayPal to accept payments. When traffic of your websites reach 4GB, we will send an alert e-mail with a payment request form. We will ask you to fill out PayPal Automatic Billing Form.

If you do not fill out the form within the deadline, we will change your websites to bypass mode. Bypass mode means that there will be no security detection. After 3 days of bypass mode, your websites will be deleted from Evolink WAF.

If you wish to pay by bank transfer, please notify our billing department at billing@evolink.com.

EVOLINK WAF SERVICE LEVEL AGREEMENT (“SLA”) is incorporated into the EVOLINK WAF Service Agreement (“SA”) and applicable separately to each account using Services. Unless otherwise provided herein, this SLA is subject to the terms of the SA and capitalized terms will have the meaning specified in the SA. EVOLINK reserves the right to change the terms of this SLA in accordance with the SA.

This SLA does not apply to the availability of Third Party Services. The SLA is binding only on the Customer and EVOLINK and does not apply to any third parties.

The issuance of SLA Credits defined below is the sole and exclusive remedy of Customer and EVOLINK’s sole and exclusive obligation, for any failure by EVOLINK to satisfy the requirements set forth in this SLA.

The terms and conditions of this SLA is not applicable to any and all Services delivered to Customer by EVOLINK during the Beta Period.

 

DEFINITIONS

“Applicable Monthly Service Fees” means the total fees paid by Customer for the Services that are applied to the month in which a Service Credit is owed.

“Customer Minutes” means the total number of minutes in a month.

“Loss of Services” means a period during all continual WEB requests for the Customer’s Server specified in the Profile that are made throughout the minute to do not result in a valid Web Response within [five (5) continuous minutes] excluding unavailability of the Services due to limitations describe in SLA CREDIT EXCLUSION below.

“Service Credit” is the percentage of the Applicable Monthly Service Fees credited to Customer subject to EVOLINK’s APPROVED PROCEDURE below.

“Service Level” means the performance metric(s) set forth in this SLA that EVOLINK agrees to meet in the delivery of Services, e.g., monthly availability.

“Verified Outage” means Loss of Services that has been verified by EVOLINK using its monitoring logs of accessibility to the Services during any given month.

“Valid Web Response” means a WEB response, received from at least one of the EVOLINK WAF virtual machine, to a Web request for the domain name specified for a given EVOLINK WAF Profile.

EVOLINK WAF Profile” or “Profile” refers to a deployment of the EVOLINK WAF service created by Customer containing a domain name, IP Address, and other configuration settings, as represented in the EVOLINK WAF Website.

SERVICE LEVEL COMMITMENT

The “Monthly Availability Percentage” for the Services is calculated by the following formula:

Monthly Availability Percentage = 100 x (Customer Minutes - Verified Outage) / Customer Minutes 

If the Monthly Availability Percentage falls below 99.95% for any given month, Customer may be eligible for the Service Credit pursuant to EXHIBIT A.

The Service Credits awarded in any billing month shall not, under any circumstance, exceed Customer’s monthly Service fees for that billing month.

 

APPROVED PROCEDURE

Customer is eligible to receive SLA Credit, subject to the following process:

  • Customer will report Loss of Services to EVOLINK through the EVOLINK WAF Website. The report must include Service type, IP Address, dates and times, error messages received if any, contact information, and full description of the interruption of Service.
  • To receive an SLA Credit, Customer must submit a report of Loss of Services to the EVOLINK WAF Website within [seven (7) days] from occurrence of Loss of Services.
  • EVOLINK will review Loss of Services.
  • EVOLINK’s evaluation of SLA Credits is final and binding.
  • Customer agrees to pay all invoices in full while Loss of Services is being reviewed or SLA Credit is being determined.
  • EVOLINK will communicate the SLA Credits to Customer and apply such SLA Credits to the Customer’s future invoice for the relevant Services subject to EVOLINK’s standard policies.

 

INELIGIBLE CUSTOMER

Customer who, at the time of the report of Loss of Services, is not current on its payment of the fees for the Services do not qualify for SLA Credits for such Loss of Services. In addition, Customer who has not paid fees when due for the Services three or more times in the previous twelve calendar months do not qualify for SLA Credits.

 

USE OF SLA CREDITS

The SLA Credits may not be sold or transferred to other parties. False or duplicative claims by Customer shall be deemed as a violation of the SA and may, at EVOLINK’s sole discretion, result in a suspension of the Services. SLA Credits shall expire on the termination or expiration of the SA.

SLA CREDIT EXCLUSION

This SLA and any applicable Service Levels do not apply to any performance or availability issues:

Service Credits do not apply for periods during which the Services are not available for the following reasons:

  • EVOLINK or its third party service providers performing system upgrades, enhancements and routine maintenance activities which are announced on the EVOLINK WAF Website [upon two (2) days advance notice] or for maintenance determined by EVOLINK to be an emergency upon notice provided through the [EVOLINK WAF Website] (“Scheduled Maintenance”);
  • Any unscheduled maintenance initiated by EVOLINK (“Unscheduled Maintenance”);
  • Customer use of the Services in violation of the SA;
  • Issues relating to the Customer Content;
  • Problems with Customer’s access to Internet;
  • System administration, commands, file transfers performed by Customer representatives;
  • Events described in the Force Majeure provision in the SA;
  • Suspension of Customer’s access to the Services or blocking to Customer’s site as provided in the SA;
  • Violation of the AUP;
  • Problems caused by Customer’s use of the Services as a result of not following EVOLINK's modification advisement;
  • Problems arising from Customer’s or any third party’s software, hardware, or other technology or equipment;
  • Bypass by Customer as provided in the SA.

EXHIBIT A EVOLINK WAF Service Commitments and Service Credits

Monthly Availability Percentage

Service Credit Percentage

< 99.95% but >= 99%

10 %

< 99%

30 %