SlideShare una empresa de Scribd logo

Website Attacks and Hacks

Descargar como DOCX, PDF
ClickTecs
ClickTecs

You’ve just had a brand new website built for your business, and before you know it you are getting a warning from Google that your website has been hacked.

Tecnología
1 de 4
Website Attacks and Hacks Imagine the following scenario: You’ve just had a brand new website built for your business, and before you know it you are getting a warning from Google that your website has been hacked. It would, undoubtedly, evoke anger towards the pests that are hacking your site, and resentment towards the guys who built your site and, in your mind, didn’t put the measures in place to avoid this from happening! We have, on numerous occasions, come across “Virus Attacks” or “Hacks” as they are sometimes called. They commonly occur in Open Source Websites & are one of the few risks that come with using Open Source platforms. While your IT Team should be able to fix this predicament in almost all cases they have very little to do with the originating problem (i.e. equipping the site against these types of attacks). In general, a Google warning is the first notification of such a problem to them, as well as to you. What is at Risk? The most common reason for a website hack in the case of a small to medium scale website is link- farming for SEO gains. Moreover, Hackers go after E-commerce sites for customer & possibly credit card data. Email addresses of customers are also up there in the list of things hackers are after. How it Works? There are two common ways that hacks occur. Of course, there are many other types of hacks as well but these two are the most common in small to medium sized websites: 1) SQL Injection In this way, the hacker is very familiar with the database schema (or data model) of the site and creates a script that enters malicious code directly into the database table that carries the page content.
SQL Injection can occur in most open source platforms because open source systems database schemas are common public knowledge. In Hosted platforms the risk of SQL injections is close to negligible as the databases are well protected & use connection methods / models known only to the company that runs the platform Cleaning a SQL injection means searching the database and removing the code, which at times can cause service disruptions, layouts or breaks in website functionality? 2) File System Infection In this way a hacker enters via an FTP or other channel for server vulnerability and actually modifies the source code files in order to place malicious code into the system This type of hack is very tough to fix because the scripting can be intelligent, spread quickly and continue to replicate even after clean-ups. Sometimes hackers will plant “receptor” scripts that go undetected and look very normal until they connect to the hackers’ own servers and pull down malicious code. Cleaning this hack means effectively looking at each file individually and systematically cleaning up the code. Your IT team can undertake a mass “Find & Replace” approach to clean the code if they are able to locate the malicious code, but shortcuts almost always mean that they will miss out the “receptor” script that is infecting the files. This effort is extensive and can involve various elements: Your base WordPress install version 3.0.1 has 756 Files! Version 3.4 has 1400+ files! Your Joomla 2.5 install has 6000+ files with a standard set of components & plugins! Sometimes clean up can also affect the functionality of the site or layouts, which result in a lot of lost productivity to the site How do we fix it? While your IT team doesn’t bear the responsibility for the hacking, which is, in many cases, hard to predict and potentially unavoidable, there are certain measures that can be taken to prevent it from happening (please see details in the next paragraph). For starters, the password selection for the Admin panel or FTP must be as hard to detect as possible. Once the hacking has taken place you will have to work with a very skilled System Administrator and a Programmer (both skills are a must) to clean the infected website and reestablish functionality. Once this action has been completed, the site must be re-submitted to Google as there are high chances that Google still has it detected as an “infected” site. How do we prevent hacking from happening in the first place?
There are many things that can be done at the website production stage to prevent- or at least reduce – the risks. Your IT team can use a non-standard data model in with a regular CMS module – This can be a fairly expensive solution and will need a talented developer to execute. The cost, however, may be prohibitive. Upgrade to the latest version of your platform. This may also be a costly affair depending on how much customization has been done to your website. Most platform providers will release security updates frequently because they are familiar with the common threats against their platform Use secure passwords and change them frequently. Use combinations of upper case, lower case, numbers and special characters, and make your passwords at least 8-10 characters long. NOTE: numbers-only passwords are the easiest to hack Try not to send out passwords by email, send user names and use SMS / texting to send the passwords Invest in a dedicated server o Shared servers are very risky, mostly because you don’t know who your neighbors are and you are sharing everything with them. Potentially you could be on the same file system as a highly infected site and the virus will spread very easily to your site. In such cases your IT Team cleaning up the virus is completely wasting their time as they can’t clean the rest of the server, and it’s only a matter of time before the infection comes back o On Dedicated servers your IT Team will have access to the root file system and base modules so they can install a lot of tools & scripts to “harden” the server and secure it. This is not possible on shared servers o Dedicated servers are more expensive to own & maintain o Highly recommended: PaaS (Platform as a Service) hosting is the next generation of web hosting, which is highly secure o You can consider the use of Reverse proxies & other advanced security tools, a few of these are now available on a service basis (SaaS) Conclusion We recommend Dedicated Servers to our customers along with a proper security and support package to help prevent such problems. It is very difficult for any IT team to guarantee that hacking won’t happen, but we can certainly warn of contributing factors such as shared servers / weak passwords / outdated software, etc. and make recommendations for the best ways to prevent hacking from happening. http://clicktecs.com/
Website Attacks and Hacks

Recomendados

Freshwater Matters August2013
Freshwater Matters August2013Freshwater Matters August2013
Freshwater Matters August2013Lancaster University
 
Pta guide
Pta guidePta guide
Pta guideC.R. McLeod
 
Ecuaciones
EcuacionesEcuaciones
EcuacionesWill HA
 
2014 c-delaware (us compared) - rev 1.1
2014 c-delaware (us compared) - rev 1.12014 c-delaware (us compared) - rev 1.1
2014 c-delaware (us compared) - rev 1.1C.R. McLeod
 
Taller innovacion turistica #rumbo lanzarote con jimmy pons
Taller innovacion turistica #rumbo lanzarote con jimmy ponsTaller innovacion turistica #rumbo lanzarote con jimmy pons
Taller innovacion turistica #rumbo lanzarote con jimmy ponsEsther García
 
Autism: What is Autism?
Autism: What is Autism?Autism: What is Autism?
Autism: What is Autism?SnowPea Guh
 
Should I Ask?
Should I Ask?Should I Ask?
Should I Ask?owildman
 
Loving Avacados
Loving AvacadosLoving Avacados
Loving AvacadosSnowPea Guh
 

Recomendados

Freshwater Matters August2013
Freshwater Matters August2013Freshwater Matters August2013
Freshwater Matters August2013Lancaster University
 
Pta guide
Pta guidePta guide
Pta guideC.R. McLeod
 
Ecuaciones
EcuacionesEcuaciones
EcuacionesWill HA
 
2014 c-delaware (us compared) - rev 1.1
2014 c-delaware (us compared) - rev 1.12014 c-delaware (us compared) - rev 1.1
2014 c-delaware (us compared) - rev 1.1C.R. McLeod
 
Taller innovacion turistica #rumbo lanzarote con jimmy pons
Taller innovacion turistica #rumbo lanzarote con jimmy ponsTaller innovacion turistica #rumbo lanzarote con jimmy pons
Taller innovacion turistica #rumbo lanzarote con jimmy ponsEsther García
 
Autism: What is Autism?
Autism: What is Autism?Autism: What is Autism?
Autism: What is Autism?SnowPea Guh
 
Should I Ask?
Should I Ask?Should I Ask?
Should I Ask?owildman
 
Loving Avacados
Loving AvacadosLoving Avacados
Loving AvacadosSnowPea Guh
 
2470620 data-warehouse
2470620 data-warehouse2470620 data-warehouse
2470620 data-warehouseNagesh Khandare
 
Ngss implementation plan state of delaware
Ngss implementation plan state of delawareNgss implementation plan state of delaware
Ngss implementation plan state of delawareC.R. McLeod
 
MyRingCard #bigliettodavisitaelettronico
MyRingCard #bigliettodavisitaelettronicoMyRingCard #bigliettodavisitaelettronico
MyRingCard #bigliettodavisitaelettronicoFrancesco Pieragostini
 
Cibes lift's presentation at BIMobject LIVe 2014
Cibes lift's presentation at BIMobject LIVe 2014Cibes lift's presentation at BIMobject LIVe 2014
Cibes lift's presentation at BIMobject LIVe 2014BIMobject
 
Intervento renza luigi_contratto
Intervento renza luigi_contrattoIntervento renza luigi_contratto
Intervento renza luigi_contrattoRenza Cambini
 
February 2015 UK Commercial Bulletin
February 2015 UK Commercial BulletinFebruary 2015 UK Commercial Bulletin
February 2015 UK Commercial BulletinHML Ltd
 
Law of non resistance all stories
Law of non resistance all storiesLaw of non resistance all stories
Law of non resistance all storiesNeel Bajpai
 
Investigating_Prosecuting_and_Defending_Environmental_Crimes_What_You_Need_to...
Investigating_Prosecuting_and_Defending_Environmental_Crimes_What_You_Need_to...Investigating_Prosecuting_and_Defending_Environmental_Crimes_What_You_Need_to...
Investigating_Prosecuting_and_Defending_Environmental_Crimes_What_You_Need_to...Parsons Behle & Latimer
 
Harmony Ambassador Tour 2012
Harmony Ambassador Tour 2012Harmony Ambassador Tour 2012
Harmony Ambassador Tour 2012Harmony Family Center
 
Bluekens Presentatie Nw Opzet2012
Bluekens Presentatie Nw Opzet2012Bluekens Presentatie Nw Opzet2012
Bluekens Presentatie Nw Opzet2012Bluekens01
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Más contenido relacionado

Destacado

Ngss implementation plan state of delaware
Ngss implementation plan state of delawareNgss implementation plan state of delaware
Ngss implementation plan state of delawareC.R. McLeod
 
MyRingCard #bigliettodavisitaelettronico
MyRingCard #bigliettodavisitaelettronicoMyRingCard #bigliettodavisitaelettronico
MyRingCard #bigliettodavisitaelettronicoFrancesco Pieragostini
 
Cibes lift's presentation at BIMobject LIVe 2014
Cibes lift's presentation at BIMobject LIVe 2014Cibes lift's presentation at BIMobject LIVe 2014
Cibes lift's presentation at BIMobject LIVe 2014BIMobject
 
Intervento renza luigi_contratto
Intervento renza luigi_contrattoIntervento renza luigi_contratto
Intervento renza luigi_contrattoRenza Cambini
 
February 2015 UK Commercial Bulletin
February 2015 UK Commercial BulletinFebruary 2015 UK Commercial Bulletin
February 2015 UK Commercial BulletinHML Ltd
 
Law of non resistance all stories
Law of non resistance all storiesLaw of non resistance all stories
Law of non resistance all storiesNeel Bajpai
 
Investigating_Prosecuting_and_Defending_Environmental_Crimes_What_You_Need_to...
Investigating_Prosecuting_and_Defending_Environmental_Crimes_What_You_Need_to...Investigating_Prosecuting_and_Defending_Environmental_Crimes_What_You_Need_to...
Investigating_Prosecuting_and_Defending_Environmental_Crimes_What_You_Need_to...Parsons Behle & Latimer
 
Bluekens Presentatie Nw Opzet2012
Bluekens Presentatie Nw Opzet2012Bluekens Presentatie Nw Opzet2012
Bluekens Presentatie Nw Opzet2012Bluekens01
 

Destacado (10)

2470620 data-warehouse
2470620 data-warehouse2470620 data-warehouse
2470620 data-warehouse
 
Ngss implementation plan state of delaware
Ngss implementation plan state of delawareNgss implementation plan state of delaware
Ngss implementation plan state of delaware
 
MyRingCard #bigliettodavisitaelettronico
MyRingCard #bigliettodavisitaelettronicoMyRingCard #bigliettodavisitaelettronico
MyRingCard #bigliettodavisitaelettronico
 
Cibes lift's presentation at BIMobject LIVe 2014
Cibes lift's presentation at BIMobject LIVe 2014Cibes lift's presentation at BIMobject LIVe 2014
Cibes lift's presentation at BIMobject LIVe 2014
 
Intervento renza luigi_contratto
Intervento renza luigi_contrattoIntervento renza luigi_contratto
Intervento renza luigi_contratto
 
February 2015 UK Commercial Bulletin
February 2015 UK Commercial BulletinFebruary 2015 UK Commercial Bulletin
February 2015 UK Commercial Bulletin
 
Law of non resistance all stories
Law of non resistance all storiesLaw of non resistance all stories
Law of non resistance all stories
 
Investigating_Prosecuting_and_Defending_Environmental_Crimes_What_You_Need_to...
Investigating_Prosecuting_and_Defending_Environmental_Crimes_What_You_Need_to...Investigating_Prosecuting_and_Defending_Environmental_Crimes_What_You_Need_to...
Investigating_Prosecuting_and_Defending_Environmental_Crimes_What_You_Need_to...
 
Harmony Ambassador Tour 2012
Harmony Ambassador Tour 2012Harmony Ambassador Tour 2012
Harmony Ambassador Tour 2012
 
Bluekens Presentatie Nw Opzet2012
Bluekens Presentatie Nw Opzet2012Bluekens Presentatie Nw Opzet2012
Bluekens Presentatie Nw Opzet2012
 

Último

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Último (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Website Attacks and Hacks

  • 1. Website Attacks and Hacks Imagine the following scenario: You’ve just had a brand new website built for your business, and before you know it you are getting a warning from Google that your website has been hacked. It would, undoubtedly, evoke anger towards the pests that are hacking your site, and resentment towards the guys who built your site and, in your mind, didn’t put the measures in place to avoid this from happening! We have, on numerous occasions, come across “Virus Attacks” or “Hacks” as they are sometimes called. They commonly occur in Open Source Websites & are one of the few risks that come with using Open Source platforms. While your IT Team should be able to fix this predicament in almost all cases they have very little to do with the originating problem (i.e. equipping the site against these types of attacks). In general, a Google warning is the first notification of such a problem to them, as well as to you. What is at Risk? The most common reason for a website hack in the case of a small to medium scale website is link- farming for SEO gains. Moreover, Hackers go after E-commerce sites for customer & possibly credit card data. Email addresses of customers are also up there in the list of things hackers are after. How it Works? There are two common ways that hacks occur. Of course, there are many other types of hacks as well but these two are the most common in small to medium sized websites: 1) SQL Injection In this way, the hacker is very familiar with the database schema (or data model) of the site and creates a script that enters malicious code directly into the database table that carries the page content.
  • 2. SQL Injection can occur in most open source platforms because open source systems database schemas are common public knowledge. In Hosted platforms the risk of SQL injections is close to negligible as the databases are well protected & use connection methods / models known only to the company that runs the platform Cleaning a SQL injection means searching the database and removing the code, which at times can cause service disruptions, layouts or breaks in website functionality? 2) File System Infection In this way a hacker enters via an FTP or other channel for server vulnerability and actually modifies the source code files in order to place malicious code into the system This type of hack is very tough to fix because the scripting can be intelligent, spread quickly and continue to replicate even after clean-ups. Sometimes hackers will plant “receptor” scripts that go undetected and look very normal until they connect to the hackers’ own servers and pull down malicious code. Cleaning this hack means effectively looking at each file individually and systematically cleaning up the code. Your IT team can undertake a mass “Find & Replace” approach to clean the code if they are able to locate the malicious code, but shortcuts almost always mean that they will miss out the “receptor” script that is infecting the files. This effort is extensive and can involve various elements: Your base WordPress install version 3.0.1 has 756 Files! Version 3.4 has 1400+ files! Your Joomla 2.5 install has 6000+ files with a standard set of components & plugins! Sometimes clean up can also affect the functionality of the site or layouts, which result in a lot of lost productivity to the site How do we fix it? While your IT team doesn’t bear the responsibility for the hacking, which is, in many cases, hard to predict and potentially unavoidable, there are certain measures that can be taken to prevent it from happening (please see details in the next paragraph). For starters, the password selection for the Admin panel or FTP must be as hard to detect as possible. Once the hacking has taken place you will have to work with a very skilled System Administrator and a Programmer (both skills are a must) to clean the infected website and reestablish functionality. Once this action has been completed, the site must be re-submitted to Google as there are high chances that Google still has it detected as an “infected” site. How do we prevent hacking from happening in the first place?
  • 3. There are many things that can be done at the website production stage to prevent- or at least reduce – the risks. Your IT team can use a non-standard data model in with a regular CMS module – This can be a fairly expensive solution and will need a talented developer to execute. The cost, however, may be prohibitive. Upgrade to the latest version of your platform. This may also be a costly affair depending on how much customization has been done to your website. Most platform providers will release security updates frequently because they are familiar with the common threats against their platform Use secure passwords and change them frequently. Use combinations of upper case, lower case, numbers and special characters, and make your passwords at least 8-10 characters long. NOTE: numbers-only passwords are the easiest to hack Try not to send out passwords by email, send user names and use SMS / texting to send the passwords Invest in a dedicated server o Shared servers are very risky, mostly because you don’t know who your neighbors are and you are sharing everything with them. Potentially you could be on the same file system as a highly infected site and the virus will spread very easily to your site. In such cases your IT Team cleaning up the virus is completely wasting their time as they can’t clean the rest of the server, and it’s only a matter of time before the infection comes back o On Dedicated servers your IT Team will have access to the root file system and base modules so they can install a lot of tools & scripts to “harden” the server and secure it. This is not possible on shared servers o Dedicated servers are more expensive to own & maintain o Highly recommended: PaaS (Platform as a Service) hosting is the next generation of web hosting, which is highly secure o You can consider the use of Reverse proxies & other advanced security tools, a few of these are now available on a service basis (SaaS) Conclusion We recommend Dedicated Servers to our customers along with a proper security and support package to help prevent such problems. It is very difficult for any IT team to guarantee that hacking won’t happen, but we can certainly warn of contributing factors such as shared servers / weak passwords / outdated software, etc. and make recommendations for the best ways to prevent hacking from happening. http://clicktecs.com/