Tech

How Hackers Get Into Your Website

Websites could be hacked for any number of reasons. It doesn’t matter if you’re big or small, anybody can get hacked. A large organisation may know exactly what threatens their site, but they take this for granted, never thinking it will dare to reach them. Smaller companies, on the other hand, can’t imagine what a hacker would want with them, so are sure they won’t be hacked. Whatever the case, it’s important to be well-informed about how hackers can attack your website.

 

How Hackers Wreak Havoc

This is a compiled list of 9 ways hackers may attack your website.

1. Password Cracking

The hacker may try to login to your account by guessing your username and password. This is very much like how a thief might pick a lock or break in through a window. They could use the Man in the Middle (MITM) attack, where the hacker may obtain your username, password, and other personal information while you work on an insecure network. Remember that every time you use an insecure network, your details are transferred from one point to another via plain text, making them easy to intercept.

 

2.  SQL Injection

When there’s an injection attack, it means an attacker can inject code into a query or malware on a computer. This allows them to modify a database or alter data on a website by executing remote commands.

 

3.   Third Party Integrations

Third party integrations have become commonplace, especially with content management systems such as WordPress, Drupal, and Joomla. The challenge with a third party integration hack is that the website owner is unable to control it. The most well-known forms of third party integrations manipulation include:

  • Malvertising attacks.
  • Content Distribution Network (CDN) attacks.

 

4.   Session Management and Broken Authentication Attacks

A hacker can gain access to your account if your website has a weakened user authentication system. Once your account is hacked, they can do anything the account owner is able to. This means that a hacker can assume your identity.

You could be vulnerable to this kind of attack if:

  • Session IDs are not rotated after a successful login.
  • Passwords, session IDs and other credentials are sent over unencrypted connections.
  • The URL exposes your session IDs.
  • Session IDs can be easily affected by session fixation attacks.
  • Your user details are weak, for example, if they were not stored using encryption or hashing.
  • Poor account management functions allow your credentials to be guessed or overwritten.

 

5.   Cross-Site Scripting Attacks

Cross-site Scripting also called an XSS attack, is an injection that allows the attacker execute malicious payload into an authentic website or web application. When an XSS script is prompted, users are deceived into believing that the jeopardised page is actually a legitimate page of the website.

 

6.   DNS Cache Spoofing

Also known as DNS Cache Poisoning, DNS Spoofing involves hackers identifying flaws in a domain name system, allowing them to divert Internet traffic from a legitimate website or server towards a fake one. The dangerous thing about this kind of attack is that it can replicate itself and spread from DNS server to DNS server.

 

7.  Symlinking

A symbolic link or symlink refers to a file that contains a reference to another file or directory. You’ve got yourself a symlinking attack when an attacker creates a file and gives it the same name as the symbolic link, while it creates the linked-to file instead. With symlinking, the hacker may be able to:

  • Grant themselves advanced access.
  • Control the changes to a file.
  • Expose sensitive information.
  • Corrupt or destroy vital system or application files.
  • Insert false information.

 

8.  Clickjacking Attacks

Also known as a UI Redress Attack, Clickjacking occurs when an attacker tricks users to click the top layer after creating various obscure layers. What this means is that the hacker is hijacking clicks that are meant for one page and routeing them to another page.

 

9.   One-Click Attacks

Also called Cross-Site Request Forgery (CSRF or XSRF), a one-click attack is a simple attack where a user is forced by the attacker to perform some significant action without them knowing about it or consenting to it. It is very much like forging a victim’s signature on an important document. The tricky thing here is that a forged request comes from the same IP address as the victim’s request, leaving no evidence behind. In many scenarios, the application will not be able to tell the difference between a hacker and a valid user.

 

How to Keep Them at Bay

While cloud hosting and domain name companies try their best to provide excellent security for their clients, website owners also have to be on their toes. Brendan Wilde, Online Manager at www.freeparking.co.nz/domain-names/nz/ says, “We’ve got more than 200,000 domains that we manage and the reality is that most of their owners haven’t stopped to think about what else they need to do to protect their space online.”

Don’t be like the others, do these to protect your website:

  1. Never underestimate your site’s relevance to hackers.
  2. Limit the number of people you give administrative access to your website.
  3. Use a website firewall to protect yourself against the exploitation of software vulnerabilities.
  4. Try to have at least 60 days of backup available.
  5. Use webmaster tools by Google and Bing to check the health of your website.
  6. Get your site themes from reputable sources, such as the website of your CMS.
  7. Don’t use too many plugins, and stick to popular ones.
  8. Make sure to update integrated software and CMS software frequently.
  9. Use a strong password for your administration and FTP accounts.
  10. Use two-factor and multifactor authentication to revamp how people access your website.
  11. Use hosting companies that routinely update security.
  12. Never interact directly with an unsolicited email.
  13. Use antiviral applications regularly on your site.
Like
Like Love Haha Wow Sad Angry
Rants

The illusion of the past and the future

What if I tell you there is no past and no future? Would you be curious to know why?

Let me begin by asking you a question. Did you ever jump into the future or the past and did something there? If you didn’t, the chances are at any point of time, you must have been in the present.

The logical question then is, we plan for the future all the time and we remember the past, then how don’t they exist?

The short answer is, they are the constructs of the mind.

The explanation is simple, whenever we are planning for the future, we are doing so in the present. We are putting a set of instructions for ourselves for the present continuum. The present is never ending, hence the illusion of the future. We synchronize our present continuum with that of the others to accomplish tasks and goals.

The whole system which we are in I reckon, is being born and is dying at the same instance, while what is being born is generated based on what just died.

All I can wonder is, what an efficient process it is!

I do not know the algorithm of the births!

P.S: Time travel, hmm.. maybe not.. in any direction or dimension!

Like
Like Love Haha Wow Sad Angry
12
Featured Tech

Google Translate with mobile camera

Now you can translate using your mobile camera. Point and see the translation, that easy!

The Google Translate team tests their new app in 27 languages — you can download it on the Google Play Store (https://goo.gl/translateappandroid) and App Store (https://goo.gl/translateappios).

Like
Like Love Haha Wow Sad Angry
1
Rants

Too many coincidences

Lately, I have been seeing too many same numbers. 111, 222, 333, 444, 555, 666, 777, 888, 999, 1010, 1111, 1212.

These have been repeating all the time. It’s been six months now and seems like the frequency is increasing day by day.

Even the lights go off when I cross street lights! Seems odd, but its happening!

Have you been experiencing something like this lately?

Like
Like Love Haha Wow Sad Angry
Code

WordPress – Remove ver from CSS and JS file

Problem: You are unable to see the changes you are doing to your CSS and JS files on your WordPress website. You notice a strange ‘?ver=’ suffixed to your CSS and JS files.

Solution:  Use the following code snippet and put it at the end in your functions.php file.

An easy way to add code to your functions.php without editing it manually is using Code Snippets

Like
Like Love Haha Wow Sad Angry
1