Menu

Daily Archives2015 April 03

Home

Ways of Website Attacking & Protection

ways of website attacking & protection

Finally we have setup a website and made it online after hard working. We keep working hard to promote it to get more business opportunities. But one day, the website is suddenly down because of attacking. No need to mention how terrible it is because our daily work is all about it. Here we concluded following ways of attacking with according solutions based our editorial experience.

NO.1 Injection

Hackers scan our website files then insert trojan codes from backend. The entire site might be revised. Especially when our website is created from those CMS softwares and we don't apply hot fixes in time after official announcement.

Result: Website content is changed which brings no trusts to visitors. Search engines and other security platform will detect the trojans and put notice from search result. Navigation to website will be blocked.

Solution: After learnt the real problem we can apply following fixes

  1. Restore from latest backup.
  2. Apply official hot fixes or switch to another website platform.
  3. Apply strict file permissions.

NO.2 Bandwidth Attack

Like CC or DDOS, attackers send out numorous requests to website and overload the router, firewall and server.

Result: Such attacking will simply bring down the entire hosting server. Because of this, website can not be opened, search engine spider can not get in either. If the problem persists for some time, data will be cleared from search results.

Solution:

  1. Choose a reputable hosting service with good firewall protection.
  2. Monitor website via third party services to detect any doubtable visits.
  3. Use CDN, CDN can greatly filter those attacks based their powerful hardware setup.

NO. 3 Database attack

SQL injection is another popular name for this attack. Attackers insert harmful sql commands by web forms.

Result: Database is compromised for data leaking. Nowadays over 99% websites are database powered, thus hackers got all web data access and be able to change everything on site.

Solution:

  1. Add authentication to web forms on website, such as captcha.
  2. Add database firewall
  3. Switch to a more secure hosting provider

NO. 4 Deliberate scanning

Hackers use scanning tools to scan website bugs for attacking

Result: preparition of next attack

Solution:

  1. Use a secure hosting provider.
  2. Close dangerous ports and change some default ports.

NO. 5 Domain attack

There will be following cases for domain attacking

  • Domain stealing – Domain ownership is changed and transfered to another registrar.
  • DNS hajack – Use spoof DNS server and forward domain to this address.
  • Wildcard domain DNS – Create lots of sub domains to point to hackers' website.

Result: Domain control is lost, sub domains are forwarded to hacker sites and domain authority is downgraded. Search engine will not trust our site and remove from search results.

Solution

  1. Choose a reputable domain registrar with real contact information, lock domain and prohibit domain transfer.
  2. Ensure the safety of contact email account.
  3. Use a good and reliable DNS service and lock our settings.