In the early web days, your website and servers were generally safe. Unless you crossed the wrong computer science student or were a huge financial institution – the average mom and pop website was pretty safe from attacks. However, now, the complexity of technology and the rise of hacking assisted tools has created a new vector of security vulnerabilities that server admins and web developers must constantly battle.
Gaining access to a server or website for hackers can provide them with valuable personal user data, financial information, or even just a place to distributes spam, viruses, and malware.
Here’s a short list of some of these vulnerabilities you will want to protect your sites against:
Brute Force Attacks
The simplest tool at a hackers disposal is the ability to break into websites and servers simply by guessing passwords. Hackers have the ability to guess thousands upon thousands of passwords a second, so securing your administrator accounts with strong passwords is a must. If you see a suspicious IP making a lot of login password attempts you might want to investigate further or ban them.
Cross Site Scripting (XSS)
Any part of your website that allows a user to upload, post, or send content including comments, images, or messages has the potential to be vulnerable to this sort of hack. A knowledgeable hacker could be able to inject malicious code into their image or post that will execute when you or another user views it. This could result in them them being sent to a fishing page, running a set of commands from your user, or even being able to steal your login session cookie, which would allow them to login as you. Blocking users from submitting malicious content or disallowing users from posting content can protect against XSS attacks.
Similar to XSS attacks, SQL Injection relies on a hacker being able to input malicious code. Where it differs is the target. An SQL Injection attack targets your website’s database directly. If a hacker is able to inject malicious code into your website’s URL or send it to your server directly they may be able to gain access to your website’s database and read / write data to it as they like. Gaining access to sensitive user data could be extremely detrimental, so always make sure your website software is up to date and blocking malicious HTTP requests.
When running a modern website, it is crucial that you keep your the technologies it is running on up to date. This includes the software your operating system, the programming language your website is run on, the web and database servers, and your website. Most modern technologies are, at least in part, open source. This means that anyone, including hackers could read the code and search it for new and devious ways to compromise servers. While developers are constantly programming new security features into technology, if one link in that chain fails or isn’t kept up to date, it could mean your whole system could be compromised by an enterprising hacker.
The last vector of attack is a much lower tech one. Social engineering is when a hacker is able to gain access to a system or information through more physical means. This could mean pretending they are someone they are not like the server admin, a web developer, or even a high ranking member of a company. Using this facade they are able to coax passwords and login information out of unsuspecting website owners. Always be wary of giving sensitive information over the phone and try to verify a person’s identity if they’re asking suspicious questions and you’ll be able to prevent yourself from being a victim of social engineering.
Protecting your website now days is no small task. There are many vectors of attack and protecting against each can be a tough job, but you’re not alone. Your hosting company, web and server developers, and your local web development agency have a vested interest in protecting you, your data, and your users from being PWNed.
So, just ensure that you and your team follow these security best practices and you should be fine!
And if you think you might forget… well… just make sure you’re making frequent backups!
Want to learn more about securing your data? We’d be happy to help!Contact Us