If you’re a website developer or server administrator it’s always a good idea to inform your clients about the basics in terms of their website’s security, and the inherent need for cautious security practices.
Attacks and the methods of gaining access to a web server are always evolving, so it’s always in a client’s best interest to remain aware of the potential risks that come along with owning their website. Of course, these should be considered by all website owners and not limited to just the site administrators or developers, however.
In this article, we’ll go over the most common types of attacks your clients may encounter, and the methods hackers can use to gain access to a website.
PCI Compliance
In the case, your client is operating an e-commerce website, PCI compliance remains a top priority for their online business. This means ensuring all sensitive credit card information is secure, as well as all data stored on the server itself is encrypted. When it comes to these requirements for e-commerce this will generally start with installing an SSL certificate, encrypting all data in transit.
Remaining compliant with Payment Card Industry Data Security Standards (PCI-DSS) not only requires an SSL certificate protecting client card information but also ensuring you’re taking preventative security measures with the website itself.
Brute force & DDoS attacks
These kinds of attacks are the most common, which also means there are a lot of preventative measures and services one can take to lower risks against them as well. In regards to brute force attacks utilizing a customized URL is preferred, default users should be adjusted if at all possible, and passwords should never be too predictable. Enabling two-factor authentication for all admin panels is also highly suggested.
DDoS attacks on the other hand don’t rely on things such as password recovery tools, but instead on botnets. Botnets essentially are a bunch of internet-connected devices that make an excessive amount of requests to a server. The ultimate goal of these requests is ensuring a website goes offline, due to personal, profitable, and/or political reasons.
These attacks can range anywhere from being minimal for a small period of time, or on a much larger scale affecting entire organizations for an extended period, costing companies an extensive amount of money to fix. We’ve previously discussed The Largest DDoS Attacks & What You Can Learn From Them as well.
Cross-site contamination
This type of contamination occurs across multiple websites existing on one server. This means the more sites share existing space on that same server, the more infections may persist. For instance, if your organization relies on multiple WordPress installations, then all those installations could potentially become infected.
The solution to avoiding this can be placing each website on its own separate Cpanel instance or container, but that isn’t exactly the most cost-effective way in preventing these infections. It’s important to first remove any old or unwanted websites from the hosting server entirely, as well as any unnecessary themes and plugins.
Choose a hosting provider that allows for easy configuration of your sites, securely, so you don’t need to write access to another one.
Preventative Measures
As previously mentioned, all online businesses should honor being PCI compliant. Regardless of whether the client’s site is e-commerce or not, however, these are some of the top preventative measures that should be considered.
- Access Control: Limit the number of privileges each user has. Only give them what’s necessary for their role on a website and only for the duration that they require it. We refer to this as the Principle of Least Privilege.
- Outdated software, plugins, and themes: Make sure these are always up-to-date, or, create a backup of the site before any manual updates in case of issues that you can always revert.
- Weak passwords: Make sure all passwords are strong and updated regularly.
- Website Application Firewall (WAF): Consider implementing a firewall on your website, which will alleviate stress on the origin server as well as filter out all malicious requests.
- Maintenance schedules: Having a maintenance schedule will help contribute to a lower chance of the site being infected by zero-day exploits and other known vulnerabilities.
Detection & Response
Having an active scanner in place should be one of the first things to consider when creating a website. The scanner should be reliable and regularly updated. In the case, it detects an infection or false positive on the site, be sure you have incident-response measures in place either with a personal developer or a company that provides solutions for you.
In my previous post, I discussed How Malware Gets On Your Website, which goes into further detail about the preventative measures listed above.
Here are the variations of malware that can occur on your website you should be looking out for:
- Spam: Injecting spam into a site is a hacker’s malicious attempt to infect top-ranked website pages. Hackers will try to redirect users to their spam websites instead.
- Phishing: This is a type of social engineering tactic attackers use to send fraudulent messages and replicate sites, designed to trick others into revealing sensitive information.
- Redirect: These infections persist to automatically redirect users away from your website, affecting the overall traffic and revenue.
- Credit Card skimmer: This type of malware can be the most detrimental to e-commerce, due to the fact the hacker will have every customer’s credit card information stolen, by injecting malicious code on the back-end which can result in legal troubles down the road.
- Drive-by download: When users browse websites malicious advertisements may display on an infected site, taking advantage of vulnerabilities in web browsers, operating systems, Java, or file editors and viewers like Microsoft Office and Adobe Flash.
- Cryptominer: This infection is designed to take advantage of your server’s resources to mine cryptocurrency for the hacker.
- Defacement: These infections persist on the front-end of the site to let all site visitors know the site has been hacked, usually followed up by a hacker’s watermark or signature. These can impact a site’s overall reputation, and hackers in these cases like to make it known they were indeed attacked.
- Ransomware: This type of infection has become an ever-growing concern within cybersecurity, as it’s detrimental to all kinds of websites, organizations, and governments around the world. It’s designed to lock users out of a system, encrypting all files, until large sums of money or crypto are paid to the hacker.
- Backdoor: A backdoor is a malicious computer program that’s used to provide an attacker with unauthorized remote access to a compromised system, by exploiting known vulnerabilities.
- SQLi: SQL Injections are injection attacks that make it possible to execute malicious SQL statements on the website’s database.
It’s important to consider if you’re not removing these infections in their entirety then they’ll likely persist on your hosting server, causing reinfections to pop up.
In Conclusion
Discussing these topics with your client should remain a top priority if they’re inquiring about your services. Although building a website and being informed of all of the configurations, troubleshooting, and applications that come along with it can be overwhelming, one of the key things a hacker takes advantage of is the naivety of their victim.
Once an attacker has found something to exploit within an application or website, they’ll use it whenever they seek the opportunity.
If your client has been the victim of one of these attacks and you’re inquiring about our protection and clean-up solutions feel free to reach out. We’re here to help.