Just a few days ago (May 15, 2014) we have seen the Rawalpindi Police website getting hacked. Being the premier hosting company in Pakistan, we strive to provide the best possible protection against these attacks that is why we use secure application-level firewalls so these attacks are stopped right in their footsteps.
However there are still chances that no matter how much security you implement at the server level the hacker is able to exploit some vulnerability at the application end where the server security may not be able to stop the attempt. So if the application is vulnerable no matter how much security you have in place at the server end the site may still get hacked. It’s like closing the front door of the house but leaving a window opened for the thief to get through.
So it is vital to understand the basics of how a website gets hacked to keep the website secure. In this post I will list some of the methods hackers use to hack a website and also their prevention tips:
Sql Injection is most common type of hacking attack. I will not go into technical
details, you can read about sql injection here.
Basically if you are using a custom developed CMS e.g. one developed by you or your programmer, then the programmer should be asked to script the application to check and avoid any type of sql injection attacks.
However if you are using a popular CMS like WordPress or Joomla etc, then make sure you are using the most recent version of the script. As an older version may contain some sql injection vulnerability which the programmer did not fixed. That is why wordpress releases new versions which contain fixes to the previous vulnerabilities and also new features.
So the reason for your WordPress website getting hacked is most likely that you forgot to upgrade to the latest version and some malicious hacker used the vulnerability present in the previous version to hack the website.
Cross site scripting
Tricking the user to install infected script as theme or plugin
When installing a theme or plugin/module to your WordPress or Joomla installations make sure that you are downloading the theme from a trusted source (e.g. a trusted website).
We have seen a lot of users installing themes or plugins which are cracked to get a free installation of a paid script. What happens is that the person who has cracked that script also inserts their a malicious code in the script.
So when you install that theme or plugin it will also insert the code which the hacker later exploit to deface your website or use it to send spam etc.
Using a keylogger or ftp password stealer on the users own system
This is also somewhat similar to above, however in this case the hacker is able to
trick the user to install a trojan, virus called ‘Keylogger‘ on the users local PC.
The keylogger then logs every key the user presses and later sends those to the hacker. Once the hacker get your login details they are free to access your account and modify code etc.
To avoid this scenario always install and updated anti-virus / spyware software on your local PC. Anti-spyware software like: Malwarebytes, Adware, Spybot S&D are good to scan your PC if you think you are infected.