Call us toll free: 0800 WEB DRIVE

Types of attacks on websites and servers - Website Security

Published 31 March 2014


Welcome to the first in our series of posts on website security. In this series we're going to take a look at common types of attacks on websites, what to do if your site is the victim of an attack, specifically hardening of your site's code or CMS.

Map of cyber attacks

Today we're looking at the most common types of attacks and why hackers might want to exploit your website.

Injection Attacks

Injection Attacks, more specifically SQLI (Structured Query Language Injection) is a technique to modify a database query string by injecting code into the query. The SQLI exploits a possible vulnerability where queries can be executed with unvalidated data. SQLI's are still one of the most commonly used website exploits and can be used to potentially gain access to your database tables including user and password information. These types of attacks are particularly common on enterprise and e-commerce sites where hackers expect large databases to be present. SQLI attacks are also among the easiest attacks to execute, requiring no more than a single PC and a small amount of database knowledge.

DDoS

Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks are the most common ways to overwhelm a website. These are attempts to flood a site with external requests, making that site (and potentially others on the same server) unavailable for users. DoS attacks usually target specific ports, IP ranges, or entire networks, but can be targeted to any connected device or service.

Denial of Service attacks are when one computer with an internet connection attempts to flood a server with packets. DDoS on the other hand are when many devices, often widely distributed into a botnet attempt to flood the target with hundreds, often thousands of requests.

Take a look at the current attack bandwidth here.

DDoS attacks come in 3 main varieties:

  1. Volume Attacks, where the attack attempts to overwhelm bandwidth on an targeted site.
  2. Protocol Attacks, where packets attempt to consume server or network resources.
  3. Application Layer Attacks, where requests are made with the intention of crashing the web server by overwhelming the application layer.

Brute Force

These are essentially attempts to "crack" every possible combination of username + password on a website. Brute Force attacks are looking for weak passwords to exploit and grant hackers access to your site. Given enough time a brute force attack will ultimately be successful (if no other security practices are in effect) so the trick is to make your passwords so secure that it would take too long to crack. As computers become more and more powerful the need for stronger passwords becomes increasingly important.

Cross Site Scripting

Attackers use Cross-site Scripting (XSS) to inject malicious scripts into what would otherwise be harmless websites. Because these scripts appear to come from trusted websites, the end-users browser often executes the script, granting hackers access to information held in cookies or session tokens used with that site. XSS is usually used to gain access of a users account.

Website Attacks Snapshot

While these are the most common types of attacks, they represent less than half of all known website exploitation's. The size and volume of attacks has grown steadily and there is a constant arms race with server and hosting providers employing ever-evolving network level protection and hackers employing ever stronger attacks.

Largest DDos by year

Why Are Sites hacked?

Hackers are usually attempting to overcome a website's defenses often because of a grudge or complaint against that company or site. Hackers also work to bring sites down for commercial or political reasons (e.g. competitors, hacktivists). They can also be criminally minded, and attempt to extort site owners by obtaining potentially valuable user information or threatening to deface the site. Sites hosted on Shared Hosting often have access to large bandwidths, thus making them targets to amplify DDoS attacks.

The reality is that many types of attacks to websites require hardening of the website code itself. In coming posts we'll go into more detail about how you can harden your site defenses over and above what we already provide at a network level.

Sources:

http://www.incapsula.com/ddos/ddos-attacks/
http://nakedsecurity.sophos.com/
https://www.owasp.org/index.php/Main_Page
https://www.acunetix.com/

Recent Posts

Categories

Archives