My Website Have Been Hacked…

You might see websites which have been hacked or read news about them or you might experience. Hackers might have different motivations to hack website, some of them just want to show their power or they might ask you to pay them to discover and resolve security problems in websites or they want to show a group of hacker is powerful or do demonstrations and so on. For whatever reason hacking taking into place, anyone could be victim and have to protect ourselves. There are many ways which hackers will be able to take over a website, most common ways are as follow:

Take advantage of Vulnerabilities: Vulnerabilities are weaknesses in a system which could result unauthorized access to website or result hacking. Vulnerability could be in web server or hosting website, for example they might have a server which is out of date and exploit a vulnerability and take complete control of server or take advantage of specific vulnerability and do specific modification. Vulnerability could be inside the architecture or code of website, for example if website doesn’t validate and handle users’ input to the database, it could result SQL injection. Most websites hacking are because of vulnerabilities in website or website host server.

Stolen Identity and Weak Credential: Your website might be safe and secure and you have a proper way to handle vulnerabilities and your systems are always being updated. However, they could get hacked if you are using weak username and password (e.g. guessable password, short password, etc.). Remember, if someone have access to your username and password, he or she would have the same access as you do to the system. It is like if you lose your car key and someone found it, he or she could easily use your car.

In order to protect our websites against hackers, firstly we have to choose our host or domain wisely. Many website administrators will chose the cheapest domain or host without considering about security in their hosts. Before buy a domain or host, you have to look into how well they protect their environments against security threats. This include regular updating of their servers , perform regular security testing , work with trusted vendors to protect their data center, etc. You also should design and develop a secure website using best practices in security development. Microsoft Security Development Lifecycle is a good method to be followed to implement a secure website. There are cases of zero-days vulnerabilities, it means there are vulnerabilities which are unknown to security experts and for these type of vulnerabilities you should think about adapting a process to protect yourself, for example by collaborating with security experts and reporting unknown vulnerabilities and working on solution for it.

Protecting password and identity is important issue, we could enforce administrators to use secure password and won’t allow them to use weak password, but we should train them to protect their password and do not use administer passwords in other websites. There are cases that an administrator will use a same password in different websites and one of those websites will be hacked and the password will be leaked. We need to train our website administrators to protect themselves against identity theft and phishing. Well, this is easier to say than done.

It is not difficult to protect our websites against hackers, just we need to put efforts and work together to protect our websites.



Comments are closed.

%d bloggers like this: