Many people believe that their websites are safe and that they will not be attacked by hackers. They live with the assumption that their business is too small to be hacked. The time has come to do away with such assumptions and think about ways to cure their website.
Attackers on the internet do not always target specific sites. Most attacks are brought about by bots, which are not concerned with who you are or what your website or business does. Determining whether you are infected by scanning your website is the first step in protection again malware such as bots, trojans, worms, and viruses to mention a few.
Imperva, a web security company, points out that half of all website visitors are bots and that almost 29% have the malicious intent in attacking your website. The finding further revealed that the less traffic a website has, the more it is likely to be attacked. Proving that bad bots not only will attack any website regardless of its purpose but have no concern on whether it is a heavily visited site or not. We need to realize that bots are not human but are automated attacks unbiased to the website with the primary goal of breaching websites and increasing their amount of controlled sites.
Example of a Bot Hack
Recently, Honeynet, a global non-profit security research organization, set up a honeypot for tracking security attacks on a cloud-based web server. This ran on a barebones Amazon Web Services (AWS) instance. It did not have a domain name nor was running services that would be useful to anyone else. A short while after starting the server, they began capturing network packets for a 24-hour time frame using Wireshark, the best network traffic analysis tool currently available. This was followed by examining the packet capture file with Wireshark; p0f, a passive TCP/IP traffic fingerprinting program; and Computer Incident Response Center’s (CIRCL) Border Gateway Protocol (BGP) ranking API.
Within a matter of 24 hours, this unnamed and almost invisible web server was under attack more than a quarter of a million times. This example is thus a wake-up call for you to start locking down your website.
Most of these attacks were made via Secure Shell (SSH). This was followed by researchers opening a honeypot to gather attack data. A honeypot refers to a server that has been designed to look just like a real website. In order to keep the project workable, the researchers decided to open up the Web’s Hypertext Transfer Protocol (HTTP), SSH, and also the Telecommunications Network (Telnet) protocol for attacks.
- HTTP
Most numbers of HTTP attacks were carried out on PHPMyadmin, a well-known MySQL and MariaDB remote management system. A number of web content management systems depend on these databases. Vulnerable WordPress plugins were also often attacked. It should be noted that this was done on a system that hadn’t emitted a single packet towards the outside world even in honeypot mode.
- Telnet
A few IoT gadgets use Telnet for configuration and management. This is actually asking for your devices to be hacked.
- SSH
As for SSH, an increasing number of the attacks were brute-force assaults running via lists of commonly used passwords and usernames over the entire range, 1-65535, of TCP ports.
Conclusion
Imperva has discovered that one in three website visitors is, in fact, an attack bot. Imperva and Holberton also discovered that the attack patterns recorded for SSH and HTTP depended on generic exploit attempts that seemed to scan different IP addresses for common vulnerabilities. Telnet relied on much simpler intrusion methods by brute forcing with combinations of default usernames and passwords.
These attacks are actually impelled by botnets and bots in order to attack all or any of the sites they discover. These automated hackers are hunting for websites that are unprotected and weak.
It is thus essential for you to secure your website using fundamental security rules. Some of these basic rules are listed below:
- Use firewalls to block all ports to your site except for the ones you use
- Disable any internet-facing services unless you are using them
- Keep your software patched and up to date
- Scan websites for malware attacks
- Update your site as soon as a new Content Management System (CMS) version or plugin is available