Why is your site getting hacked? – Common website attacks
It is imperative for every website owner to understand something about website security. Even though we as a web hosting service supplier do everything we can to provide a secure web hosting environment, the weakest spot is commonly the doors you leave open in various scripts you use for your website.
The most common website attacks are Cross Site Scripting (XSS) and SQL Injection.
A Cross Site Scripting attack is looking for vulnerabilities in your website code, commonly where user input is requested, such as in forms. If such vulnerability is found, the attacker will attempt to inject a script into the web page which allows the attacker to get access to sensitive content, session cookies, or other information kept in the users browser. This can be used for example to hijack a customer’s identity during an e-commerce session.
There are several actions you can take to protect your site against Cross Site Scripting attacks. One of the most effective is that you make sure your scripts block the input of special characters typical for scripting, such as these: < > & “. You may also use a HTML Purifier that will eliminate all malicious code for you using a secure whitelist.
SQL Injection is another very common attack used by hackers to steal sensitive data from companies and organizations. A hacker injects an SQL statement into a form; say a login form, in order to get access to your database. The inserted SQL command can be used to delete parts of your database or to retrieve information.
The actions to prevent SQL Injection attacks are similar to the ones used to prevent Cross Site Scripting. You may want to use the PHP mysql_real_escape_string which will escape special characters in a SQL query string before it is sent to the database. You may also want to add another level between the site’s front end and the database, like PDO in PHP.
In addition to this, of course you need to host your website with a hosting partner that takes web security seriously. Welcome to ServeU.net. Find a secure web hosting plan here
Coming Up Soon:
How to keep your CMS website safe - An article with easy applicable tips for you who own a blog or website based on WordPress, Joomla, Drupal or similar Content Management Systems. Don't miss it - Follow us on Twitter!
