The most common methods that the hackers use to attack vulnerable websites are:
Cross scripting (XSS): The holes cross-site scripting are vulnerabilities of applications Web that allow the attackers to elude the safety mechanisms which normally the navigators to the content impose Web. When finding malicious ways to inject scripts in webpages, an attacker can obtain access privileged to sensible content of the site page, the cookies of session, and a variety of another information maintained by the navigator in the name of the user.
Authentication and weak authorization: A system that safely does not pass the information of session through SSL can be hackeado snooping in the traffic until discovering an authentication of active and/or credential users of authorization.
Injection SQL: The hacker inlays code SQL in forms Web or other protected areas of the site not to manipulate the data base. Once the data base has been taken part; they can obtain the complete control of your site and the information of user account. This commonly happens to a CMS nonupdated or sites badly developed.
Remote execution of commandos: This is when a vulnerability of the site (generally by an evil development) allows an attacker to execute commandos of the operating system with the privileges of the Web server.
How I can protect my website against future attacks?
- It periodically scans in search of virus and malware. There are many alternatives of anti-virus free in the cloud.
- Mantén essential software updated (operating system, navigating Web, plugins of navigators, anti-virus/anti-spyware, etc.)
- You can use tools in line to verify if there are uncertain versions of programs installed in your PC
- It uses the extensions of security of the navigator as NoScript to diminish the risks of being infected while you sail by the Web.
- Contract a developer or designer with experience in the website design.
- It updates your passwords periodically.
- Always that is possible, it uses safe protocols as SFTP or FTPS. FTP is an uncertain protocol that transmits its credentials without encriptar (in clear text), which causes that it is easier to take part.
- The software of the CMS updates, one of the most common types of attacks is to traverse interventions in CMS of open code and obsolete applications. Mantente to the day with the updates of security and patches through the page of your suppliers.
- It solicits to your supplier of Hosting that counts on blockades of attacks by firewall and security to the servers.