For those who wonder how a hacker compromises a website, I will run you through a case study of a business who unfortunately did not take preventative measures to protect themselves. They came to us after having realised their website was compromised, which was too late to prevent the attack. Now, there are different types of hackers - some suggest 3, others 10, but their distinction lies within their intention. They can either harm or help. Our example attack performed last year by a large hacking organisation was called Drupalgeddon and targeted 100,000’s+ sites. Unfortunately, they had bad intentions: stealing data from databases and using server resources to further their plans.
Here is how it went:
1. Organised Crime - Hackers Share Their “Secrets”
Hackers and non-hackers now have access to an incredible amount of knowledge on how to exploit websites. Sites such as exploit-db.com or RIPS archive many, many vulnerabilities discovered in software. They provide proofs of concept ready to be used on a target website. Some even provide video tutorials alongside scripts to run. So if you believe that updating software is a pain and not worth it, think again!
2. Evil Robots.
It can be as easy as “click, sit back, and watch”. Hackers can run automated scripts to find out vital details of a site’s software. Once they have that knowledge they target a particular vulnerability which is either published, or they have found themselves.
3. Hiding in The Dark
Working in the “cyber darkness” is better. By this, I mean that they run their malicious scripts from different IP addresses (unique personal address on the internet) so they can bypass basic site protection measures, such as firewalls... Using these “IP proxies” (effectively false addresses), they are able to identify themselves as a new visitor each time they attack the site. This way, they bypass standard web firewall rules. Thinking that they are a legitimate visitor, the site lets them through.
4. Trying All The Keys - One Will Fit.
Using repetitive commands by exploiting a software weakness, they manage to change the administrator password. Think of this as trying a bunch of keys, knowing that one of them will eventually fit. This key will then open all the doors in the desired “property”.
5. “Success!” Now The Real Work Begins
With administrator access, they can log in to the dashboard interface, which gives them full control over the content of the site.
They manage to install another “script” using newly acquired privileged access.
This script gets installed in the root folder where database credentials are stored.
With these important details, they steal all records the website holds. Some of these include Personally Identifiable Information (PII), simply because the site has a contact form and remembers who sent what and at what time. This information is sold on to other hacker organisations.
6. It Gets Worse...
If there are more vulnerabilities found in the database, they attempt to gain privileged access to the hosting platform, that is, the actual machine and software where the site is kept. When successful, they can access other site’s databases and create their own admin accounts on all of those and repeat the process.
7. How Can I Spot All This Happening?
Unfortunately, you can’t. The website will have remained untouched visually. This is all happening in the background and remains invisible unless you can spot technical changes on a server.
This is a True Story
The events above were all suffered by a client of ours. Fortunately, once they came to us, we were able to mitigate the risk, clean up the site and protect it from further attacks by ensuring regular security updates were performed. There are many other various seemingly minor changes that can be made to a site to thwart hackers.
Potential issues from hacks - Some Hard Facts For A Business.
If all I’ve shared so far seems too deliberately scary, and potentially costly, it’s worth considering the impact on your business. As many businesses depend almost entirely on their on-line presence for success, I would advise that this is certainly not something you can forget about in the hope it will go away.
Here’s what a hacker’s work can do to your site:-
- Compromise website visitors’ devices through hacker installed malware or virus on the site. Put simply, their machine gets infected by yours.
- Disclose personally identifiable information. This is a Data Protection/GDPR issue to which businesses can get fined...
- Get penalised by Search Engines. Having some spammy or unnatural content on your site would hinder your ranking and make you appear lower than your competitors.
- Get blacklisted by Search Engines, completely destroying your online reputation (your site will not be listed anymore) -> Google is no longer your friend. You have become it’s enemy. Beware - Google doesn’t forgive and forget very quickly.
- Cost a lot of time and money to move host and fix site or rebuild your site entirely. Trust me, prevention is not only better, but much cheaper than cure.
Meanwhile, if you need some help to stop the bad boys winning, please get in touch.
Credit: Photo by Ludovic Toinel on Unsplash