Is your website and online database secure? How easy is it for a hacker to break into your website or to "crash" your website? What changes could be made to your online system to improve security and therefore reduce the chance of a hacker, virus or spam bot attack?

These are some of the vital factors that our website security consultants can report on. An audit can be carried out on your online system to ensure that the necessary security measures are in place. Speak with one of our website consultants about your project.
Phone 07 3481 8800 or 1300 880 648.

Our security testing work is carried out by website security experts at $160+gst per hour, for as few or as many hours as you require.

THE IMPORTANCE OF WEBSITE SECURITY

A hacker, virus or spam bot can significantly affect your website and therefore impact on your company. A hacker can steal information from your database such as user information, credit cards details, addresses and other sensitive data. A virus can cause your website to go offline for a series of days, thereby causing a disruption in service and embarrassment for your company. Website files and database information can be deleted or corrupted. Your website can be blacklisted as sending spam if a spam bot uses your website to send out mass emails. Any of these issues can cause significant losses of time and money. Therefore when it comes to website security, prevention is always better than cure!

Speak with one of our website consultants about your project.
Phone 07 3481 8800 or 1300 880 648.

What Are Some Different Types of Website Hacking?

Website hosting server security and server firewall will protect you from direct server attacks on your hosting server. But regardless of how good this level of security is, it is completely unrelated to your individual website's security. Two websites on the same server could have completely different levels of security, one being devastated by a hacking attack, the other one being left unharmed due to security measures. This is because your individual website's security is based upon how the website was coded and what security has been put in place in the programming of your website.

This article will cover 4 different types of hacking that may use against your website.

Type 1) An Injection Attack On Your Website

An injection is something inserted by a third party into a website through a form on the website or through the URL of the website. The most common kind of injection
is a “SQL injection”. SQL Injection involves entering SQL code into forms or through the URL on the website in order to attack or manipulate the SQL database.

The hacker enters a SQL command to retrieve, delete, manipulate or update database information. For example the hacker might request to delete all information in a table that stores orders and customer information.

The Solution To Injection Attacks is to have a good "sanitizer" coded into your website. A sanitizer is a script that is put inside the coding of your website. This script will take the information submitted to the website (either through a form or through url) and strip out any unsafe tags and characters before sending it onto the SQL query. Everything that a user inputs throughout the website should be put through a sanitizer. That way, regardless of what hackers try to enter, the script will take out any harmful elements rendering the injection useless.

Type 2) Hijacking Your Website (aka Cross Site Scripting)

XSS or Cross Site Scripting is the other major vulnerability which attacks major players such as Microsoft, MySpace and Google. XSS is about embedding JavaScript into
a hyperlink. The javascript will then attempt to hijack sessions, ads and steal personal information.

At the end of a normal link to a popular website, you may see code such as ... [%63%61%74%69%6f%6e%3d%274%74%70%3a%2f%2f%77%7…]

These are the characters of a complex javascript function that is put on the end of a normal link. This javascript function is designed to hijack the functionality of the page. It can collect the log in details you enter. These links can be placed on any website that the hacker has access to. Most likely a forum or blog so that they aren't putting it on their own website. This link will take the user through to a popular website. The only difference is that you will notice that the link has extra code after it (as shown above).

Type 3) Website Misuse and Accidental Hacking

There is no limit to how people can misuse websites and not every hacker is a computer guru. You have probably found ways of misusing websites whether intentionally or accidentally. Accidentally clicking buttons when we shouldn't or doing something out of the ordinary can sometimes cause website errors on websites that are not programmed well. If the general users of a website are misusing it or accidentally generating website errors, this is a reflection on bad programming and a lack of usability testing.

The solution is that the website needs better programming and more user testing.

Type 4) Google Hacking / Search Engine Hacking

This is the easiest hack of all. It consists of simply searching for stuff on Google. Hackers may Google search for things such as :

inurl:passlist.txt
inurl:passwd.txt
“login: *” “password= *” filetype:xls

Try searching for the above things yourself. You will see that it returns passwords and usernames stored in a very insecure manner - as text files on the website which can be
accessed by anyone who knows that they are there. Searches like the above return very random results, and are of little use for targeted attacks. Google hacking would primarily be used for finding sites with vulnerabilities and then the hacker can target that vulnerable website. If a hacker knows that a type of hosting server has certain exploits, and he knows a common error code returned by that server, the hacker could Google search for that error and quickly find vulnerable websites with that error.

For specific targets Google can return some exceptionally useful information: full server configurations, database details (so a good hacker knows what kind of injections
might work), and so forth. You can find any amount of SQL database dumps as well (fooling around with a Google hack while preparing this article, I stumbled across a dump for a top-tier CMS developer's website). And a vast amount more besides.

The solution to this problem is to not keep any sensitive information in files on your website. Keep things like usernames and passwords in a SQL database on the server. Then hackers won't find your sensitive information and therefore won't target your website.