Server hacks happen every day. Hackers are aware of hundreds of loopholes through which one or another level of access to the server can be obtained. In some cases, vulnerabilities allow you to get to the confidential data of users, and sometimes the hacker gets full control over the resource. How to protect yourself from hacker attacks?
Instructions
Step 1
To protect your server from hacking, you need to know the basic methods of hacker attacks. By closing possible loopholes, you significantly increase the security of your resource. All of the following is not of interest to hackers (they all know this very well), but it can be useful to server owners.
Step 2
How is the server attacked? First of all, a hacker tries to understand what software is installed on him. To do this, he can open a site located on the server and enter an erroneous request. In response to such a request, an incorrectly configured server issues an error message and accompanies it with something like this: Apache / 2.2.14 (Unix) mod_ssl / 2.2.14 OpenSSL / 0.9.8e-fips-rhel5 mod_auth_passthrough / 2.1 mod_bwlimited / 1.4 FrontPage / 5.0.2.2635 Server at www.servername.com Port 80.
Step 3
For a hacker, the above information can be very useful - he sees the version of the installed HTTP server (Apache / 2.2.14) and versions of other programs and services. Now he can search for exploits (malicious codes) for vulnerabilities in the versions of these services. And if the system administrator hasn't closed the existing loopholes, the hacker will be able to gain access to the computer. A properly configured server should not give any detailed information about itself, or may display deliberately distorted information.
Step 4
One of the simplest ways to hack, often giving results, is to view the folders on the server. Very often, administrators forget to set the rights to view them, so a hacker, having determined the structure of the site using the appropriate utilities, easily opens folders that are not intended for viewing. If the administrator is a novice, a hacker can find a lot of useful information in such folders. For example, administrator login and password. The password is usually encrypted with the md5 algorithm, but there are many services on the network to decrypt. As a result, the hacker gains complete control over the site. Conclusion: set the rights to read files and open folders.
Step 5
Very often, hackers break into databases using the found sql vulnerabilities. There are special utilities that greatly facilitate the "work" of a hacker. With their help, in a matter of minutes, the presence of a vulnerability is determined, then the name of the database is determined, tables and columns are calculated, after which the hacker gets full access to the information stored in the database - for example, logins and passwords, credit card data, etc.
Step 6
Be sure to test your resources for sql vulnerabilities, for this you can use hacker programs. For example, NetDeviLz SQL Scanner. Enter the address of your site into the program, click the button. If there is a vulnerability, the site address will appear in the lower window.
Step 7
It is quite common for an administrator to use a very simple password that is easy to guess. For this, special programs are used - brute-forcers, which pick up a password using dictionaries or using special algorithms. Your password must be at least 8 characters long, entered in different registers and include letters, numbers and special characters - @, $, etc.
Step 8
Check your resources for XSS vulnerabilities, they are very common. Using such a loophole, a hacker can obtain your cookies. Substituting them instead of his, he will easily enter the site under your account. To check your resource for possible vulnerabilities, use a completely legal program XSpider.
