I’ve been asked to write an article for a popular website in relation to hacking and what the most common forms of hacking are. So, I’ve put together a brief blog about it and will link to the full article once it’s published.
In relation to web servers, there are 3 main threats -
1)Server and Service vulnerability exploits
2)The problem between the chair and the keyboard – AKA User Error
3)Web application exploits
1 – Server and service vulnerabilities are unpatched operating system and services, such as Windows, Linux, Apache, IIS, MySQL, Bind etc. These vulnerabilities should be patched as part of your regular monthly, or more frequent patch procedures. Generally these vulnerabilities are not critical but can be exploited by a determined hacker who knows what they are doing.
2 – The user errors I am referring to are weak passwords and using the same password or variety of passwords for all their login credentials. In the recent Sony compromise, over 1,000,000 user credentials were stolen. These will be being sold to criminal gangs that will attempt use them on all the popular websites. Passwords must be unique in order to be secure. You’ve only got yourself to blame if you get hacked.
3 – More serious are the web application exploits. By web application I am referring to applications such as WordPress, Joomla, Drupal and all the other CMS, CRM, e-commerce applications available. A popular hacking website has identified 9 WordPress plugin vulnerabilities in just 2 days. The vulnerabilities may lead to loss of data such as user and client details. You must ensure that if you install 3rd party applications, you keep them updated or if you’re not using them any longer, remove it. A free service we’ve introduced via Twitter is the @ForLinux_Alerts. If you follow us, you will be updated with all the critical issues for the most popular applications.