There are a lot of options for hacking sites. Starting from exploiting vulnerabilities of the CMS system, VPS hosting and server, to guessing passwords or sending Trojans to get saved passwords from FTP and admin panels.
Even if your site is securely protected, you can be broken through vulnerable neighbors on shared hosting if the rights are set incorrectly. Attackers can monitor bugtraq mailings for the emergence of various kinds of so-called vulnerabilities, zero day, collect vulnerable sites. Using search engines and services and try to massively attack.
Thinking and action of attackers
Usually, attackers, based on their goals and qualifications, try to gain a foothold on a hacked resource and mask their presence. Hacking a site cannot always be recognized by external signs. Mobile redirect, spam links on pages, other people’s banners, defacement, etc.
When a site is compromised, these external signs may not be present. The resource can work in normal mode. Without interruptions, errors and being blacklisted by antiviruses. But this does not mean that the site is safe.
The problem is that it is difficult to notice the fact of hacking and downloading hacker scripts without conducting a security audit. And the web shells, backdoors and other hacker tools themselves can be hosted for quite a long time and not be used for their intended purpose. But one day, the moment comes, they begin to be severely exploited by an attacker. As a result of which the site owner has problems.
For spam, placement of phishing pages, the site is blocked on the hosting (or some of the functionality is disabled). And the appearance of redirects or viruses on the pages is fraught with a ban from antiviruses and sanctions from search engines. In such a case, it is necessary to urgently “cure” the site.
What can an attacker get from a hacked site?
First of all, information. The site may have a private section, an online store may contain a user base, services with hardcoded credentials of third-party systems. For example, SMS gateways with a good balance and other things that can be sold can be integrated on the site.
The site can be used to generate and sell traffic – from setting seo links to introducing an iframe code leading to the so-called. Bundles of exploits – automated systems for exploiting vulnerabilities in browsers, flash players, etc.
Different types of attacks
Recently, more and more often you can hear about the so-called targeted attacks (advanced persistent threat, APT), in which site hacking is not the last place.
- Web hacking is often a so-called. As an entry point to the corporate network, from the website they receive all possible information for conducting an effective phishing campaign. Users, meta tags and service information of all possible documents contained on the site are analyzed.
- Also, sites can be hacked during watering-hole attacks. The attacker does not attack the company’s main website (which can be perfectly protected). But related resources – the partner’s website, the labor exchange and other systems visited by company employees. From these sites, the registration data of employees of the company of interest can be extracted. As well as malicious software installed for drive-by-download attacks.
Such attacks can be ordered by unscrupulous competitors, government organizations. Also, on hacked sites, you can install spam software and other programs from the attackers’ arsenal.
All in all
I would like to note that the example analyzed in the article is not some particularly complex and insidious consequence of hacking a site. On most sites hacked as a result of an untargeted attack, approximately the same thing is observed. The good news is that now you know what you have to deal with. As the saying goes, “forewarned is forearmed”.