Hacking attempts on websites are far more common than you might think.
While many of us don’t see them, silent attacks are always underway everywhere on the net. A good portion of attacks are targeted at web hosting accounts.
There are two broad categories of web hosting vulnerabilities. The first is general, while the second is more plan-specific. For example, among the types of web hosting plans, shared hosting is usually considered the most vulnerable.
Malicious actors have been known to target entire web servers in their attempts to build Botnets. In these attempts, common targets include web server frameworks and generally involve publicly available exploits.
These advanced and concentrated efforts can often overcome less resilient web hosting providers. Thankfully, once discovered, the vulnerabilities are typically patched fairly rapidly by most web hosts.
Duration of DDoS attacks in Q1 2020 and Q1 and Q4 2019. In Q1 2020, there was a significant increase in both the quantity and quality of DDoS attacks. The number of attacks doubled against the previous reporting period, and by 80% against Q1 2019. The attacks also became longer with a clear rise in both the average and maximum duration
Distributed Denial of Service (DDoS) isn’t a vulnerability, but as the name implies, is a form of attack. Malicious actors attempt to flood a server (or particular service) with an overwhelming amount of data.
Web hosting services which are not prepared for this can be paralyzed by these attacks. As more resources are consumed, websites on the server are left unable to respond to real queries from visitors.
Basic website owners, especially those on shared hosting, will often have no idea whether their servers have been configured properly or not. A significant number of issues can arise from poorly configured servers.
For example, the running of unpatched or outdated applications. Although there are error handling mechanisms for technical issues that arise during execution, flaws can remain unseen until exploited.
Inaccurate configuration in the server, can cause the server to not verify access rights correctly. Hiding restricted functions or links to the URL alone is insufficient as hackers can guess the probable parameters, typical locations and then do a brute-force access.
As an example of this, an attacker can make use of something as small and simple as an unprotected JPEG to gain admin access to the server. They modify a simple parameter that points to an object in the system and then they are in.
In a shared hosting environment, it can be said that everyone is sitting in the same boat. Despite each server having potentially hundreds of users, a single attack can sink the entire ship, so to speak.
Shared hosting accounts are like broad pools of data. Although each account is allocated some resources, in general they all reside within a single environment. All files, content and data actually sits on the same space, simply divided by file structure.
Because of this, sites on shared hosting plans are intrinsically linked. If a hacker were to gain access to the main directory, all sites may be at risk. Even if a single account is compromised, attacks which drain resources will have significant impact.
Although software vulnerabilities exist for all types of hosting accounts, shared servers are typically at far greater risk. Due to the large number of accounts per server, there may be a significant number of varying applications in place – all of which require regular updates.
In a similar fashion to software vulnerabilities, Malware can have a profound impact on a shared hosting server. These malicious programs can find their way onto shared hosting accounts in so many ways.
There are so many types of viruses, trojans, worms, and spyware that anything is possible. Because of the nature of shared hosting, if your neighbour has it – you will likely catch it as well, eventually.
Shared hosting accounts also share IP addresses. It is usual that multiple sites on shared hosting accounts be identified by a single IP address. This opens up a whole host of potential problems.
For example, should one of the websites behave badly (such as sending spam, etc) it is possible that all other sites sharing the IP end up blacklisted. Removing a blacklisted IP cna be immensely challenging.
The nature of VPS or Cloud means that they are generally more secure than cheap shared hosting servers.
However, the potential of access to more advanced interconnected servers means that the payday for hackers is also more lucrative. As such, more advanced methods of intrusion can be expected.
Also known as cross-site request forgery (CSRF), this flaw is typically observed affecting websites based on poorly secured infrastructure. At times, users save their credentials on certain platforms and this can be risky if the corresponding website does not have a strong infrastructure.
This is especially common on web hosting accounts which are accessed regularly. In these scenarios, the access is repetitive so credentials are usually saved. Through forgery, users are encouraged to perform an action that they didn’t plan in the first place.
These techniques have in recent times outlined potential weakness to account takeovers in various popular hosting platforms including Bluehost, Dreamhost, HostGator, FatCow, and iPage.
An example of this can be demonstrated as a typical financial fraud scenario.
Attackers can target CSRF-vulnerable persons visiting a valid URL. An automatically executed masked code snippet on the site can instruct the target’s bank to transfer funds automatically.
The code snippet can be buried behind an image perhaps, using codes such as the following:
<img src=http://example.com/app/transferFunds?amount=1500&destinationAccount=4673243243 width=0 height=0 />
For any website or online platform, the most important constituent is data. It is used for projections, analysis and various other purposes. Secondly, if confidential financial information like credit card pins gets into the wrong hands, it can create massive problems.
Data sent to and from a database server must pass through reliable infrastructure. Hackers will try to send SQL scripts to servers so they can extract data such as customer information. This means you need to scan all queries before they reach the server.
If a secure filtering system is not in place, important customer data can be lost. IT should be noted though that such an implementation will increase the time taken to extract records.
Harmful XSS-based scripts can either access confidential information or redirect visitors to links targeted by the hacker. In some cases, companies may also use techniques like this to carry out fraudulent business operations.
Cryptography algorithms usually use random number generators but servers are mostly run without much user interaction. This could lead to the possibility of lower sources of randomization. The result may be easily guessable numbers – a point of weakness for encryption.
Multiple virtual machines are run on top of hypervisors in physical servers. It is possible that an attacker can exploit a hypervisor’s vulnerability remotely. Although rare, in these situations the attacker may be able to gain access to other virtual machines as well.
While resource distribution is a major advantage of Cloud hosting, it can also be a point of weakness. If you’ve heard the term “you are only as strong as your weakest link”, that applies perfectly to the Cloud.
Sophisticated attack and rests mainly on the cloud service providers. This is not specific to the Cloud and can happen anywhere else. Downloads from live update servers can be added with malicious functionality. So, imagine the many users who have downloaded this software. Their devices will be infected with this malicious program.
Application User Interfaces (APIs) are used to help streamline cloud computing processes. If not secured properly they can leave an open channel for hackers to exploit the Cloud’s resources.
With reusable components so popular, it can be difficult to sufficiently safeguard against the use of insecure APIs. To attempt an intrusion, a hacker can simply try basic access attempts over and again – all they need is to find a single unlocked door.
When the majority of us think about website security, it is usually from the angle of overcoming the weaknesses of our own websites. Unfortunately, as you can see, it is equally the responsibility of web hosting providers to safeguard against other attacks as well.
While there isn’t much you can do to convince a service provider to protect itself, this awareness can help you make better web hosting choices. For example, by observing the emphasis a web host places on security, you can get a better idea of how secure they keep their own servers.