You are in danger (most likely)!

Started by judii, Jul 04, 2022, 04:39 AM

Previous topic - Next topic

judiiTopic starter

Dear webmasters!

Don't think that:

a) You have your own server (it doesn't matter dedicated or VPS) and no one except you enters it, you are protected. This is not true.

b) You make backups on the same server (it doesn't matter, just to a separate folder or to a separate disk, you are protected. This is not so.

You can be protected by 99% (100% guarantee only in the State Insurance of the USA) if:

1) You update the software on your server in a timely manner, including website engines, and, preferably, regularly perform a basic security audit.

2) Make backups to a remote storage + periodically download backups to your PC.

I specifically place a topic in this section, because, unfortunately, a huge number of webmasters do not even know that their many years of work is under threat and do not go to the "Security" section, because they perform points a) and b) and think that are safe. This is self-deception and/or ignorance!

If you follow only points a) and b) one day,  you may find that your sites are no longer available, and all data is encrypted and blocked, and you will find this message:

QuoteI'VE ENCRYPTED ALL YOUR SENSITIVE DATA!!! IT'S A STRONG ENCRYPTION, SO DON'T BE NAIVE TO RESTORE IT;)

YOU CAN BUY A DECRYPTION KEY FOR A SMALL AMOUNT OF BITCOINS!

YOU HAVE 7 DAYS TO DECRYPT YOUR FILES OR YOUR DATA WILL BE PERMANENTLY LOST!!!

PLEASE VISIT MY SITE WITH TOR BROWSER http........../

Recently, very unpleasant vulnerabilities have been discovered in server software that allow servers to be hаcked even remotely and with obtaining root superuser rights. If you don't follow steps 1) and 2) (at the very least), you're putting yourself in great danger!
  •  

keiron

My client ran into that situation.

Backup service is like insurance. In the sense that, according to polls, everyone wants it, but in fact, no one wants to pay reasonable money. And without money, it turns out to be a repository where you can upload backups via FTP. This is also a step in the right direction, but only partially solves the problem.
  •  

rahul123

Web server vulnerabilities
A web server is a program that stores files (usually web pages) and makes them available over a network or the Internet. A web server requires both hardware and software. Attackers typically target software exploits in order to gain authorized access to a web  server. Let's take a look at some common vulnerabilities exploited by attackers.

Default Settings - Attackers can easily guess these settings, such as the default user ID and password. The default settings may also allow certain tasks, such as running commands on the server, to be used.
Misconfiguration of operating systems and networks - Some configurations, such as allowing users to execute commands on a server, can be dangerous if the user does not have a strong password.
Bugs in the operating system and web servers - bugs found in the operating system or server software can also be used to gain unauthorized access to the system.
In addition to the above web server vulnerabilities, the following can also lead to unauthorized access

Lack of security policies and procedures - Lack of security policies and procedures, such as updating antivirus software, patching the operating system and web server software, can create security holes for attackers.

Directory traversal attacks - This type of attack exploits bugs in a server to gain unauthorized access to files and folders that are not in the public domain. Once accessed, an attacker can download sensitive information, execute commands on the server, or install malicious software.

Denial of Service Attacks - This type of attack can cause a server to crash or become unavailable to legitimate users.
Domain Name System Hijacking - With that type of attacker, the DNS settings are changed to point to the attacker's web server. All traffic that should have been sent to the web server is redirected to the wrong one.

Inhaling - decrypted data transmitted over the network can be intercepted and used to gain unauthorized access to the web server.
Phishing. In that type of attack, the attack impersonates websites and directs traffic to a fake site.
Unsuspecting users can be tricked into sending sensitive data such as login details, credit card numbers, etc.
Farming. In that type of attack, the attacker compromises Domain Name System (DNS) servers or the user's computer, so traffic is directed to a malicious website.
Defacement - In that type of attack, the attacker replaces the organization's website with another page that contains the hаcker's name, images, and may include background music and messages.


How to avoid server attacks
An organization can adopt the following policy to protect against web server attacks.

Patch management is the installation of patches to protect the server. A patch is an update that fixes a bug in the software. The patches can be applied to the operating system and the server system.
Secure installation and configuration of the operating system
Secure installation and configuration of web server software
Vulnerability scanning system is tools like Snort, NMap, Scanner Access Now Easy (SANE)
Firewalls can be used to stop simple DoS attacks by blocking all traffic coming to the attacker's identifying source IP addresses.
Antivirus software can be used to remove malware on the web server
Disable remote administration
Default accounts and unused accounts should be removed from the system
Default ports and settings (for instance, FTP on port 21) should be changed to custom ports and settings (FTP port on 5069)
  •