SiteLock's Glossary of Hacks
While hackers can get creative with how they compromise a site, there are things they typically do.
If SiteLock™ detects any of these issues during its scans (more info), they offer tools to fix them (more info).
Redirect (.htaccess on Linux or web.config on Windows) — This is when a website is correctly viewable when accessed through a browser directly; however, when the site is searched for within Google® or another search engine, it is redirected to an unintended site. This type of a hack is commonly referred to as an .htaccess hack as that is the file affected.
- Purpose — Steal traffic to increase SEO, ruin reputation, and steal customer info
- Consequences — Lost business, lost reputation, customer lawsuits for stolen data
- Remediation — Cleaning the infected code automatically with SMART or manually through Expert Services
Backdoor — When hackers break into a website or hosting account, they will commonly leave a "Backdoor" file. This allows them easy access to come and go as they please. This is commonly found on sites that have had several attacks within a small period of time. These hacks are not as easy to find as there is usually no malicious script. They look just like normal files but are very malicious and give total control to the hacker.
- Purpose — Ongoing control of a website
- Consequences — Unlimited negative possibilities
- Remediation — Clean and remove the backdoor automatically with SMART or manually through Expert Services
Defacement — This occurs when a customer’s website is replaced with a site the hacker puts up. This is commonly a one-page site glorifying the hacker, hacking group or an opinion or belief by the hacker. This is usually where the hacker has replaced or rewritten a customer’s index file with a file of their own.
- Purpose — Claim hacker credibility, practice, promote their belief/cause
- Consequences — Lost business, customer distrust, lost reputation, blacklisting
- Remediation — Remove the infected index file manually through Expert Services
Malware (Links) — This is one of the most common types of hacks seen at SiteLock. This is when a customer is directly or indirectly linking to a third-party site that has been blacklisted by Google®. Linking to a blacklisted site can result in your website being blacklisted by Google as well (domino effect).
- Purpose — Increase traffic to third-party sites, ruin reputation, practice
- Consequences — Customers sent to wrong sites, customer distrust, blacklisting
- Remediation — Manual website clean through Expert Services
SQLi — (Pronounced "sequel injections") A code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injections exploit security vulnerabilities in an application's software; for example, when user input fields are not properly verified or when escape characters embedded in SQL statements are not used. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Examples:
On Oct. 1, 2012, a hacker group called "Team GhostShell" published the personal records of students, faculty, employees, and alumni from 53 universities — including Harvard, Princeton, Stanford, Cornell, Johns Hopkins, and the University of Zurich — on pastebin.com. The hackers claimed that they were trying to "raise awareness towards the changes made in today’s education," citing changing education laws in Europe and U.S. tuition increases.
On June 1, 2011, "Hacktivists" were accused of using SQLi to steal coupons, download keys, and passwords that were stored in plaintext on Sony's website, accessing the personal information of a million users.
- Purpose — Steal sensitive information stored in databases
- Consequences — Lost customers, lost reputation, fines and fees
- Remediation — Manual fix through Expert Services, validation of input fields, escape characters
Cross-Site Scripting (XSS) — There are two main types of cross-site scripting: reflective and stored.
- Reflected (Non-Persistent) — This occurs when the script or coding that they hacker has created is sent via a third-party tool like an email. They will send this script in an email asking the victim to "click on the link below and verify your logins" or "check out this site," for instance. When the victim clicks on the link, the code will be sent to the Web application and then returned to the victim, essentially executing the code or script. If the victim enters any information, it can be sent to the hacker and session cookies can be stolen.
- Stored (Persistent) — This is when the script or malware is stored on the Web application. Stored XSS attacks are the most devastating as they affect all visitors to that specific page or link.
- Purpose — Phishing or stealing customer information
- Consequences — Lost business, lost reputation, lawsuits
- Remediation — Manual fixes through Expert Services, validation of input fields, escape characters
Pharma Hack — When a client has a site with several pharmacy ads on it, you will know they are a victim of this type of attack. This can be seen directly on the website or when searched in Google. Sometimes hackers will hyperlink random words on a customer’s site that when clicked on take the visitor to an online pharmacy. Other times this will show pharmacy ads as headers when the site is searched in Google.
- Purpose — Increased business for the online pharmacy, ruin reputation
- Consequences — Lost reputation, lost business, customer distrust, blacklisting
- Remediation — Remove the pharma coding automatically through SMART or manually through Expert Services
