Hacking Web Servers – Today most online services are executed as web applications. Online banking, web search engines, email applications, and social networks are examples of web services. Web content is created in real time by a software application running at server-side. So hackers attack on the web server to steal credential information, passwords, and business information by using DoS (DDos) attacks, SYN flood, ping flood, port scan, sniffing attacks, and social engineering attacks. In the area of web security, despite strong encryption on the browser-server channel, web users still have no guarantee about what happens at the other end.
Websites are hosted on web servers. Web servers are themselves computers running an operating system; connected to the back-end database, running several applications. Any vulnerability in the applications, Database, Operating system or in the network will lead to an attack on the web server.
Web Server Vulnerabilities
-
Default settings
- A lot of hacking of web servers occur as a result of system administrator leaving settings as default user names, default passwords as well as default file allocations, file settings, file execution types, etc.
-
Default Accounts
- Default accounts, user names and passwords for many internet facing devices must be changed as this is a very easy way to hack the target.
-
Misconfiguration
- This vulnerability happens when the system admin has not organized the server or the application on the server. This will give easy access to the server and the application.
-
Software Vulnerabilities
- The admin must patch the software regularly and reboot and maintain their service because with new software vulnerabilities it is easier for tools like ‘metasploit’ to really crash the software vulnerabilities.
-
Lack of security policy and procedures
- If the company follow robust security policy and procedure it is less prone to hijacking.
-
Bad Hygiene – Backups etc.
- The backups and other system information not kept securely leave the system vulnerable to the hackers.
-
CMS – Rich Target Environment
- If one is using CMS to manage the website, one must follow strict security procedure to safeguard itself from hijackers.
Types of Web Servers
Apache
- It is free and open source. Many websites are hosted on Apache because of its ease of use.
IIS
- It is owned by Microsoft and its use is increasing significantly.
NGINX
- For large websites like Facebook, Twitter, NGINX is used as it has good multithreading abilities.
Web Server Attack Techniques
- Denial of Service
- DNS / Domain Hijacking
- Brute Force Login
- Directory Transversal
- Buffer Overflow
- Command Execution
Impact of Web Server Attacks ?
- Reputational Harm – If the website goes offline or it gets spoiled or if the user data is taken, it could lead to loss of reputation for the website.
- “Beachhead” into the network – If the website is hosted on to the company network and if it gets hijacked the attacker has access to all the website as well as company information.
- Defacement – Many hijackers usually take over the web server and then change the actual landing page with some sort of political, religious or just embarrassing message.
- Data Theft – If we compromise on the web servers, the data is more prone to theft.
- Malware Servicing – If we compromise the web server and there that download malware or Trojans, then it can become a victim of a hijacker easily.
Countermeasures
- Software Patches – One must always patch the software, maintain the web server, and update OS and applications so as to get protection from vulnerabilities.
- Server and Software Hardening – It means that both server and software must perform the task they had to do.
- Vulnerability Scanning – Look for vulnerabilities on the web server.
- Firewalls – There must be a firewall to protect the web server from annoying attacks.
- Limit Remote Admin
- Change Default Settings
- Penetration Testing
- Constant Vigilance