There are many who say that their websites are safe. Why; "Who will bother attacking my site?" or "Our business is too small to be attacked."
There is perhaps this myth that cyber attackers always target specific pages. They do not. Yes, there are some who do, but most attacks are made by bots who know nothing about you, your business or your page.
According to security company Imperva, half of the visitors to a website are bots. Of these, about 29% of all your "visitors" come to attack your site, according to ZDNet's Steven J. Vaughan-Nichols.
Contrary to those who believe that their site is too small, the security company Imperva tried to examine sites with the least traffic. According to the company, the less traffic a page has, the more likely it is to be attacked.
"In the less common domains - those frequented by ten visitors (people) a day or less - the 'bad' bots accounted for 47,7% of the visits, while the total bot traffic was 93,3%."
Indeed, "bad bots will try to hack [your site] no matter how popular it is, and bots will continue to visit a domain even if there is no human traffic."
Sounds crazy to you? For humans they may be, but bots are not humans. They are constantly scanning the web for attacks over and over again.
Ας δούμε τα στοιχεία από τη Honeynet, μια διεθνή ερευνητική οργάνωση μη κερδοσκοπικού χαρακτήρα, που με τη βοήθεια φοιτητών από το Holberton School, δημιούργησαν πρόσφατα ένα honeypot για να παρακολουθούν επιθέσεις ασφαλείας σε ένα web server στο σύννεφο (PDF).
The server was running Amazon Web Services (AWS), and there was no service that would be useful to someone else. It did not even have a domain name.
Shortly after starting the server, they started recording network packets for a 24-hour period with the best network traffic analysis tool available today, the Wireshark.
They then analyzed the package commitment file with Wireshark. the Computer Incident Response Center (CIRCL), the Border Gateway Protocol (BGP) ranking API and p0f, a passive TCP / IP traffic fingerprinting application.
In one day, in just 24 hours, this anonymous and almost invisible server received more than 250.000 attacks. Think about it and start locking your page.
Of these attacks, the vast majority, 255.796 attempts to connect, were made through Secure Shell (SSH).
Οι ερευνητές δημιούργησαν αμέσως μετά ένα honeypot, στον διακομιστή σχεδιασμένο να μοιάζει με ένα πραγματικό site, για τη συλλογή δεδομένων επίθεσης. Για να διατηρήσουν το project λειτουργικό, επέλεξαν να ανοίξουν το πρωτόκολλο HTTP (Hypertext Transfer Protocol), SSH και το Telecommunications Network (Telnet) για επιθέσεις.
Telnet; Who uses Telnet now? Thanks to the ill-designed devices of the Internet of Things (IoT), telenet lives and reigns. Some IoT gadgets use Telnet for management and Telnet has never been secure.
Most of the HTTP attacks were done on PHPMyadmin, a popular one system MySQL and MariaDB management. Many web content management systems, such as WordPress, use these databases. Vulnerable WordPress plugins also provide a good port of entry for malicious bots.
Many of the attack attempts use old malware, known configuration problems, and common combinations of usernames and passwords from previously known attacks. For example, the attackers attempted to hack the server with Shellshock, although it was patched in 2014 and the Apache Struts vulnerability, which was fixed in March 2017. attack.
“99,99% of security incidents are from vulnerabilities which were resolved".
As for SSH, most of the attacks were brute-force attacks, which used lists of commonly used usernames and passwords on TCP ports.
Is it a coincidence that Imperva found that one in three visitors to a website is from an attacking bot?
These attacks are not sophisticated. They are carried out by bots and botnets και χτυπούν όσες σελίδες βρίσκουν. Αυτοί οι αυτοματοποιημένοι hackers έχουν σαν στόχο αδύναμες, μη προστατευμένα sites.
The lesson of this story is that if you have an internet presence you should follow basic safety rules. Using a firewall, instant updates, and disabling services you do not use should become a habit, as each website receives thousands of attacks on a daily basis.
