There are many who say that their websites are safe. Why; "Who will bother to attack my site?" or "Our business is too small to attack".
There is perhaps this myth that cyber attackers always target specific pages. They do not. Yes, there are some who do, but most attacks are made by bots who know nothing about you, your business or your page.
According to security company Imperva, half of a website's visitors are bots. Of those, about 29% of all your "visitors" come to attack your site, as reported by ZDNet's Steven J. Vaughan-Nichols.
Contrary to those who believe that their site is too small, the security company Imperva tried to examine sites with the least traffic. According to the company, the less traffic a page has, the more likely it is to be attacked.
"On the least popular domains - those frequented by ten (human) visitors per day or less - 'bad' bots accounted for 47,7% of visits, while total bot traffic was 93,3%."
Indeed, “bad bots will try to hack [your site] no matter how popular it is, and bots will continue to visit a domain even if there is no traffic from people».
Sounds crazy to you? For humans they may be, but bots are not humans. They are constantly scanning the web for attacks over and over again.
Ας δούμε τα στοιχεία από τη Honeynet, μια διεθνή ερευνητική οργάνωση μη κερδοσκοπικού χαρακτήρα, που με τη βοήθεια φοιτητών από το Holberton School, δημιούργησαν πρόσφατα ένα honeypot για να παρακολουθούν επιθέσεις ασφαλείας σε ένα web server στο σύννεφο (PDF).
The server was running Amazon Web Services (AWS), and there was no service that would be useful to someone else. It did not even have a domain name.
Shortly after starting the server, they started recording network packets for a 24-hour period with the best network traffic analysis tool available today, the Wireshark.
Then they analyzed it archive packet capture with Wireshark. the Computer Incident Response Center (CIRCL), the Border Gateway Protocol (BGP) ranking API, and p0f, a passive TCP/IP traffic fingerprinting application.
In one day, in just 24 hours, this anonymous and almost invisible server received more than 250.000 attacks. Think about it and start locking your page.
Of these attacks, the vast majority, 255.796 attempts to connect, were made through Secure Shell (SSH).
The researchers immediately created a honeypot on the server designed to look like a real site to collect attack data. To keep the project operational, they chose to open HTTP (Hypertext Transfer Protocol), SSH and the Telecommunications Network (Telnet) for attacks.
Telnet; Who uses Telnet now? Thanks to the ill-designed devices of the Internet of Things (IoT), telenet lives and reigns. Some IoT gadgets use Telnet for management and Telnet has never been secure.
Most of the HTTP attacks were done on PHPMyadmin, a popular MySQL and MariaDB management system. Many web content management systems, such as WordPress, use these fundamentals data. Vulnerable WordPress plugins also provide a good port of entry for malicious bots.
Many of the attack attempts use old malware, known configuration problems, and common combinations of usernames and passwords from previously known attacks. For example, the attackers attempted to hack the server with Shellshock, although it was patched in 2014 and the Apache Struts vulnerability, which was fixed in March 2017. attack.
"99,99% of security incidents are from fixed vulnerabilities."
As for SSH, most of the attacks were brute-force attacks, which used lists of commonly used usernames and passwords on TCP ports.
Is it a coincidence that Imperva found that one in three visitors to a website is from an attacking bot?
These attacks are not sophisticated. They are made by bots and botnets and hit as many pages as they can find. These automated hackers target weak, unprotected sites.
The lesson of this story is that if you have an internet presence you should follow basic safety rules. Using a firewall, instant updates, and disabling services you do not use should become a habit, as each website receives thousands of attacks on a daily basis.
