There are many who say that the websites they are safe to them. Why; "Who will bother to attack my site?" or “Our business is too small to attack”.
There is perhaps this myth that cyber attackers always target specific pages. They do not. Yes, there are some who do, but most attacks are made by bots who know nothing about you, your business or your page.
According to the company security Imperva, half of a website's visitors are bots. Of these, about 29% of all your "visitors" come to attack your site, as reported by ZDNet's Steven J. Vaughan-Nichols.
Contrary to those who believe that their site is too small, the security company Imperva tried to examine sites with the least traffic. According to the company, the less traffic a page has, the more likely it is to be attacked.
"In the less common domains - those frequented by ten visitors (people) a day or less - the 'bad' bots accounted for 47,7% of the visits, while the total bot traffic was 93,3%."
Indeed, "bad bots will try to hack [your site] no matter how popular it is, and bots will continue to visit a domain even if there is no human traffic."
Sounds crazy to you? For humans they may be, but bots are not humans. They are constantly scanning the web for attacks over and over again.
Consider data from Honeynet, an international nonprofit research organization that, with the help of students at Holberton School, recently set up a honeypot to monitor security attacks on a cloud web server (PDF).
The server was running on Amazon Web Services (AWS), and no service was running that would be useful to anyone else. It didn't even have a domain name.
Shortly after starting the server, they started recording network packets for a 24-hour period with the best network traffic analysis tool available today, the Wireshark.
Στη συνέχεια ανέλυσαν το αρχείο δέσμευσης πακέτων με το Wireshark. το Computer Incident Response Center (CIRCL), το Border Gateway Protocol (BGP) ranking API και το p0f, μια passive TCP/IP traffic fingerprinting application.
In one day, in just 24 hours, this anonymous and almost invisible server received more than 250.000 attacks. Think about it and start locking your page.
Of these attacks, the vast majority, 255.796 attempts to connect, were made through Secure Shell (SSH).
The researchers immediately created a honeypot on the server designed to look like a real site to collect attack data. To keep the project operational, they chose to open HTTP (Hypertext Transfer Protocol), SSH and the Telecommunications Network (Telnet) for attacks.
Telnet; Who uses Telnet now? Thanks to the ill-designed devices of the Internet of Things (IoT), telenet lives and reigns. Some IoT gadgets use Telnet for management and Telnet has never been secure.
Most of the HTTP attacks took place on PHPMyadmin, a popular MySQL and MariaDB management system. Many web content management systems, such as WordPress, use these databases. Vulnerable WordPress plug-ins also offer a good gateway to malicious bots.
Many of the attack attempts use old malware, known configuration problems, and common combinations of usernames and passwords from previously known attacks. For example, the attackers attempted to hack the server with Shellshock, although it was patched in 2014 and the Apache Struts vulnerability, which was fixed in March 2017. attack.
"99,99% of security incidents are from vulnerabilities that have been resolved."
As for SSH, most of the attacks were brute-force attacks, which used lists of commonly used usernames and passwords on TCP ports.
Is it a coincidence that Imperva found that one in three visitors to a website is from an attacking bot?
These attacks are not sophisticated. They are made by bots and botnets and hit as many pages as they can find. These automated hackers target weak, unprotected sites.
The lesson of this story is that if you have an internet presence you should follow basic safety rules. Using a firewall, instant updates, and disabling services you do not use should become a habit, as each website receives thousands of attacks on a daily basis.
