To protect the server from hacking, you must know the main methods of hacker attacks. Closing possible loopholes, you greatly increase the security of your resource. All the following is of no interest to hackers (they know everything about that), but can be useful for server operators.
How is the attack on the server? First of all a hacker is trying to understand what software is installed on it. For this purpose, he may access located on the server site and enter an incorrect query. In response to this request is incorrectly configured server issues an error message and accompanies him about this text: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8 e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/184.108.40.20635 Server at www.имя_server.com Port 80.
For a hacker this information can be very useful – it sees the version of the installed the HTTPserver (Apache/2.2.14) and versions of other programs and services. Now he can look for exploits (malicious codes) under the vulnerability of the versions of these services. And if your system administrator has not closed the existing loopholes, the hacker can access the computer. A properly configured server should not give any information, or can display deliberately distorted.
One of the simplest ways of hacking, often giving the result, is the view of the server folders. Very often administrators forget to set rights to view them, so the hacker, identifying the structure of the site with appropriate tools, easily opens not intended for viewing folders. If the administrator is a newbie, a hacker can find these folders contain a lot of useful information. For example, the username and password of the administrator. The password is usually encrypted with md5 algorithm, but there are a lot of services for decryption. As a result, the hacker has full control over the site. Conclusion: expose read permissions on the files and opening folders.
Very often, hackers break into the database, using found sql vulnerability. There are special utilities, greatly facilitate the "work" of a hacker. With their help, in a matter of minutes is determined by the vulnerability, then the definition of the name of the database, we calculate the table name and column, then the hacker has full access to data stored in the database of information – such as logins and passwords, data, credit cards, etc.
Be sure to test your resources for the presence of sql vulnerabilities, for this you can use a hacking program. For example, NetDeviLz SQL Scanner. Enter in the program the address of your website, click. If there is a vulnerability site address appears in lower window.
Fairly common situation, when an administrator uses a very simple passwordwhich is easy to selecting. For this purpose, special programs bruteforcer, searching password using dictionaries or according to special algorithms. Your password must be at least 8 characters to be entered in different registers and include letters, numbers, and special characters@,$, etc.
Check your resources for the presence of XSS vulnerabilities, they are very common. Using this loophole, the hacker can get your cookies. Substituting them instead of my own, it is easy to enter the site under your account. To check your resources for possible vulnerabilities take advantage of a completely legal program XSpider.