With technology being so advanced these days, it’s no wonder that anyone and their uncles are attempting to hack into websites. As many as 30,000 websites are hacked each day. We look into 11 reasons why websites are so easy to hack into, even your mom may be tempted to do it (just be sure put on a strong password for your Facebook account):
Reason #1: Your passwords are too easy to guess
Most times, it doesn’t take a hacker extraordinaire to guess someone’s password and hack into their websites or accounts because it’s just too obvious to ignore. When Gawker’s websites (Gawker.com, Gizmodo and Jezebel were the ones affected) was hacked in 2010, a list of passwords by users and staff were revealed, and indirectly the whole world saw just how hack-able these passwords were because they were too easy to guess! Actual examples include “123456”, “password”, “iloveyou” and “blahblah”.
Reason #2: There are tons of programs that aid hackers and wannabes
Wanna be a hacker? No problem, just download one of the many free programs available on the Internet and before you know it, you can launch an SQL injection attack on other people’s websites like a pro! Commonly used programs include Havij and sqlmap.
Reason #3: If you can hack Google, then you can hack ANYONE
I’m not kidding – Google Dorking is one of the easiest techniques to identify a website’s sensitive data or vulnerabilities, and all these are directly obtained from the search engine itself! If you know the right search terms, you can type in queries and be rewarded with a treasure trove of information which can then be misused.
Reason #4: Vulnerability scanners are a hacker’s BFF
Vulnerability scanners were created to allow web developers seek out a website’s vulnerability so proper testing and fixing can be done before the launch. Unfortunately, hackers have taken advantage of such tools (a popular one being Acunetix) and are using it to identify a site’s weakness(es) and then exploiting them.
Reason #5: Password-guessing software are a dime a dozen
This is yet another case of a tool being misused by hackers to perform malicious deeds. Once upon a time, password recovery tools did just what they were meant to: help website owners recover lost passwords. These days, though, they were elevated to the status of “password-guessing software” (one of the most popular one now is the oclHashcat-plus app) which work relentless by guessing 8 million passwords per second. Talk about being efficient for all the wrong reasons.
Reason #6: People are easily social-engineered
In other words, people are easily manipulated, and this happens all the time on the Internet. Hackers prey on people who are naive, gullible and greedy. To avoid being a victim of the latest hacking, you need to practice due diligence which will lessen the risk of hackers exploiting YOUR vulnerability for their own gains.
Reason #7: Weak web app security leading to cross site scripting (XSS)
User data that’s not properly protected prior to being sent to web browsers may have a higher chance of being intercepted by malicious hackers who will then hijack user sessions and launch phishing or malware attacks. This has happened to Paypal in 2006 when hackers interrupted user sessions, sent them to a phishing site and asked users for their Paypal login information, among other personal and financial details. Paypal has since fixed this vulnerability, thankfully.
Reason #8: SQL injection vulnerability
SQL injection is a type of attack that preys on a website’s known vulnerabilities via a communication method with the server through MySQL. The attacker then injects the server with his own commands, instructing it to do what it would normally NOT do. Luckily this can be averted if website owners took great care to educate themselves with the proper defense techniques.
Reason #9: Feeble web hosting security
Hackers are now targeting web hosting servers to prey on the domains hosted on them (that could be YOU!) in order to unleash mass phishing attacks, thanks to the vulnerabilities in web server administration panels (cPanel or Plesk). Major companies are now investing on web hosting solutions that come with top notch security to prevent breaches.
Reason #10: Malicious file execution
Hackers who use this type of attack usually target websites or applications that accept files from users. Guess.com almost fell prey to this attack in 2002, and if the vulnerability wasn’t discovered by a young programmer, as many 200,000 customer records might’ve fallen into the wrong hands.
Reason #11: Vulnerabilities in third party add-ons
Third party add-ons, such as those found in the WordPress or Joomla platforms, are much desired due to their functionality-enhancing features. Unfortunately, there are so many add-ons that website owners have taken their availability for granted and fail to realize that vulnerabilities may be present in the server software, leading to hackers taking advantage of them. If you’re using add-ons, extensions or plugins on WordPress and Joomla, you should constantly update them so that any known vulnerabilities can be wiped out, or run an online scan to weed out vulnerabilities.
Author Bio: Michelle Lehman is an avid blogger who also loves remodeling her home in her free time. She likes visiting the synthetic grass warehouse and making sure her home is filled with adequate greens, as well as varying hues of blue and yellow.