Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2017-08-16 14:13:01.0

SiteLock - Common Hacks

Article Number: 46370

User-added image
 

DDoS - A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers.  This is the result of multiple compromised systems (for example a botnet) flooding the targeted system(s) with traffic.  When a server is overloaded with connections, new connections can no longer be accepted and the system shuts down.

Purpose: Shut down a website or company

Consequences: Down time, lost business, lost reputation

Remediation: SiteLock does not currently have remediation services

Redirect - (.htaccess - Linux) (web.config - windows) – This is when a website is correctly viewable when accessed through a browser directly, however when the site is searched for within Google or another search engine it is redirected to an unintended site.  This type of a hack is commonly referred to as a .htaccess hack as that is the file affected.

Purpose: Steal traffic to increase SEO, ruin reputation, and steal customer info

Consequences: Lost business, lost reputation, customer lawsuits for stolen data

Remediation: Cleaning out the infected code with SMART or manually

Backdoor – When hackers break into a website or hosting account they will commonly leave a “Backdoor” file.  This allows them easy access to come and go as they please. This is commonly found on sites that have had several attacks within a small period of time.  These hacks are not as easy to find as there is usually no malicious script.  They look just like normal files but are very malicious and give total control to the hacker.

Purpose: Ongoing control of a website

Consequences: Unlimited negative possibilities

Remediation: Cleaning out the infected code with SMART or manually

Defacement – This occurs when a customer’s website is replaced with a site the hacker puts up.  This is commonly a one page site glorifying the hacker, hacking group or an opinion or belief by the hacker.  This is usually where a hacker has replaced or rewritten a customer’s index file with a file of their own. 

Purpose: Claim hacker credibility, practice, promote their belief/cause

Consequences: Lost business, customer distrust, lost reputation, blacklisting

Remediation: Remove the infected index file manually

Malware (Links) – This is one of the most common types of hacks seen at SiteLock.  This is when a customer is directly or indirectly linking to a third party site that has been blacklisted by Google.  Linking to a blacklisted site can result in your website being blacklisted by Google as well (domino effect).  So whether the customer is linking to their friend’s site (puppyblankets.com) or the hacker has added new links for SEO purpose (buygoldcheapnow.us) the customer is in danger of being blacklisted by Google.

Purpose: Increase traffic to 3rd party sites, ruin reputation, practice

Consequences: Customers sent to wrong sites, customer distrust, blacklisting

Remediation: Manual website clean

SQLi – (Pronounced Sequel Injections) A code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).  SQL injections exploit security vulnerabilities in an application's software, for example, when user input fields are not properly verified or when escape characters embedded in SQL statements are not used.  SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. 

Examples:

  • On October 1, 2012, a hacker group called "Team GhostShell" published the personal records of students, faculty, employees, and alumni from 53 universities including Harvard, Princeton, Stanford, Cornell, Johns Hopkins, and the University of Zurich on pastebin.com.  The hackers claimed that they were trying to “raise awareness towards the changes made in today’s education”, siting changing education laws in Europe and increases in tuition in the US.
  • On June 27, 2013, the hacker group "RedHack" breached the Istanbul Administration Site.  They claimed that they’ve been able to erase people's debts to water, gas, internet, electricity, and telephone companies.  Additionally, they published admin user name and password for other citizens to login and clear their debts.
  • On June 1, 2011, "Hacktivists" were accused of using SQLi to steal coupons, download keys, and passwords that were stored in plaintext on Sony's website, accessing the personal information of a million users.

Purpose: Steal sensitive information stored in databases

Consequences: Lost customers, lost reputation, fines and fees

Remediation: Manual fix, validation of input fields, escape characters

Cross-Site Scripting (XSS) – There are two main types of cross-site scripting, reflective and stored.

Reflected (Non-Persistent): This occurs when the script or coding that they hacker has created is sent via a third party tool like an email.  They will send this script in an email asking the victim to click on the link below and verify your logins or check out this site for instance.  When the victim clicks on the link the code will be sent to the web application and then returned to the victim, essentially executing the code or script.  If the victim enters any information it can be sent to the hacker and session cookies can be stolen.

Stored (Persistent): This is when the script or malware is stored on the web application.  Stored XSS attacks are the most devastating as they affect all visitors to that specific page or link. 

            Purpose: Phishing or stealing customer information

            Consequences: lost business, lost reputation, lawsuits

            Remediation: Manual fixes, validation of input fields, escape characters

Pharma Hack – When a client has a site with several pharmacy ads on it you will know they are a victim of this type of attack.  This can be seen directly on the website or when searched in Google.  Sometimes hackers will hyperlink random words on a customer’s site that when clicked on take the visitor to an online pharmacy.  Other times this will show pharmacy ads as headers when the site is searched in Google.

Purpose: Increased business for the online pharmacy, ruin reputation

Consequences: Lost reputation, lost business, customer distrust, blacklisting

Remediation: Remove the pharma coding automatically or manually


If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance: 

Hours of Operation: 
Sunday 8:00 PM ET to Friday 8:00 PM ET 
North America (toll free): 1-866-267-9297 
Outside North America: 1-613-270-2680 (or see the list below) 
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call. 

CountryNumber
Australia0011 - 800-3687-7863
1-800-767-513
Austria00 - 800-3687-7863
Belgium00 - 800-3687-7863
Denmark00 - 800-3687-7863
Finland990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France00 - 800-3687-7863
Germany00 - 800-3687-7863
Hong Kong001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland00 - 800-3687-7863
Israel014 - 800-3687-7863
Italy00 - 800-3687-7863
Japan001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia00 - 800-3687-7863
Netherlands00 - 800-3687-7863
New Zealand00 - 800-3687-7863
0800-4413101
Norway00 - 800-3687-7863
Singapore001 - 800-3687-7863
Spain00 - 800-3687-7863
Sweden00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland00 - 800-3687-7863
Taiwan00 - 800-3687-7863
United Kingdom00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088

TN8911