Thursday, July 4, 2013

An Easy Way to Hack Into Your Web Site

How vulnerable is is your web site?

You hear news stories all the time about sites being "hacked" - But what does that mean? And are you in danger?

First, let's look at hacking. "Hacking" can mean just about anything that involves breaking into your computer systems. Think of it like hacking down a door with an axe to gain entry. After someone has access to your systems, the Hacker can then do a variety things ranging from looking at sensitive information to stealing information, and even destroying information.

Illustration One
Each computer on the Internet can do many things. For example, one machine might store files, serve up email, and host your web site. The web portal (port 80) is the most attacked port on the Internet. That's why we HIGHLY recommend that your web site be hosted somewhere other than at your office.

On the left you can see that a hacker can come in from the internet, break into your web server, and then attack your other computers. This includes other servers and even desktop machines.

See Illustration One.

It takes some effort to break in like this, but the bad guys work at it full time. Sometimes they just want to be destructive, and breaking into your web server is just the first step to destroying your entire network.

Sometimes hackers are looking for sensitive information such as credit cards, password files, or financial data. They have programs that will scour your entire network and forward information back to the bad guys.

I hope you see why we don't want you to have your web server in your office!

Illustration Two
Now look at Illustration Two. When your web site is located at a hosted site, there's really nothing there to break into except a bunch of web servers. One is yours, and all the others belong to someone else.

With a hosted web server, hackers might be able to break into your web server, but there's no way they can get to your other company servers - because they're not connected in any way.

With a hosted web server, you need to have a great backup in case your server is hacked. For 99% of all small business web sites, restoring a web server is fast and easy - if you have a good, recent backup that's tested.

A Quick and Easy Method For Breaking Into Your Web Site

Many web sites are very secure, like your car. But you can't leave the keys in the ignition and think you're safe! If you or your programmer has ever forgotten the password to your web server, you may have had to "crack" that password with tool built just for that purpose.

It is extremely important that you delete any cracking tools from your server as soon as you gain access to it. If you leave them lying around, someone will eventually find them. One very common way that low-tech hackers break into web sites is to look for these tools.

For example, WordPress is a very common platform for web sites. And it has a well-known password reset routine. When the password reset code is in place, you can browse to

If you delete the program emergency.php as soon as the password is reset, then you're safe.

Bad guys pick web sites at random and try to access the /emergency.php program. If it's there, the bad guys are in! They don't have to hack and crack and work hard. They just have to browse to that address. If that code exists for any reason, they can use it.

In addition to testing your site, you should also just take a minute and ask your computer consultant to verify that the most basic holes in your security are plugged. If you're worried, it's probably a good idea to pay for a security analysis once a year.

Hire Professionals - Please

Many people who know "something" about computers go into consulting because they think it looks easy. But if they don't have training and experience, they don't know about little tricks like this.

And the really bad news is that there are a thousand tricks like this!

That's why it's important to hire a real consultant and not an amateur. What have you got to lose? Everything!