There are numerous other tactics that can be used to break into a computer system, and these usually involve discovering weaknesses or loopholes in the server software's defenses. When a programmer writes software that runs on a web server, he tries to make sure that the software cannot be abused - but it can be very difficult to foresee every eventuality; vandals and hackers are always pushing software to the limit and trying out operations which the software was not designed to handle, in an attempt to discover a way in.

Usually, hackers practice using a copy of the software on their own server so that they can try out different tactics without getting caught - when they find something that works, they can then use it on other peoples' servers. For this reason, it is often well-established server software that is the focus of the attack, rather than proprietary scripts written for a specific site.

And recently the "Hacker Hall-of-Fame" type of sites are flourishing, disseminating the info about vulnerable sites, scripts, successful attacks, URLs defaced. And once your site is listed on such a site, you should prepare for war - it's just matter of time, when yo will be attacked again and again.

Manufacturers and vendors of software packages for web servers often advise on configuration recommendations which will negate common attack tactics, but sometimes even the manufacturers are unaware of, or don't bother warning about a loophole which can easily be exploited. For example, sometimes the default configuration options are geared towards making the software easy to use and powerful - rather than secure.

Installation log files, release notes, welcome screens, and various other files which are generally just ignored by server administrators can be the source of valuable information for a hacker. For example, just knowing which version of operating system your server runs can allow a hacker to exploit a known weakness in that particular version. If he cannot find out what version you are using, he risks being caught if he just tries out an exploit on the off-chance that it will be successful. It is therefore important to make the hacker's job as difficult as possible by obscuring any information that could be used to identify what software and versions the server is using.

So, generally, the best advice here is to keep all your software - from the server side, as PHP, the Apache, MySQL to your site scripts Joomla and used other packages, as jQuery, mootools, etc. up to date. And hide the version info, as possible.

0
0
0
s2sdefault
Category: Dictionary