This is the final chapter of my blog series on “Hacked Websites” describing the consequences faced by users of visiting a hacked website, along with a few mitigation guidelines for the developers and webmasters, following on from the previous chapter covering the vulnerabilities and exploits involved in a website compromise.
Back in the old days, hackers used to hack to try to solve problems, to improve internet security and experience, and to boost their own self-esteem. Over time, hackers’ intentions changed and they began to hack for many more troublesome reasons such as to deface a website and convey a specific message, to steal confidential data or services, to host illicit material, for malicious redirects, to utilize a server’s resources for malicious intent, DDos, etc; by and large for money, theft of intellectual property, curiosity, prestige and as a publicity stunt.
Consequences for a user in visiting such a compromised website are that a user may

  • become a victim of a socially engineered phishing attack and give away his/her banking credentials, personal information and credit/debit card data on fraudulent sites.
  • become a victim of unintentional malicious downloads and installs (aka ‘drive-by download’), including becoming part of zombie botnet armies.
  • To ensure a safe and secure visit for a user to their website, webmasters must periodically verify their websites’ integrity. Below are a few of the mitigation guidelines for both developers and webmasters.
    For developers :
    ●     Implementation of effective input/output validation and sanitization approach.
    ●     Implementation of effective account management, authentication and authorization practices.
    ●     Encrypting users’ secret session values and sensitive data.
    ●     Securely handling exceptions, errors and logs.
    ●     Following the standards described in OWASP, CERT guidelines.
    For webmasters :
    ● Do not entertain cloaking, link farming, content autogeneration and other SEO tactics that may welcome SEO Poisoning attacks.
    ● Carefully deliver content from open, restricted and forbidden areas.
    ● Serve sensitive content over secure pipelines such as HTTPS.
    ● Encrypt data (using industry grade encryption algorithms) before storing into database.
    ● Update and patch servers within regular scheduled time intervals.
    ● Perform web application security audits and penetration testing on a regular basis.
    As one would expect, in the event of any compromise of their website, webmasters should carry out the process of clean up and recovery of the hacked website at the earliest with a custom recovery process or by following the guidelines available online.
    I hope this blog series helps people, both laymen as well as webmasters and web developers, in understanding what a hacked website is, the vulnerabilities and exploits involved, and the consequences to a user of visiting a hacked website, and finally the mitigation guidelines for developers and webmasters to reduce the risk of their websites getting hacked.
    Image courtesy of:
    gfi.com
    Priyal Viroja, Vulnerability Researcher, K7TCL
    If you wish to subscribe to our blog, please add the URL provided below to your blog reader:
    https://labs.k7computing.com/feed/

    Like what you're reading? Subscribe to our top stories.

    If you want to subscribe to our monthly newsletter, please submit the form below.