Website security

Website security

July 28, 2024

Have you ever had your website hacked?
For those who did – can you describe the feeling when you realized that your website is now in foreign hands?

In two words: black in the eyes. And in one word: hell.

Every moment you don’t have control over the site, your reputation is in danger (because the hacker can present you however he wants), great financial damage and worst of all? Uncertainty about how to proceed from here.

Fixing a hacked site

Every week new clients contact me with a hacked website.
In most cases we know how to submit the hacked site back to the air within a few hours, but in one case a customer contacted us with a more significant problem.
The attacker redirected all his traffic to another site that looked exactly like his site. An exact copy.

The phone number, the email address, and of course the payment were different from the original, but the users of the site could not notice this.

His website builder team fixed it time and time again only to see the referral return again within seconds until they gave up.

After a short inquiry we managed to find the problem. The hacker broke into the client’s management system using a security weakness in Elementor, and inserted a script that automatically updates the website’s address.
All attempts to fix this were unsuccessful because seconds later the script automatically ran again and the reference to the replicated site returned.

It was clear that the attacker was local, because the language of the duplicated website was Hebrew, the phone number was Israeli, and the domain to which the reference was made was registered in Israel.

After cleaning up the automated script, we left the attacker with a little surprise.
In the same hack that he used to penetrate the site, we added a feature that he could not notice and in his next hacking attempt we gave him the feedback that his hacking was successful, but at the same time we also captured his IP address and other information that we copied from the browser’s cookies. This is how we were able to reveal the identity of the attacker, and we submitted these details to the client so that he could file a complaint with the police about the hacking of the site.

All team members at EOI go through a course in ethical assault to know the enemy, and we see the results in the field.
In one of the largest projects we established in Israel, we underwent a security survey by an external company chosen by the client and not a single security weakness was found.

What is website security?

Website security is a critical issue in an age where the Internet has become a central part of our daily lives. With the increasing use of technology, cybercriminals have become more sophisticated.
It is critical today for businesses to protect their websites and e-commerce platforms from cyber attacks.

Website security refers to the protection of a website against unauthorized access, hacking and information theft.
This is essential for businesses that rely on their website for their online presence, as well as those that transact and store sensitive information online.

We usually divide website hacking into 4 main areas according to the goals of the hacking:

  • Information attacks – The goal of the attacker is to obtain information from your website. The information can be of different types. For example, the list of buyers of an online store can be used as a basis for a competitor’s advertisement, or for a subsequent phishing attack.
    A detailed list of buyers that includes the customer’s name, contact information, address and the item purchased can be used to send an email to buyers requesting an additional payment for shipping fees. A buyer who does not pay attention may pay extra for a purchase he has already made.
    Another attack could be advertising a competing product to the buyer audience of the hacked site, targeting buyers on Facebook and distributing advertising content directly to them. The advertisements can be of a competing product, or of the same product. In one of the cases we saw, the attackers created a mirror site that looked exactly like the attacked site, and directed traffic to it. There is no way to know if they delivered the products purchased on the cloned site.
    With the date of purchase, it is possible to generate automatic legality that will send the buyers of the victim of the attack complementary products or spare parts and actually do a marketing operation to customers who were stolen from another website.

 

  • Referral attacks – The goal of the attacker is to redirect the traffic to another website. There are a variety of reasons for this.
    It is possible that the attacker gets paid for each surfer who enters the site he refers to (certain affiliate programs pay a small amount for each entry of a new user even if he has not bought anything, but in this type of attacks the attacker is injecting traffic from a legitimate marketer’s site), Or to embarrass the victim of the attack. For example, surfers who enter a particularly conservative site may discover references to porn sites.
    In one of the cases we encountered, the attacker directed the surfers from an e-commerce site to a competing site.

 

  • Abortion attacks – an attack aimed at bringing down a website. Under this type of attacks we can name for example Ddos attacks for example. Among the reasons for an abortion attack:
    These types of attacks are often carried out by cybercriminals to extort money from a target by threatening to disrupt their online presence. The attacker demands a ransom in exchange for not launching the attack.

    • Political motivation: Abortion attacks are sometimes used as a form of protest or as a way to disrupt political opponents.
    • Competition: Some businesses may initiate sabotage attacks to disrupt their competitors, with the goal of stealing customers or stealing sensitive information.
    • Personal grudge: Abortion attacks may be initiated by people with a personal grudge against a target, for example, a former employee seeking revenge on their former employer.
    • Cyber ​​warfare: DDos attacks can be used as a form of cyber warfare, as a way for countries to disrupt the infrastructure of their enemies.
    • Hacking: Abortion attacks may be used as a way to distract security personnel from another hacking attempt, or as a smoke screen for a more significant cyber attack.

 

  • Defacement attacks – an attack aimed at corrupting a website, or changing its content in a way that would damage the website. Under this type of attacks can be listed the simple Defacement attacks in which hackers replace the home page with a page with anti-Israeli messages, but even a small and imperceptible update can be very effective. For example, changing the phone number on the website can lead customers to call a competitor, or updating content in a way that will embarrass the target. (I remember an interesting comparison between the size of the organs of blacks and whites that appeared on the website of the KKK, and a reference to the origin of blood diamonds that appeared on the website of a large jewelry chain)

 

So what do we do to prevent this?

First of all, the basic rule is that most attacks are motivated by some kind of interest, so it is possible to refer to them in terms of cost versus benefit.
Our goal when we approach to protect a site is not to prevent it from being hacked, because it is not feasible. In the end, every website and every server can be hacked.
Our goal is to delay the intruder so that the attack is not worthwhile and he will prefer to move on to the next target.

The most basic tools for website protection

  • Installing firewalls: A firewall is a software or hardware device that acts as a barrier between a network and the Internet, blocking unwanted traffic and protecting the network from cyber attacks .
  • Use of secure passwords: The use of strong passwords can prevent unauthorized access to a website, especially for the administrator account. It is essential to change passwords regularly and use a combination of upper and lower case letters, numbers and special characters.
  • Update software regularly: Outdated software can be vulnerable to cyber attacks, so it is essential to update software regularly to keep it secure.</span
  • Data encryption: Data encryption ensures that sensitive information is protected, even if it is intercepted. This is especially important for financial or medical systems.

E-commerce sites are particularly vulnerable to cyber attacks due to the sensitive information they store, including payment and personal information. To secure e-commerce sites, businesses must take additional measures, such as:

  • Use of secure payment systems: Secure payment systems such as SSL (Secure Sockets Layer) and TLS (Transport Layer Security) encrypt information transmitted between website to a client’s browser, making it difficult for cybercriminals to intercept sensitive information.
  • Performing routine vulnerability scans: Regular vulnerability scans can identify and prevent potential threats to an e-commerce site.
  • Implementation of two-factor authentication: Two-factor authentication (2FA) adds an additional layer of security to an e-commerce site by requiring a customer or site administrator Enter a password and a second form of authentication, such as a code sent to their mobile phone.

Summary

Website security and e-commerce website security are critical to protecting businesses from cyber attacks.
By implementing effective security measures, businesses can protect their website and e-commerce platform from unauthorized access, hacking and data theft, while ensuring the safety of their customers and their sensitive information.

In case of hacking or if you have a reasonable doubt that you are not protected, contact us and we will be happy to close the issue for you