Web server vulnerabilities
A web server is program that stores files i.e. web pages and they are accessible via the network or internet. A web server requires both hardware and software. Attackers usually target the exploits in the software to gain authorized access to the server. Let’s look at some of the common vulnerabilities that attackers take advantage of and hack web server.
Default settings– These settings such as default user id and passwords can be easily guessed by the attackers. Default settings might also allow perform certain tasks such as running commands on the server which can be exploited.
Misconfiguration of operating systems and networks – certain configuration such as allowing users to execute commands on the server can be dangerous if the user does not have a good password.
Bugs in the operating system and web servers– discovered bugs in the operating system or web server software can also be exploited to gain unauthorized access to the system.
In additional to the above mentioned web server vulnerabilities, the following can also led to unauthorized access
Lack of security policy and procedures– lack of a security policy and procedures such as updating antivirus software, patching the operating system and web server software can create security loop holes for attackers.
Types of Web Servers
- Apache– This is the commonly used web server on the internet. It is cross platform but is it’s usually installed on Linux. Most PHP websites are hosted on apache servers.
Internet Information Services (IIS)– It is developed by Microsoft. It runs on windows and is the second most used web server on the internet. Most asp and aspx websites are hosted on IIS servers.
- Apache Tomcat – Most Java server pages (jsp) websites are hosted on this type of web server.
- Other web servers – These include Novell’s Web Server and IBM’s Lotus Domino servers.
Types of Attacks against Web Servers
- Directory traversal attacks– This type of attacks exploits bugs in the web server to gain unauthorized access to files and folders that are not in the public domain. Once the attacker has gained access, they can download sensitive information, execute commands on the server or install malicious software.
- Denial of Service Attacks– With this type of attack, the web server may crash or become unavailable to the legitimate users.
- Domain Name System Hijacking – Withthis type of attacker, the DNS setting are changed to point to the attacker’s web server. All traffic that was supposed to be sent to the web server is redirected to the wrong one.
- Sniffing– Unencrypted data sent over the network may be intercepted and used to gain unauthorized access to the web server.
- Phishing– With this type of attack, the attack impersonates the websites and directs traffic to the fake website. Unsuspecting users may be tricked into submitting sensitive data such as login details, credit card numbers etc.
- Pharming– With this type of attack, the attacker compromises the Domain Name System (DNS) servers or on the user computer so that traffic is directed to a malicious site.
- Defacement– With this type of attack, the attacker replaces the organization’s website with a different page that contains the hacker’s name, images and may include background music and messages.
continue on next page..