Web AttacksThe reason for being exploited by hackers is as follows:
1. Desktop Vulnerabilities
Internet Explorer, Firefox, and Windows operating systems contain many vulnerabilities that can be exploited by hackers, especially when users do not install patches in a timely manner. Hackers can exploit these vulnerabilities to automatically download malware code without the user's consent-also known as hidden download.
2. Server Vulnerabilities
Due to vulnerabilities and Server Management Configuration errors, Internet Information Server (IIS) and Apache network servers are often attacked by hackers.
3. Web server virtual hosting
At the same time, servers hosting several or even thousands of websites are also targets of malicious attacks.
4. Explicit/open proxy
Computers controlled by hackers can be set as proxy servers to bypass URL filtering for communication control, perform anonymous Internet access or act as middlemen for illegal website data streams.
5. HTML can embed objects from completely different servers on the webpage.
Users can access the web page from a specific website, and automatically download objects from legitimate websites such as Google analysis servers; AD servers; malware download websites; or redirect users to malware websites.
6. ordinary users do not know the security status
Most users do not understand the reasons for the three SSL browser checks; do not know how to verify the legitimacy of the Downloaded Program; do not know whether the computer is abnormal; do not use the firewall in the home network; I do not know how to distinguish between phishing and legal web pages.
7. Mobile Code is widely used on websites
Disable JavaScript, Java applets, and ,. NET Applications, Flash, or ActiveX seem to be a good idea, because they all automatically execute scripts or code on your computer, but if these features are disabled, many websites may not be able to browse. This opens the door for poorly-coded Web applications that accept user input and use Cookies, just as in cross-site scripting (XSS. In this case, some data (Cookies) Web applications that need to access other open pages may be messy. Any Web application that accepts user input (blog, Wikis, and comments) may accidentally accept malicious code, which can be returned to other users, unless your input is checked for malicious code.
8. Wide use of all-weather high-speed broadband Internet access
Most enterprise networks are protected by firewalls, and home users without Network Address Translation (NAT) firewalls are vulnerable to attacks and lose their personal information. They act as distributed denial-of-service (DDOS) install a Web server hosting malicious code-home users may not have any doubts about these conditions.
9. general access to HTTP and HTTPS
To access the Internet, you must use the Web. All computers can access HTTP and HTTPS through the firewall (TCP ports 80 and 443 ). It can be assumed that all computers can access the external network. Many programs access the Internet through HTTP, such as IM and P2P software. In addition, these hijacked software opened the channel for sending botnet commands.
10. Use embedded HTML in emails
Because the SMTP Email Gateway restricts email sending to some extent, hackers do not often send malicious code in emails. On the contrary, the HTML in the email is used to obtain malware code from the Web, and the user may not know that a request has been sent to a website.
There are more than 10 reasons for Web attacks. This article only introduces the key points and main reasons to share with you.