Ten reasons why hackers attack websites and how to defend them

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

1. Desktop Vulnerabilities

Internet Explorer, Firefox, and Windows operating systems contain many vulnerabilities that hackers can exploit, especially if users often do not install patches in a timely fashion. Hackers use these vulnerabilities to automatically download malware code without user consent-also known as a hidden download.

2. Server Vulnerabilities

Because of vulnerabilities and server Management configuration errors, Internet Information Server (IIS) and Apache network servers are often used by hackers to attack.

3.Web Server Virtual Hosting

Hosting several or even thousands of Web sites is also a target for malicious attacks.

4. Dominant/Open Agent

Hackers-controlled computers can be set up as proxy servers, avoiding URL filtering to control communications, making anonymous Internet access or acting as intermediaries in illegal web site data streams.

5.HTML can embed objects from completely different servers within a Web page

Users can request a Web page from a specific Web site, automatically download objects from legitimate web sites such as Google Analytics servers, ad servers, malware download sites, or redirect to malware sites.

6. Ordinary users are not aware of the security situation

Most users do not understand the reasons for the three SSL browser checks, do not know how to verify the legality of the downloaded program, do not know if the computer is not normal, do not use a firewall within the home network, and do not know how to distinguish between phishing and legitimate web pages.

7. Mobile code is widely used on the website

Disables JavaScript, Java applets, in the browser. NET applications, flash, or ActiveX sounds like a good idea, because they will automatically execute scripts or code on your computer, but if you disable these features, many Web sites may not be able to browse. This opens the door for poorly coded Web applications that accept user input and use cookies as they would in Cross-site scripting (XSS). In this case, some data (Cookies) Web applications that require access to other open pages can be confusing. Any Web application that accepts user input (blogs, Wikis, comment sections) may inadvertently accept malicious code that can be returned to other users unless the user's input is checked for malicious code.

8. Wide application of All-weather high-speed broadband Internet access

Most corporate networks are protected by firewalls, home users without a network address translation (NAT) firewall are vulnerable to attacks and lose personal information, a zombie computer that acts as a distributed denial of Access Service (DDOS), and a Web server that hosts malicious code--a home user may not have any doubts about these situations.

9. Universal access to HTTP and HTTPS

Access to the Internet must use the Web, and all computers can access HTTP and HTTPS (TCP ports 80 and 443) through the firewall. You can assume that all computers have access to the external network. Many programs access the Internet via HTTP, such as IM and Peer-to-peer software. In addition, the hijacked software opens the channel for sending botnet commands.

10. Use embedded HTML in mail

Because the SMTP e-mail gateway restricts the delivery of messages to some extent, hackers have not often sent malicious code in e-mail messages. Instead, the HTML in an e-mail message is used to get malicious software code from the Web, and the user may not even know that a request has been sent to a Web site.

Ten ways to defend against web threats

1. Block access to malicious software servers

When a desktop user requests HTTP and HTTPS Web pages from an unknown malicious software server, immediately blocks this request, saving bandwidth and scanning resources.

2. Limit mobile code to trustworthy sites

Mobile code such as scripting and active code can make the network richer and more interesting, but hackers also infiltrate desktop computers and run executable code or applications to execute scripts embedded in files.

3. Scanning at the Web gateway

Do not assume that all of your desktops are up to date, run anti-virus programs (AVP) or access Computer Management perfect. You can easily control all incoming Web traffic (HTTP, HTTPS, and FTP) by conducting a centralized scan before the malware attempts to enter your network instead of having entered the desktop.

4. Desktop and Web gateway scanning using products from different vendors

The current attack was tested against the popular AVP before it was released. Increased blocking through the diversification of malware scans

Chance of a threat.

5. Update desktop and server patches regularly

Most attacks and threats are spread using application and system vulnerabilities. Reduce the risk that a known vulnerability poses to your computer.

6. Install anti-virus software and keep it updated

Since the boot area virus appears, the installation of anti-virus software has become a standard program for checking incoming files, scanning memory, and current files. Any computer running Windows should have the latest anti-virus software installed. If "bad" has broken through all other network protections, this is the last line of defense. In addition, anti-virus software can be a good defense against malicious software propagated through non-network methods, such as CD-ROM or USB flash.

7. Access only HTTPS sites checked through all browsers

Most users do not understand the importance of three SSL browser checks, or do not understand that you do not access sites that do not pass all three checks. The SSL check is an expired certificate, a publisher that is not trustworthy, and a host name mismatch between the certificate and the requested URL.

8. Download executable programs only from trustworthy websites

Social engineering is very active on the Internet! An effective way to publish malware is to bundle it into seemingly useful programs. After execution, the malware will do whatever it wants. This type of attack is also known as a Trojan horse attack.

9. Do not access the Web site that uses the IP address as a server

Recent attacks are increasingly taking advantage of home computers with simple Web servers installed. The victim's machine is typically directed to a new home computer server through an IP address instead of a DNS host name. The URL of a legitimate Web site uses the host name.

10. Carefully enter the URL to avoid errors

Users should never attempt to access a malicious software site, but accidents can always happen. Incorrectly entering URLs will usually log on to some of the sites waiting for your visit. If your browser does not have all the patches installed, you will most likely download the malware during the download process.

Protecting web gateways, blocking malware

With Web gateway protection, you can block many web attacks. Ensure that your secure Web gateway provides:

-> URL filtering to prevent malware downloads, phone transactions, and error entry

-> malware scanning features, scanning viruses, spyware, malicious mobile Code (MMC), unwanted software, Trojans, botnets, worms, etc.

-> protects against HTTPS network traffic, not just HTTP and FTP

-> check payloads for real file types, rather than trusting file extensions or other file modifications to avoid checking

-> SSL Browser Check Hardening

-> prevents access to URLs with IP addresses instead of host names

-> only allows executable and mobile code from trusted Web sites

-> allows selective access to files in the gray list of executable files for users, such as IT administrators

-> automatically periodically downloads updates from trusted anti-malware providers one day at a time

-> scalable scans for network traffic because users are very sensitive to latency

• Avoid rescan for repetitive traffic

• Abnormal large network downloads (>200KB), do not weaken the performance of conventional network communication scans

• Do not waste resources to maintain a large number of active TCP connections (<150)

-> search on popular web search engines to avoid being directed to malware servers

-> provides scan engine selection to better complement your desktop scan

-> don't believe access to Web pages by IP address

-> can identify infinite streams of data, such as Internet radio broadcasts, which never stop and are never scanned