12th Sep 2017
Web server security should be a priority for any organization, particularly those who deal with sensitive customer data. With advanced hacking concepts such as URL interpretation, session hijacking, HTML injection, SQL injection etcetera, attackers can breach into the network and steal the stored files. In order to identify such attacks, the administrators must monitor their web servers and watch for the following warning signs:
- General Indications: Most of the hackers try to breach the web servers by attacking the web applications to exploit any loopholes. In order to identify such attacks, you need to keep a check on signs such as multiple ‘404 page not found’ or ‘500 internal server error’ reports in the web server log.
- Your Website Has Been Blacklisted: If your web server has been attacked and is sending out spam, there is a good chance that it has been blacklisted in search engines and email lists. The visitors on your website may get a message that the site cannot load. It will also become impossible for the end user to reset passwords as sending a reset password email will not be feasible from your end.
- The Presence Of Web Shells: Web shells are files through which hackers can easily execute other files on the system. Mostly in the form of text, web shells can be easily masked among other files on the system. It is accompanied by extensions such as cmd.aspx or commandshell.php that gives out a code which can be used by the hacker to gain access to your website.
- Unexplained Server Activity: Keep a regular check on the website so that you can immediately identify any suspicious activity. For instance, your email server process may show high volume of received emails whereas there may be no active visitors on your site. You could also see a Perl script running on your server even though you don’t use it. This is another sign of unauthorized access to your server.
- Attack On Administrative Interfaces: Almost all the web applications have an administrative interface which can be targeted by hackers in order to reach your system. Watch out for telltale signs such as repeatedly failed login attempts, changes in the account or modifications in the application configuration. This can help you identify if your servers have been compromised.
We, at Centex Technologies, can provide businesses with effective network security solutions. For more information, feel free to call us at (855) 375 – 9654.