The 5 most common website attacks in 2018 & how to defeat them.

1. Bots & Website scraping

 

Bots are clever little bits of code the trawl around the internet. There are some nice bots like Googles bots which help index your website on search engines.

But then there are those downright naughty bots, and these bad bots now make up one-third of internet traffic according to recent research by Impreva.

What does it mean to me?

These little tinkers have the ability to link up a number of different computers and networks to generate one motherload of a website attack in a single hit.

Spambots also lurk around the internet stealing data such as email addresses in order to send junk emails in huge numbers. They can also be used to try and attempt login access to your website using various usernames and passwords.

How do I stop it

An anti-bot solution should be set in place to block the naughty ones and allow the nice ones. These are also self learning, by detecting a high number of hits from a single source and then blocking that source in future. We provide this happy little solution as part of our premium hosting & security solutions.

 

2. DDoS Attacks

 

A DDos (Distributed Denial of Service) attack comes from clever bots that have linked a number of computers together for a single evil purpose.

These linked networks then create a huge amount of traffic towards a single website like a heat syncing nuclear missile.

What does it mean to me?

When your website gets hit with a DDos attack it creates a bottleneck effect in your resources and bandwidth until your website eventually gives up and keels over on its back (shuts down). At best can cause your website to go down for a short time, or at worst corrupt your data entirely. Meaning either a short term or long term loss of sales and online reputation.

How do I stop it?

Having a firewall on your server as well as website is the best way of preventing DDos Attacks. As part of our premium hosting & security package we include additional ‘learning’ detection that in the first instance blocks all known offending computers (across the web) that have been used to do this, and in the second instance detects any huge floods of traffic and automatically blocks these at present and in the future. In addition we run a downtime monitor which instantly notifies any of our team (and our CEO’s watch) in the unlikely event that your website does ever go down.

 

3. Cross-site Scripting Attacks

 

Known as XSS, this little bliter attempts to insert bad code into areas of your website.

The bad code is then automatically used against any of the unsuspecting victims that may be using your website.

What does it mean to me?

If your website is compromised, this means that when a user clicks a link on your website they will go to another dodgy destination. The users personal data and other critical information can then be easily stolen. In essence, an all-round GDPR nightmare as well as something you do not want to have to explain to your customers!

How can I stop it?

This is based around the quality of code. If your website runs on a content management system such as WordPress or Magento then the key here is ensuring your CMS software and any plugins are up to date, as holes can often be found and exploited in these popular business website solutions.

Although it is worth noting, if you do not know what you are doing then updating your website CMS or Plugins could also cause you to potentially break your website unintentionally. Luckily we offer monthly CMS and Plugin updates bundled in to one of our Premium hosting & security solutions.

 

4. SQL Injection

 

No one likes an injection! These attempt to inject SQL (commands) into your database so they cause mayhem. This can be caused by loopholes in your CMS or plugin code in the same way as the aforementioned Cross-Site Scripting attacks. SQL injections will often try to exploit their attacks using contact forms or other input fields.

What does it mean to me?

If successful, an SQL injection could allow the attacker to steal personal data, customer data and even credit card numbers. This could result in a potential GDPR related fine as well as complete loss of trust from any of your valued customers.

How do I stop it?

Firstly ensuring there are no loopholes in your website by keeping your CMS and any plugins up to date.
Secondly having a website based firewall can automatically filter out any malicious SQL injections from your website. Again we always ensure these kind of preventions are in place with our premium hosting & security packages.
 

5. Man in the middle and Malware

Malware seeks to delve into any potential exploits in your website by any means possible.

In addition Man in the middle attacks mean that without having a secure website HTTPS certificate, any users data input can be stolen if they are on an open network.

What does it mean to me?

With malware attacks your website content could be changed or used to promote any unscrupulous adverts generating money for the attacker. Malware can also be used to delete and hold you to ransom for any important data. A man in the middle could also be used to gain password access to your website either via your own admin or clients login details if they are browsing on an open wifi network. This can cause a whole number of costly issues and loss of sales depending on the level of attack.

How do I stop it?

A web based malware scanner can ensure your website code is scanned and cleansed as well as blocking any known or potential attacker sources. In addition adding a HTTPS Certificate (The little green padlock you see in web browsers) will block any Man in the Middle attacks by sending everything all data through encrypted secure methods. Again we include these as part of our now standard premium hosting & security.


In summary

It all sounds pretty scary, and it might never happen to you. But with these kind of attacks only on the increase and bad-bots taking up a third of online traffic then having a secure hosted solution is an insurance worth considering.

If you have any more questions or are unsure on how protected your website is at present then please contact us today and we will happily provide any advise.