Monday, August 5, 2019
Signs That My Site Hacked Information Technology Essay
Signs That My Site Hacked Information Technology Essay Assume you are the owner of an e-commerce web site. What are some of the signs that your site has been hacked. Discuss the major type of attacks you could expect and resulting damage on your site. Prepare a brief report based on your findings. You are required to propose web site development to one of the IT entrepreneurs in your area. Consider there are two opinions for building the site in-house with existing staff, out sourcing the entire operation. Discuss which options are in the companys best interest and the reason for choosing that opinion. Provide pros and cons for each option. Prepare a report based on your findings. Introduction to Question (1) Hacking used to be defined as One who is proficient at using or programming a computer; a computer buff. However, this use has been turned around now, to mean that of a cracker One who uses programming skills to gain illegal access to a computer network or file. This information is about this second meaning, cracking. Before we begin I would like to point out that hackers HATE crackers, crackers have given them a bad name. The main differences between the two are that hackers try to make things, crackers try to break things. Hackers made the Internet what it is today. Hackers program websites (among other things) and they do not try and harm the work of others as is thought in todays society. However, as the word hacker is now in such popular use that it is thought it means cracker I will use the words hacking and cracking for describing these cracking methods. Define question (1) Hacking is not a simple operation or sequence of commands as many people think. Hacking is a skill. To hack you must change and adapt your approach depending on the obstacles you come across. Hacking is not a specific term; there are many types of hacking. Answer for Question (1) Some of the signs that my site has been hacked: One of the goals for a hacker is to hack a website without alerting the website owner. Months go by, and a website owner hosts a hacked website without knowing the site has been compromised. The website owner may notice some strange occurrences, but here are some hacked signs that alert the owner of a compromised website. Websites that are hacked can spread malware, and the hacker sometimes steals your customers information. The Eval Base64_decode Function at the Bottom of Your Code The Eval function is used to hide code in PHP blogs such as Blogger and WordPress. The base64_decode decodes encoded text that you are unable to read when you view your website code files. The hacker places a redirection code using eval and base64_decode at the bottom of your PHP file, so you are unable to read the hacked code and dont notice the redirection to the hackers web page. If you did not put the functions on your page, then your blog or website has probably been hacked. Drop in Google Search Engine Results Rank If my site is hacked with a redirection to an online pharmacy, the Google algorithm detects a problem and lowers your search engine rank. If you check your rank often, you notice a drop in rank. You can drop several pages and even hundreds of pages in the search engine results. A Red Warning Alert in Google Chrome or Firefox When Google detects a hacked website, Firefox and Chrome use the Google API to show a warning message to users. Instead of seeing your website, the web browser shows a red screen alerting the reader to a hacked website address. Users can hit the back button or proceed to my site. In most cases, the user prefers to click the back button to avoid infecting the computer. The best way to detect a hacked website is enter your domain name into Chrome or Firefox and see if the red warning screen shows. Google Indexes Your Site with Pharmacy Text If your site has been hacked and redirects to a pharmacy, search your domain name with pharmacy text such as Viagra, pharmacy, or meds. Pornographic search phrases are also used to check if your site has been hacked and redirect to adult websites. This type of check gives you a heads up, and lets you know the hackers code is somewhere in your website code. Check the .htaccess File on Your Host Server The .htaccess file is a part of an Apache server host. One web hack is placing a redirect code in the .htaccess file. Open the .htaccess file located on the root of your web host directory. Read through the file and locate any odd website addresses. If you have a website address that is not yours in the .htaccess file, your file has been hacked. These tips help you identify a hacked website. After I fix the hack, I must identify where my site vulnerability is is located. If I do not identify the security hole, you are susceptible to hacks after you go through the trouble of fixing hacked code. The type of attacks I could expect and the damages Password cracking In most of the cases, user passwords are encrypted to protect the privacy of passwords and maintain security of the system. Password cracking is the process of decrypting encrypted passwords. A program that performs cracking is known as password cracker. Some crackers are also capable of disabling password protection system and may cause free access to anyone and the owner will be losing a lot of information in his web site. Ip spoofing IP spoofing is used to commit criminal activity online and to breach network security. Hackers use IP spoofing so they do not get caught spamming and to perpetrate denial of service attacks. These are attacks that involve massive amounts of information being sent to computers over a network in an effort to crash the entire network. The hacker does not get caught because the origin of the messages cannot be determined due to the bogus IP address. IP spoofing is also used by hackers to breach network security measures by using a bogus IP address that mirrors one of the addresses on the network. This eliminates the need for the hacker to provide a user name and password to log onto the network. Hijacking an Authorized Session With the ability to generate the correct sequence numbers, an attacker can take over an authorized session by simply taking over one of the parties to the session. Having inserted himself in the session, the attacker will simply tell the party taken over that the session has ended, while connecting to the other half of the legitimate session and continuing communication, but this time, according to the attackers dictate. Haven taken over a trusted communication channel, the attacker can then probe the network for vulnerabilities. Sequesnce Guessing Every connection between two hosts using TCP contain sequence numbers for both data and acknowledgement. These numbers, used by the TCP protocol to determine out-of-order and lost packets, is one of the facilities of the connection-oriented TCP design, to ensure reliable delivery to the application layer. The sequence numbers are generated pseudo-randomly and an attacker might send spoofed packets to a victim to determine the algorithm generating the sequence numbers, and then use that knowledge to intercept an existing session. RIP Attacks Routing Information Protocol (RIP) Routing attacks is often seen in routers which implemented the original RIP. Routing Information Protocol (RIP) is used to distribute routing information within networks, such as shortest-paths, and advertising routes out from the local network. The original version of RIP has no built in authentication, and the information provided in a RIP packet is often used without verifying it. An attacker could forge a RIP packet, claiming his host X has the fastest path out of the network. All packets sent out from that network would then be routed through X, where they could be modified or examined. An attacker could also use RIP to effectively impersonate any host, by causing all traffic sent to that host to be sent to the attackers machine instead. Buffer Overflows A Buffer Overflow is a flaw that occurs when more data is written to a block of memory, or buffer, than the buffer is allocated to hold. Exploiting a buffer overflow allows an attacker to modify portions of the target process address space. This ability can be used for a number of purposes, including the following: Control the process execution Crash the process Modify internal variables à The attackers goal is almost always to control the target process execution. This is accomplished by identifying a function pointer in memory that can be modified, directly or indirectly, using the overflow. When such a pointer is used by the program to direct program execution through a jump or call instruction, the attacker-supplied instruction location will be used, thereby allowing the attacker to control the process.à In many cases, the function pointer is modified to reference a location where the attacker has placed assembled machine-specific instructions. These instructions are commonly referred to as shellcode, in reference to the fact that attackers often wish to spawn a command-line environment, or shell, in the context of the running process . Conclusion If I cannot connect to my web site or log in to your control panel, I have to contact your web hosting company. The hacker attack has changed your password and I need to get a new one. The hacker might have also changed your email address associated with my account at the web hosting company but this is unlikely because the password and the email information are generally segregated. Anyway, depending on the company policies, a web hosting firm would either send you a new password over email OR revert with what they need to send you a new password (because they need to verify that the new password request is legitimate). In some cases, I might need to send a fax because the hackers have messed up your email too. Introduction to Question (2) Nowadays, it seems like everyone is saying, I want to site. If you want to build a web site and you know what you want, dont know what you want, trying to learn about it then we have information for you. If you already own a website or a webmaster looking for the best and latest information on successful website development, then we have the website builder for you. Also on this site we have articles and free eBooks on every aspect of website development, including internet marketing, home based businesses and affiliate marketing. Define question (2) There are many different routes a web site owner can go for getting all of the content done for his online business. The two directions he could take, whether its hiring in-house or outsourcing to a content creation company, allow for many different options and different ways to get your content project done. The route you take can have effect on a number of things, like quality of the content, your expenses, and the time it will take to get everything done. Since the content will probably be the most important part of your web site, you will want to take all things into consideration before making your final decision. Answer to Question (2) IN-HOUSE WITH EXISTING STAFF Hiring in-house definitely has its own advantages. This is because anytime you have a valuable resource like a team of writers in the Internet industry you are able to accomplish many different things because there are so many ways that you can use content on the Internet (it doesnt always just have to be on-site content). It all really depends on your own companys content needs however. You will be able to train writers and mold their styles to the way you want your content to be written. ADVANTAGES: Gives you Control If design services are part of your business, then keeping it under your control allows you to provide the best services for your customers. This means that if your business sells design services, or depends on a strong, dynamic online presence for the bulk of its revenue, an in-house design team is essential. You dont want to rely on a contractor over whom you do not have complete control to make or break your business. Communicate Better and Save Time Interacting with outsourced talent can be challenging, especially if your contractor is . People under your purview are easier to find and easier to direct, so when you need something done, you can explain it to them in person. Save (lots of) Money You will find that you will save money in the long run by using in-house talent. Even though you will have to make the investment in payroll and infrastructure, over time you get better results and spend less money than you would by hiring an outside firm. In-house design also benefits from the standpoint of project cost. Contractors often will pocket some or all of the difference if they finish a project below cost. If your In-house team completes the project at less cost, that cost savings shows up in your bottom line. DISADVANTAGES Maintenance contract with an external agency Although probably the most expensive approach, maintenance contract with an external agency does provide the best level of service. If the agency provide the right kind of service this can be very much like working with an outsource team. The agency will really get to understand the business, evolve your website on a regular basis and still provide all of the benefits of an external agency. Part time contractors For smaller organizations that cannot afford fulltime in-house staff but who wish to enjoy the benefits that come with that approach, there is the option to take on a part-time contractor. These individuals will probably have 2 or 3 websites they manage on a regular basis but still will be able to work more closely with you than an external agency. Ad-hoc specialists For larger organisations it may sometimes be appropriate to bring in specialists to compliment an existing in-house team. For example specialists in accessibility, usability or design can often work well alongside an in-house team primarily made up of coders. Outsourcing Outsourcing is contracting out the management and development of a process or production to external sources. Many online businesses have found it desirable to outsource their website. While some businesses lack the in-house expertise, others find the logistics of managing the website distracts their attention from their core competencies and some other find it to be cost-effective. In the present scenario of IT, all organizations whether big or small, depend on outsourcing to stay competitive. This is quite advantageous as a wide range of options is available, in the form of experienced reliable companies offering their services. Outsourcing helps a company to focus on its core business more efficiently. Outsourcing Advantages: You can be assured that if you go this route you are leaving all of your content needs in the hands of very well experienced and trained writers writers that have written for the Internet for a long period of time. There will more than likely be a whole team of editors, project managers, and writers and they will have a their system down pat already and will be ready to take on whatever kind of volume you need to push. You will have a faster turnaround time, and therefore you will be able to scale up quite easily. Outsourcing your content will also save you a lot of time and money. Hiring and training in-house writers takes a lot of time and can also be quite expensive. Outsourcing your content to a company usually means you will spend less money because they usually charge less and you wont have to spend money building up your own resources . Disadvantages: One of the major disadvantages is the differences in writing style that you may see. Outsourcing your content means outsourcing to a number of different writers, all of which have their own unique writing style. Since they have already been trained to write a certain way for the Internet, you will have to make sure that the writers will be able to fulfill your standards in terms of style and SEO needs. For example some people may want a double space after each period and some people like the single space approach. It seems like a small problem, but little problems like that can cause a lot of trouble if not worked out before the project gets started. This problem really escalates if you are outsourcing your content to many different freelancers. Language or cultural differences: Struggling to understand your tech support specialist can make a frustrating situation even worse. Unfortunately, many small businesses choose offshore outsourcing as their least-expensive option, while not considering the time and aggravation spent on communication issues. This can be mitigated either by carefully interviewing various offshore firms and giving them a test drive, or by hiring a local firm. The latter may also allow you to have the specialist on-site, which is highly recommended for handling most IT support needs. Not part of the team: Because outsourced IT specialists are there only when scheduled or when you need them to fix a problem, youll spend time bringing them up to speed when issues do arise or when you want them to provide advice on future technology initiatives. Again, there is a solution: Get an outsourced firm involved in your IT needs on an ongoing basis via managed services. Companies best interest The best for my company would be outsourcing because its gives us a saver web-hosting and trusted from virus. Although its not cheap but it would be easy for us because its been maintain and updated always. This could increase our web viewers and customers too. Conclusion Once you have a team of writers, you will always have to find a way to keep them busy or else you will risk losing them. If you dont have the ability to keep a team of writers busy for a substantial amount of time, then hiring in-house writers would prove to be a big waste of time. Your turnaround time will also not be as fast, and you will spend more time dealing with your writers time that probably could have better been spent elsewhere. A good route to go (a route that many companies take) is to hire a few in-house writers as well as outsource content needs that make sense to outsource. The Internet business calls for unique situations and needs, and the route you go with your content creation should definitely be based on these specific needs. One thing to be aware of is that some information technology consultants that you outsource to, will in turn outsource services to their own partners. Look for companies that take final responsibility for your system, no matter whether the y or a partner provided a particular service. This will help make things simpler for your organization, especially at times of stress and concern when you most need things to be easy.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.