Steps to Gaining Access to Your Site

Now take a look at the basic steps a hacker might follow to gain the needed knowledge to attack your site.

image As a caveat, understand that the information presented here is meant to show you how to defend yourself. You should not use any of what is outlined here for illegal access to any computer systems.

Researching

Attackers first want to know about your site — what server it's on, the operating system, what applications are running, the specific versions, and so on. Knowledge about defense systems and intrusion detection will also help the bad guys evade getting caught. After they have all that, they can begin the work of researching for vulnerabilities.

For example, if you are running a vulnerable piece of software, they will target it to get in.

Attacks known as SQL injections could use a well-crafted SQL statement that could divulge the administrator user name and password, thus giving the attacker administrative access to your site.

As an example of research, assume you have a website with a good web hosting company, and that you're running some type of CMS site on a Linux server.

If you were the attacker, you would first determine what software this site was running. You can do this passively or actively in a number of ways, including the following:

  • View the page source using the browser of the website. This would help you to learn what ...

Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.