Overview
Your website security is essential regardless of the type of website. As I have mentioned before, hackers don’t really care about what’s on your website, they care more about the resources the server can provide. Some things they may do with that server may be something simple like a disposable proxy.
Common factors that may expose your website to security problems
What does enumeration mean? Think of it this way, looking at something and thinking about how to disassemble it. That’s what a hacker does when they find a possible target. Let’s look at some factors that may impact your sites security;
- The <head> element is a HTML tag that contains metadata about a site. If your running WordPress, some of this information is about the running plugins, such as their version, and name. This is why it’s important to update them because all a hacker has to do is look up the plugin name followed by “Vulnerabilities”.
- Hackers get creative, and some things should not be on the internet. Yeah, you should care about privacy, instead of blowing it off saying “I don’t care, I have nothing to hide”. With that out of the way, this affects more than just website security, but a whole lot of things. A hacker could look up your social media, watch it, and look for things such as a street sign in the background of your video. From there a hacker might have were you went to high school, possibly your neighborhood, and they can now begin building a word list of passwords that may pertain to you.
- Search Boolean’s (also nicknamed dorks for some reason). These are tools that all major search engines have built in, yet not many people use them. Let look at a few google provides;
- (site:) This one find pages only on a single website.
- (“”) Must contain whatever is in the quotes.
- (intitle:) looks for website titles with information you entered.
- (inurl:) Finds information based off of what’s in a URL.
- (filetype:) Shows search results of a specific file. Note this one must have a search query to work.
With that said let’s look at a few basic example of google dorks and what they’re capable of;
- site:”*.edu” intitle:”SAT answers” – This one finds you SAT answers openly on the web. Now I do not condone cheating, its wrong and should be avoided.
- site:”*.com” “important” filetype:pdf – This one searches for .com websites with text containing “important” only including search results in that are pdf files. This one is critical to website security because, if a hacker finds the right document that should not be on the internet, someone may get fired.
With those examples done, I would like to note, you’ve built a good google dork when google asks you do complete a bot check, which happened with the inurl dork and it’s the reason why I excluded it. Feel free to check out some other dorks.
With that said, even very basic open source intelligence (OSINT) can potentially expose your website’s security flaws, whether it be a wide open on the internet, or tucked into the <head> element of your site.
What are some tricks that hackers are using?
Hackers have a lot of tricks up their sleeves, the following are the types of threats that should concern you.
- Insider threats.
- Phishing
- Extorting files that may contain sensitive information.
- Tricking users to make malicious changes to their computer.
- Installing suspicious application.
- Infected personal devices.
- Phishing
- Botnets.
- Hacker communication networks.
- Disposable proxy’s.
- Your hardware working for them.
- Illegal crypto mining.
Whenever you get hacked, it’s important to have a game plan on how to recover. I’m not going to go into detail but you can check some basic steps to begin your recovery process, https://developers.cloudflare.com/fundamentals/basic-tasks/recovering-from-hacked-site/
Conclusion
Overall there are lots of threats that I simply don’t have time to dive into and explain, so I listed the most basic types of hacks but are still major threats to your site or business.