Hackers and You: How Do Hackers Compromise Servers?
Welcome to part three of our series on hackers and you. Previously we looked at who hackers are and why they do what they do. In this part, we will cover some of the techniques often used by hackers to compromise a server. We’ll start with some of the methods more commonly employed by script kiddies before moving onto the more advanced techniques.
Brute Force Password Attack
Probably the most frequent method used for compromising a server is brute force password guessing. This is accomplished by employing a script that attempts to log into a service on the server using commonly used usernames and lists of commonly used passwords. While this is done with a view to gaining access to administrative systems on the server such as SSH on Linux and RDP on Windows, it is also carried out against other services requiring a login such as FTP and email, where a user’s login details may be deduced without raising alerts as to what is going on. Once hackers find a working login they can set about doing what they want on the server.
Software Vulnerabilities
The next most common method is to exploit vulnerabilities in the software on the server. Both white and black hat hackers spend a lot of time trying to find exploits in the most commonly used software. White hat hackers search for exploits with a view to helping make software more secure, while black hat hackers abuse these in order to create tools to gain access to computers. Searching for exploits becomes a race against the black hats trying to build up usable exploits before the white hats can find them, or the software creators can write patches to stop the exploits working.
The most dangerous exploits are called zero-day exploits, in reference to “day zero” being the date that the software creator finds out about the exploit and can begin working to fix it. As such, these exploits are pretty much guaranteed to work. Note that this does not mean that known exploits are less dangerous, as they require the software to be patched or workarounds to be in place to protect against them. Hackers will make use of a range of known and unknown exploits to attempt to compromise your server.
Something to note with exploits is that they can occur on the software you run on the server as well as your websites software if you run a web server. For example, due to its popularity, hackers are constantly working on exploits to WordPress. Which brings us on to one of the commonly used attacks on websites SQL Injection.
SQL Injection
SQL injection involves an attacker entering SQL (Structured Query Language) database code into the URL or a form field on your website. By testing many combinations of forms, data input and pages they may eventually hit on a combination that returns erroneous code with information about the database behind it. They will then exploit this flaw to fetch as much data from your database as they can, such as user data including payment details on ecommerce sites. Alternatively, they may use it to alter user data giving them control of the website.
Beyond these typical ways of infiltrating your security, we can look at more difficult types of hacking. For example, such methods include attacks like social engineering where a hacker poses as you in an attempt to get server passwords changed or, alternately, posing as tech support to fool you into handing over details about the server. They may conduct spear phishing attacks against you in the hope of gleaning passwords or other useful information. They may even attempt to coerce you into installing malware on your computer with targeted emails or infected USB key drops. You are unlikely to encounter these methods of direct attacks unless your server is seen as a particularly high-value target to the hackers.
This concludes our look at how hackers may go about hacking your server. Next time we’ll be looking at what you can do to stop them from succeeding.