🌎 Website Attack

If you have a website and you want to protect it you shuld know how the attacker do , so we will explain step by step what attacker do and what you shuld you do to protect you self .

any hacker try to own you website by find exploit to access to it , lot of exploit web the attacker can use

1- SQL injection

Sql mean your database that your website admin password are stored on it , so the attacker try to find this exploit

and inject code to read your user and password , after that when he got it he log to your admin panel

so to protect your self you need to use website that not have sql exploit , the famous website like wordpress and

joomla are best secure but still sql injection will found in plugins of programers that post plugin in the store

so when you use try to see last plugin exploit and use just fixed one

about panel famouse panel all know his path so you shuld change the name of your admin panel

mean in this steps we fix sql injection also we change the admin panel of ouer website in case the hacker get pass and

he don’t know where he login

2- file uplaod exploit & remote code exection

all this exploit that hacker try to find to upload a shell , the shell is a php file used to own website it have a file

manager to delete you files and upload his files also have cmd on it ( to own pc you use server.exe – to own website you need shell.php )

so if your website have upload file he can upload this shell , or via remote code he can downlaod execut his shell

3- CSRF & xss

this exploit are used to create a second session of admin by send a link to it and create session auto after he click to the link , after that he login to this session

or get cookis form admin and past to hacker browser to get the real admin session , to protect your self never click any link sent to you

4 – LFI – LFD

exploit that able to read files from you website and download it , the hacker try to find a file called Config.php

inside it you have host & user & pass of you sql database this file config used to connect your website with your database

in this time the hacker downlaod it and read it and he get the user and pass to connect to your database and change it

with his owen new pass if the port of sql are opned in the server

this basice ways that used and not all

so the best way is to crypt your confing.php and fix LFD exploit

if your website is 100% secure hacker can also attack ??

yes if the server is not secure the server is a machin have lot of websites i mean your hosting

if your host are not secure the attacker can attack your wesbite from other website allready hacked

he try to drop your config from the server with a linux comand and after he got it he will read user and pass of database

and he can enter to your website even if you have 100% secure website

so website + server need to be same secure , this whay ou can also crypt your config or change his linux permission to not able to drop to other websites

and if he got it and he don’t find your panel that you hide he can’t enter

This basice way to protect your self and not all

Your like the Article ?