Web Accounts and How to protect Them

Photo: 
Archery by Ian Sane

As a web site owner you will get a number of accounts to different services, or different parts of your web site. In this post I’ll show you how important they are, and how hackers may abuse access to those services, and how to protect them.

1.    DNS account.
What it does.
DNS is like the yellow pages telephone book. When you type in a web address like http://sunnyigloo.com your PC will check with the DNS Server to convert that web address name into a machine understandable IP Address - 77.72.205.110

What’s the worse that can happen if the account is hacked?
If your DNS is compromised then they can redirect all web traffic and all email to the hackers server. This is the most important account.

What is a hacker likely to do?
See the worst above, but in addition they could then redirect the web traffic, and email back to you. This is particularly sneaky as you won’t see any drop in web traffic, or notice any missing emails.

How to protect against it?
Review you DNS Settings, and confirm they are correct. A common security feature available from most DNS providers is to email you if any future changes are made to the DNS settings. Make sure you review those DNS Change emails, and if anything has happened with your DNS account, go in and review the changes.

2.    Web Hosting Control Panel / FTP account
What it does?
From the Control Panel you can modify the Database at the lowest level, and also give permissions to the files on the web server as well. Depending on your web site set up there may also by DNS settings here (see above). FTP access to your web host allows access to the files only, but hackers can still modify configuration files and change the way your web site works.

What is the worst that can happen if the account is hacked?
With full access to the Database, and/or the file system of your web site, a hacker could completely delete your whole site, and install whatever they like

What is a hacker likely to do?
If the hacker removed your site, that is probably going to be noticed. More likely is that they install one or two files to your web site, that could re-direct visitors to the hackers web site, add links from your site pointing to the hackers web site (probably porn sites, or gambling sites that you would normally never link to) or the hackers could booby trap your site to infect all your visitors with viruses, when they visit.

How to protect against it?
The best all round defence would be to register your web site with Google Web Master Tools. If Google notices that your web site is spreading viruses, or if Google suspects your site has been hacked, they will notify you by email (You have to provide an email address as part of the registration process)

3.    Administrator Account in CMS
What is it?
In Drupal this is ”User1” or ”Admin” in Wordpress. These accounts have full permissions to change content, add / remove users, change passwords.

What is the worst that can happen if the account is hacked?
If hackers get full access they could delete all your content, and remove / change the passwords of all existing accounts to lock you out.

What is a hacker likely to do?
Such a big change like deleting users and removing content is likely to be noticed, and corrected quickly. These days hackers try and stay under the radar, so they will likely add links to their 3P sites (Pills, Porn & Poker sites), but they may do this only on old content, or hide the links at the bottom of pages where you won’t notice.
In addition they may add a new admin account, so they can get back into your web site, even if you change the existing passwords.

How to protect against it?
Google Webmaster tools will help (see point 2) if suspicious links appear, or viruses are served to your visitors. Change your passwords regularly. Make sure you use strong passwords on existing accounts, and don’t use the same password for other web sites. At the same time you change the password, just look over the accounts, and see if any account have been given more permissions that they need.

4.    General Account in CMS
What is it?
Normal account with no special privileges, usually these accounts allow web site visitors to leave comments.

What is the worst that can happen if these accounts are hacked?
By their nature these accounts don’t have lots of permissions, so usually hackers will post comments with links to porn sites, or some other form of ”Comment SPAM”

What is a hacker likely to do?
Comment SPAM
 
How to protect against it?
Drupal has an anti SPAM solution called Mollom, which can be installed on other CMS platforms as well (i.e Wordpress or Joomla). Mollom works by monitoring all comments, posts, contact form submissions, and user accounts being created, and will either block those submissions because it is SPAM, or allowing (because it is ham). The main difference with Mollom and its competitors is that Mollom will do extra checks by asking users to fill in a CAPTCHA if any comment is a suspected SPAM comment. This means that comments that fall into the grey area of almost SPAM will receive extra scrutiny.

I hope you find these explanations useful, and I’d love to hear your comments if there are other services you’re not sure about.

 

Image by Ian Sane
 

Comments

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Mollom CAPTCHA (play audio CAPTCHA)
Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.