Web, websites, threats, hacking… We've all heard these words, but do we really know what's behind them? The topic of security has always enjoyed great interest among blog readers and provoked a number of questions.
To better understand it, we decided to discuss the basic terminology used to describe the threats, causes and consequences of hacking and malicious actions to a website.
This short guide with terms can be used by webmasters and developers in conversations about website security with their customers. As well as anyone who takes the topic of security on their site seriously and wants to know what an attack is, what is a threat to their website, and what is a dangerous file or action.
Commonly used terms:
1 Hacker
When we hear or read a hacker, we can imagine a young man sitting in front of a computer and quickly breaking through the otherwise impenetrable security of some unknown system.
With the help of the media and movies, the following notion of the hacker has formed over the years: a cyber criminal who creates viruses and hacks programs and computers, and separately can be a digital thief who sneaks into our computer for sensitive data.
However, this notion describes only one type of hacker. Here are a few more definitions:
The good guys
A hacker is a person with very good knowledge and understanding of the operation of an application, software, computer or network. Using his expertise with good intentions, he can find ingenious and non-standard approaches to solving a problem (in security, application, system…).
This type of hacker is called an ethical hacker, White Hat hacker. Such are, for example, IT security experts who test and attack systems in order to detect breaches and patch them in time (before the bad guys come).
The bad guys
When a hacker acts in order to harm or gain any benefits, then the more appropriate terms for him are cracker, Black Hat hacker or malicious hacker. This definition is closest to the popular perception of the hacker. There is also a definition of something in between a benevolent and a malicious hacker - Gray Hat hacker. He both tells you how he hacked you and points out the weaknesses in the system, but he hasn't asked you before if you need security testing. For example, they can hack a site and then write to the administrator, indicating (for a fee) what the vulnerability is and how it can be protected.
Other terms related to hacker:
Hack
The hacker creates or uses a hack to solve a problem or to overcome some protection. A hack can be a piece of code, an entire program, or an action or method that achieves its goals.
Hacking and / or attack
Hacking means the use of a hack or a hacker attack. Through the attack, the hacker aims to gain access to the computer, steal information, install malware and more.
2 Website malware
Malicious code is part of a file or may be an entire file (malicious script) located on a website whose function is to perform malicious actions. Malicious scripts on the site are the tools of the hacker, with which he achieves certain goals.
Examples of malicious actions and consequences of adding malicious files to the site:
Backdoor Malicious code or script that opens a backdoor for unauthorized access to files and data on the site by third parties.
Phishing Add malicious pages to the site that mimic another site. A malicious page is a copy of a page from a legitimate site. The page usually has a login form in which deluded victims enter their access data without suspecting that it is a fraudulent page. For example, a login page in online banking, webmail and other types of services and accounts.
Defacing Depersonalization is a change in the appearance of the site, including images and a message on the home page (left by the hacker, in order to convey a message or prove to the hacker community).
Drive-by-Downloads Sending malware (viruses, trojans, back doors, and more) to visitors' devices and installing it.
Malicious Redirects Redirect visitors to malicious and phishing sites.
Blacklist These are lists in which hacked sites are saved. The lists are public and browsers have access to them, thus warning visitors of potential danger to site visitors. Sample blacklists: Google Safe Browsing, PhishTank, Yandex Safety.
SPAM For example, the site may have a script (mailer) that sends emails on behalf of your domain. Another type is SEO spam, in which words, links, advertisements and others are added to the content of the pages.
Data retrieval Draining the data from the database in order to blackmail and sell them on the black markets. Affected by this are online stores and other sites that store sensitive data about their customers in the database.
Malicious code can enter the site either by installing nulled scripts such as plugins and themes, or by hacking.
3 Malware
Malware means malicious software. The term is used in the field of computer security. This is a general term for any type of malware that is designed to harm or exploit our device or computer.
Malicious computer software is designed to compromise devices and computers, not websites. The connection to website security is that hacked websites can distribute such malware.
Examples of malware:
Virus Malicious software that gets attached to a program. When a program starts, the virus multiplies, infecting other programs on your computer. Viruses cause various damages - damage or theft of files and information, disruption of the system, loss of computer resources and others.
Trojan horse A dangerous program that pretends to be legitimate and useful. Opening suspicious executable files (.exe, .bat) is like opening the gates and letting the wooden horse into the castle. Once the program starts on the computer, it takes over from the inside, but unnoticed. Unlike viruses, a Trojan horse does not reproduce itself by infecting other programs. After taking control of the system, working in the background so that it is not visible to the user, it can change files and settings, get involved in organized attacks on other computers, open the gate for malicious people and other scary things. Never open files that you have obtained from an untrusted source.
Backdoor Backdoor means a method for remote access to the system without the need for normal identification (with access data). This access gives you control over the system. Malicious software may be part of another program or a standalone program. Viruses and Trojans install backdoor programs.
4 Vulnerability
The vulnerability is a loophole or loophole in the code that poses a potential security risk to the site. It can be in the code of the application itself or in the plugin / theme code.
Vulnerabilities in application code are one of the most commonly used methods for hacking sites. The other most used way, leading to breach and compromise of the site, is through unauthorized access (to the account, administration and others).
Vulnerabilities in the code open opportunities for various malicious actions on the site such as:
Remote / Local File Inclusion An attack through the data filling fields on the site, which allows the malicious person to execute code on the site, which is located in a malicious file. The Remote file is located on a remote server and the Local file is located on the same server as the site.
Privilege Escalation An attack by which a malicious person obtains extended access rights to the system, such as administrative rights.
SQL Injection An attack in which a hacker submits SQL (Structured Query Language) queries through a field to fill in the site, such as a search engine, contact or other form. From the execution of the requests, the hacker can download content from the database, inject SPAM content and others.
Remote Code Execution An attack in which a malicious person executes commands on the site remotely. Such an attack gives you full access and control over the site.
Cross-Site Request Forgery (CSRF) An attack in which a logged in user clicks on a malicious message that executes unauthorized commands on the site.
Vulnerable terms:
Bug Bug means an error or flaw in the development of the application code. Bugs can cause unexpected behavior in the application or cause vulnerabilities.
Exploit An exploit is a way, process, or tool by which malicious individuals take advantage of a bug or vulnerability in a system.
Zero-Day Zero-Day vulnerability refers to a recently discovered vulnerability for which no patch is available to protect it. Until the vulnerability is protected, hackers can use it to compromise sites. The use of such a vulnerability is called a zero-day exploit or zero-day attack.
5 Unauthorized access
Unauthorized access means that the hacker has logged in with an authentication with a username and password, but he does not have the authorization to access its resources and functionality.
Unauthorized access to the system is the other most common method of compromising sites.
Computer security terms related to access control:
Access The act of access refers not only to logging in to the system, but also to consuming or using its resources and functionalities.
Authentication Authentication is used to verify the identity of the user. The process by which you prove that you are a reliable user of the system. For example, to access the administrative panel of the site, authentication is performed with a username and password.
Authorization Authorization is used to control access to system resources and functionality. For example, the site administrator has full rights and unlimited access to all functionalities, while the average user has limited rights, for example, is not authorized to edit articles and can not change the site settings. When hacking through unauthorized access, it is assumed that the hacker has identified himself with the access data, but does not have the right and permission to enter and use the system as a whole.
The website is not an isolated component and in order to exist and work, many other components (technologies, applications, services, etc.) are connected to it, which also require access.
Ways to retrieve or intercept access data:
Brute Force Attack to guess and find passwords by trying multiple combinations of passwords and / or usernames until the combination works. The purpose of the attack may be to access the site administration. Social Engineering An attack that is used to manipulate and deceive victims in order to obtain sensitive data. Fraud is based on people's expected behavior or thinking. Once the hacker understands what motivates their actions, they can extract the information they need. A common method is phishing emails, which point to phishing pages where the user enters their access data.
Man-in-the-Middle An attack in which data between a client and a server is intercepted by a malicious person. The hacker is located between the two parties, such as a web server and a web browser, intercepts and retransmits their messages to each other. This attack is possible when the connection is not secured with encryption (SSL certificate).
Cross Site Scripting (XSS) The attack uses all possible places to enter text on the site. A link with malicious code (usually JavaScript) hosted by another site is added to the fields. This code is injected directly into the code with which the site operates, and thus it is possible to change the page and mislead the visitor to click on a link and to capture the login data. Related terms to authentication:
Login Login means to log in after identification with access data (user and password). The process is called login.
+ Protection
Protecting the site means implementing preventive measures and actions to limit possible security breaches.
Terms in protection against vulnerabilities in the code:
Web Application Firewall A web application firewall is a system that monitors and blocks malicious traffic to a site. These systems act as a shield and inspect traffic for potentially dangerous behavior. They block attacks before they reach the site itself.
Patch Patch means additional code that is applied to patch a flaw or vulnerability in the application code.
Terms in the protection of login data:
Encryption Encryption is the process of converting information or data into code. Encrypted data can only be decrypted with an appropriate key. Encryption is performed using an SSL / TLS certificate.
SSL / TLS certificate SSL / TLS certificates are used to encrypt data that is transmitted between a web server and a web browser. In addition to encrypting the data, the certificate is also a certificate that the client has connected to the correct server.
Strong Password A password that will be almost impossible for the hacker to guesss. It contains symbols, numbers, uppercase and lowercase letters and is usually long.
CAPTCHA and reCAPTCHA (test to distinguish bot from human) The CAPTCHA test is placed as protection against brute force attacks on login forms on the site. And as protection from SPAM comments and messages on the comment and contact forms.
Two-Factor Authentication Two-factor authentication is another factor that verifies the identity of the user, in addition to the username and password. It is used to protect against unauthorized access - the hacker, in addition to access data, will have to find the secret code, which, however, is generated at the time of the user's mobile device.
The hosting provider must also participate in the protection of the site. For example, by default most of our protections are integrated into the hosting service and are part of our security system.
Conclusion
These 5 basic terms in website security give an idea and understanding of the complex matter. Almost all other terms are related in some way to the main ones.
In summary: A hacker is someone who can compromise your site - either through a vulnerability in its code or through unauthorized access to its files. And the consequences are added malicious code on the site, which in addition to malicious actions, can be used to submit malware to visitors.
Nadejda Milanova
An experienced Content creator in the field of Search Engine Optimization (SEO) and WordPress. A true proffesional with a Master's degree focused on journalism.
Read more by Nadejda Milanova