Today we are witnessing a number of different hacker attacks – from attempts to “extract” passwords through links-traps placed on sites that are considered to be safe, to highly organized criminal units that target business and government systems in order to gain intellectual property and valuable information. Hackers know exactly what kind of information they search on the Internet and where they are. Encouraged by the “publishing culture” of social networks and malicious software known as “malware”, Internet criminals are becoming more Skillful in their attacks on individuals and organizations. By fake messages with false representations through user interests, most often collected from social networks, they want to get useful information, such as username, password, credit card number, and so on. In order to avoid this, look what you can do to prevent it.
As a precautionary measure and preserving quality, effort and investment in a site, regular website control over malicious codes and attacks can prevent the hacking of your site. Simply keep your sites up-to-date, regularly backup your sites, databases and essential elements. With the help of a fresh base, you will be able to restore the site to its original state and in this way reduce the risk of data loss. Perform computer services at least once in a few months if you do not have experience in checking the security of the system. It is important to note that if you are a victim of a hacker attack, either from outside (by breaking through FTP access) or from inside (inside the hosting, by activating malicious code in some null, clone scripts, .htaccess files, etc.), you must act quickly and safely. First try to clean your website from malware, spyware, backdoor virus, change the access parameters to hosting, the admin panel, and everything that requires authorization to access the site. Then go to your Google webmasters tools panel and ask Google to re-check your site for malware. This is inevitable and you need to be in communication with this browser if you want your visitors to still find you in search. You will receive a response to your request soon, and you must be persistent in solving the problem on the site. Then you need to re-create a sitemap in order to avoid possible errors in Google’s reading of pages, but also speed up the process known as “revalidation”. If it happens to you and you experience any type of damage to the website, contact your hosting support and ask for a recent backup.
SQL Injection represents a direct attack on the PHP application, or the database. The aim of this attack is to modify a specific SQL query to execute various actions, from obtaining alternative data, to changing or deleting data from a database. The attack by SQL Injection is mainly done on the scripts to verify user authentication, or when checking the username and password, so that the SQL query changes and always executes so that it always “retrieves” information about a user. Apart from verification of authentication, it can also be used for other malicious purposes, and one of them is inserting an additional query that can destroy data. What you can do to prevent this is filtering. Input filtering can prevent most security problems and is a required security feature. If we filter data so that we prohibit users from typing special characters specific to SQL queries, for example apostrophes, and for passwords we can use single-sided encryption, for example md5, it would surely increase security. They ensure that all special characters will be properly escaped when they are queried, and they will still behave as an integral part of that string and will not be used to change the query.
Use different passwords on different pages
Research shows that as many as 55% of adults use the same passwords for most of the web pages they visit. The most common are birth dates, names of loved ones, pets or sports teams that can easily “breakthrough“. Instead, use a memorable phrase. Frequent change of codes is a good practice, but thinking about new ones can be hard. Therefore, it is recommended that you leave the care of codes to special programs such as LastPass, 1Password and KeePass. But these programs are not completely safe. It is a best practice to keep the codes on a sheet of paper in a secure location, and change them every two weeks. When changing the codes, use combinations of uppercase and lowercase letters, numbers and special characters, and after writing them, the codes do not have to be easy to remember. A few years ago, various web services began to insist on having a minimum of 8 characters. Today, this recommended number is much higher, and experts advise that minor codes and general purposes codes should have a minimum of 12 characters, while something like the code for your website account should have 15 characters at a minimum.
Fake email or message
False news is not the only bait used by hackers. If a computer is one of your friends or a person who wants to contact you because of your business is infected with a virus, it may happen that the virus automatically sends you email that will prompt you to think that this email was actually sent by the person you know or someone who is interested in your business. This attempt to deceive will be easy to recognize because the virus will not have the same vocabulary as the person you know, and the email will also list the Internet address you need to visit for some reason. It’s often the case that you get the contested email from an unknown address. In any case, do not open a suspicious email and an attachment that may be in it, do not answer it and such mail must be deleted.
Protect the website using the .htaccess file
This includes protecting the .htaccess file itself, limiting the upload, protecting the config.php file, disabling the contents of the directory’s contents, setting up your 404 error site, etc. The file is a plain text file that you can use to make changes to the server configuration. It can be created or processed with any word processor, such as Windows Notepad or Microsoft Word. It is necessary to save the file as a .htaccess file (with a point in front, as if it is a file extension without extension). Each line in the .htaccess file is one directive that tells the server what to do. When you create your .htaccess file, you must put it on the server, but be sure to check that by chance you do not already have one, so that you do not copy it. It’s usually a hidden file on the server, so you will not often see it when you connect to the root directory of your site. When there is no index page in the directory, visitors can see a list of all the files in a directory. Each time someone attempts to access a page on your non-existent web site, the server displays a 404 error page. You can make your 404 error page and display it instead of the one that the server automatically displays, which is very useful when someone wants to pop into your page and extract data.
For long-standing internet users, gaining experience will be very important as they will be able to recognize themselves almost every attempt at internet fraud. If you read this text carefully, you must have learned how to identify a bait or a fake website. Apply the acquired knowledge and remember this text whenever something makes you suspicious. Before you decide to click on a link that looks like a potential bait, use Google to get more information about the suspicious link. If it’s a scam, it’s probably someone else who wrote about it, so you will be aware of Google by taking you to a site where you can read the experiences of other users regarding the controversial link, as well as the extent to which it may result in clicking on that link. Also, follow the address bar and stop if you notice something unusual, and then consult with others on Internet to get the relevant information about the internet address you suspect. Do not forget how important your password is. Take it seriously when making the same. These are just some of the basic things you can do to protect your website. 100% protection does not exist, but this will be enough to sleep peacefully. Do not think in style: “They will not really attack me”. Every chance is that at least once in a lifetime you will be visited by some cyber attack. Maybe that’s what happened to you already, and you do not know. Do what you can to protect your site now so that you do not have to waste time and nerves. Take care!