14 DAY TRIAL // After recent events, one of the members of black hat collective contacted me and we had a chat about online security and the issues that make a website weak for hackers. Recently, hackers showed that many banks, credit unions and even sites belonging to the United Nations are highly vulnerable so I asked him what could be done to properly secure a site.
First of all, he revealed that it’s very important to make sure components such as Apache or SQL are updated to the latest version.
“Honeypots on certain ports such as SSH and telnet (which is like accessing a machine from your own) are an efficient way of catching most hacking attempts because they are fake ports, and it seems real when most hackers scan for ports on a web server,” he said.
“And they'll be going ‘oh yay, vulnerable port!’ and they don't think twice to hide themselves, their IP address and user agent gets logged with the attempt.”
It’s his belief that when it comes to online security, the use of free content management systems that host many websites is not a very good idea.
“A website running Microsoft’s .ASP is like asking to be attacked,” he added.
Since some of the online payment methods proved themselves to be vulnerable, I asked him to tell me what the safest way of making online transactions is.
“I've taught many old folks that are above the age of 40 on how to remove viruses/any type of nasty infection from their machines, along with taking minimal precautions on keeping their websites/businesses secure online.”
“What I recommend for those who are looking for true card security: PayPal is a good payment gateway as they go through servers that are not on the same server as PayPal.”
Many of the hacking operations that take place these days, especially those made by gray hats, are purposed to show website administrators the weaknesses that can be taken advantage of.
“Defacing websites won't really show a purpose, seeing they can easily repair it. However, if you are actually able to obtain files/data from the server, that will make them take security more seriously.”
He continues, “there will always be private exploits, or a hole that you NEVER would’ve thought to miss. Only way to learn from those types of attacks is to get better and make sure the same thing won't happen again.”