But unfortunately, in addition to the customers, hackers too are attracted towards such websites. If you have not taken enough care to protect your site, then there are higher chances of your website getting compromised. Once a site is compromised the hacker can alter the content of the site by adding new pages or by modifying the existing page content. One of the motives behind this may be to host phishing content so as to trick users into providing personal and financial details or to infect the visitors of the website with Trojans, Backdoors etc.
The following figures show the status of the websites that were hacked during Jan-2011 to Sep-2011.
For more information about hacked websites visit: https://www.cert-in.org.in/
We recommend that you follow these measures to minimize attacks on your website:
– Properly validate Fields such as page headers, cookies, query strings etc.
– Always try to keep all files up to date and immediately remove any unnecessary files.
– Use robots.txt file to avoid indexing of directories.
– Make sure that your web server does not allow any directory listing.
– User logins and passwords should be properly managed and must be updated regularly .
– Your web server should always be properly patched and all the software applications used by you must be updated ASAP.
– Deployment of web application security scanner can also help in minimizing the risk.
– Last but not the least, always keep on changing the passwords you use for connecting to your website. Also make sure that the password you use is a good combination of alpha-numeric and special characters and avoid using weak passwords.