It’s been long since the last time I blogged but some things I took on were very time-consumptive, today we’ll talk about CSRF.
CSRF? What is that?
CSRF stands for cross-site request forgery, and it almost always leads to bad, nasty things. It can damage your bank account balance, it acts on your behalf on your website activities without your consent or you even knowing about it until it’s very late.
However, if a website has taken precautions about this type of attack such as CSRF one-time tokens, it’s renders the attack completely harmless because the web server will not accept the requests sent by 3rd parties.
For more details one good article I spotted is on: https://www.acunetix.com/websitesecurity/csrf-attacks/
The answer is yes, but lets clear some things below.
First of all in order to be hacked the hacker has to find vulnerabilities which takes some time, which rarely would spend if you are not a target. Everything can be hacked.
Usually the hackers are searching for php vulnerabilities in the code your site is running, either is some popular CMS you downloaded or your custom php code by you or the company created your site. Some php penetration examples are SQL injection, using $_POST and $_GET commands to their favor.
Most sites are hosted in shared computers which doesn’t nesseccerily means I’m not careful they can your site through mine, but happens from time to time depending how secure and independent your account is, shared computer doesn’t always mean linked configs. They did in the past, now most companies they don’t allow global configs, each account has its own safety configuration & settings.
A backdoor can be anything, an email you misplaced in your server or something entirely different, for example a plugin your installed on your wordpress or joomla or drupal or else!
The favorite attack is DDOS (Denial of service attack) which sends more packets to your IP than your connection can download as a result slowing your site temporarily or shuts it down at completely to the web. Of course is accessible through some advanced panels or local connections. There are certain ways to protect your from DDOS such as software, firewalls or in some cases like banks, organizations like NASA, agencies etc hardware. Note this: Nothing can protect you from 100.000.000 zombie computers attacking your network, even CIA has been DDOSed and went off for a day.
Thats for today!