Hacking is a very broad topic to discuss. Here I’m going to discuss about one kind of attack that is mainly targeted on website’s index files.
 
Normally websites built using wordpress are vulnerable to attack through their plug-ins. Also if we have a weak password to our cpanel account our website is vulnerable to attack.

When your website hosted on shared server then you are in a pool of hundreds of websites that may include wordpress websites etc.
 

How websites attacked:

In servers, each websites have an user account like we have in our PC. In linux servers it will be like this:
 
/home/website_user_account/public_html
 
Website files will be placed inside  public_html directory. Incase that shared server isn’t properly configured then the attacker able to go through each website account and replace index files with their own content like “This website is hacked by xxx”. Because we all have index.php, index.html etc as the default page so it becomes their target.
 

How can it be prevented:

We can prevent this basic attack by naming our default page other than “index”.  Following htaccess rule sets show.php as website default page.
 
DirectoryIndex show.php
 
So when you hit your website name in browser contents from show.php will be rendered. Also we also fool the attacker to some extent as we don’t have any files like index.php,index.html, default.aspx
 


Comments (0)
Leave a Comment

loader Posting your comment...