"Criminals have been hijacking sponsored links to attempt to spread malicious codes", the search engine giant Google says.
"Turkish hackers broke into two of the most established international websites that oversee and regulate the Internet in order to reroute visitors to a rogue domain" – news about site hijacking from the New York Times.
"Due to security weaknesses in Barack Obama's site, it has been exploited to redirect visitors to Hillary Clinton's website when visitors view the community blog section."
We have listed only some of the site hijacking news to make you aware of site hackers. On reading this, you may ask yourself, is my website safe? How can I save it from hackers? No worries, after reading this article you will get a clear view on various hacking techniques and precautions necessary to safeguard your site from hackers.
Hackers attack a website through many different techniques, to exploit it. Most notable techniques are SQL injection, cross-site scripting (XSS) and redirecting server.
SQL Injection -It is a code injection technique in which a piece of malicious SQL code is injected in a web form, to exploit a security vulnerability occurring in the database layer of an application. Through this technique, hackers will gain access to resources and make changes to web data. To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parameterized statements must be used (preferred), or user input must be carefully escaped or filtered.
Cross-site scripting – It is the process of embedding malicious codes like HTML code and client-side scripts into the web pages used by other users, to bypass access control and collect some type of data from the victim. One way to eliminate some XSS vulnerabilities is to escape (either locally or at the server) all mistrusted data based on where that data is to be placed in the HTML document. This escaping results the data from being interpreted and executed. There are several different escaping schemes that must be used, including HTML numeric entity encoding, JavaScript escaping, CSS escaping, and URL (or percent) encoding.
Redirecting Server – People clicking on your site will be directed to other site that may or may not be related to your site. Even if your site URL is displayed in the browser, people will be redirected to some other site. If your site is affected by this issue, then it means that your site is attacked by hackers. They make use of flaws in some DNS and provide incorrect information to redirect your site to some other site.
Using a secure DNS server is the only way to get rid of this attack technique.
Some other simple techniques that help you in keeping your site safe are providing an entry page (a log in) for the site, update your open source applications regularly, avoid using Internet Explorer as it is vulnerable to some hacking tools like spy ware, and other security issues, and encrypt your web application with SSL.