I love hackers, yes hackers. North Korean, Chinese, Russian, Saudi, wherever they may be and whatever they may be doing it for, I love them. I know this may seem like a bizarre position to take, especially as a person who spends a great deal of his time at work making websites, protecting those websites from hackers and cleaning up messes made by hackers that found ways to sneak in. While they often times create tons of headaches for the employees that have to clean up after them (like me!), if clean-up is handled appropriately their actions can offer a great deal of insight. The following are ways in which Hackers, however malicious their intent, provide that insight through their actions.
1. Free Penetration Test
Penetration Tests according to wikipedia are “an attack on a computer system with the intention of finding security weaknesses, potentially gaining access to it, its functionality and data.” These are generally done by security professionals, in a controlled environment, with the intent of exposing these weaknesses to help companies better secure their data/systems. Typically, these are expensive and often done within large companies, however they can helpful for every business that operates a system or runs a server/website. Many small companies will just ignore the need for penetration testing and use other security tools to try to accomplish this, which isn’t the most reliable way to handle it. When a hacker infiltrates a server, they will exploit either a known or unknown vulnerability to initiate the upload/installation of malicious files onto a server, which give them unfettered access to the machine. While they won’t provide you with a nice report of how they got in, and what they did; a careful study of log files (which most servers do by default) will give you a good idea (in most cases). This will help you figure out not only how to clean up the infection faster, but how to patch the exploit that allowed them access in the first place.
2. Forcing Strong Security
When you are a small business owner and a hacker takes out your site, it can be devastating. That devastation leads to a heavy focus on security practices, to ensure that something similar never happens again. Sadly, with web security it’s not given a very high priority until problems occur; but when that happens it’s all you can think about. In this day and age, security is critical, however it’s complicated and often neglected; for some companies it requires something bad to happen to shake up the management enough to decide to take steps to secure their data/systems.
This is the most important part. It’s easy to get rid of problems, it is however much more rewarding and beneficial to figure out how the problem occurred in the fist place. This will allow you a better understanding of:
- What hackers look for when trying to infect a server.
- What tools they use to accomplish this.
- How those tools work
An understanding of these techniques will make it easier for you to take steps that inhibit their ability to perform future attacks on your server or website.
Whenever an infection happens take pages of notes, meticulously recording everything, keeping records of the malicious files you encounter and investigate the code of those files to understand where it came from and what it does. With every new case, your experience and education will grow.
So next time your website ends up being the target of an infection, don’t let it crush you, treat it as though it’s a learning opportunity; you’ll feel far more satisfied when it’s cleaned up.