Professional Documents
Culture Documents
Most websites and web applications store data in environment or configuration files,
that affects the content displayed on the website, or specifies where templates and
page content is located. Unexpected changes to these files can mean a security
compromise and might signal a defacement attack.
Unauthorized access
SQL injection
DNS hijacking
Malware infection
Some of the world’s biggest websites have been hit by defacement attacks at some
point. A defacement attack is a public indicator that a website has been
compromised, and causes damage to the brand and reputation, which lasts long
after the attacker’s message has been removed.
In 2018, the BBC reported that a website hosting data from patient surveys, operated
by the UK National Health Service (NHS), was defaced by hackers. The defacement
message said “Hacked by AnoaGhost.” The message was removed within a few
hours, but the site may have been defaced for as long as five days. The attack
raised concerns about the safety of medical data controlled by the NHS.
In 2012, users could not access Google Romania, and instead were taken to a
defacement screen posted by MCA-CRB, the “Algerian Hacker”. The defacement
was in place for at least an hour. The attack was performed by DNS hijacking—
attackers managed to falsify DNS responses and redirect users to their own server
instead of Google’s. The same attack was carried out against the domain paypal.ro.
The MCA-DRB hacker group was responsible for 5,530 website defacements across
all five continents, many of them targeting government sites.
Avoid giving administrative access to your site to individuals who don’t really need it.
Even for users like webmasters and IT staff, give them only the privileges they
actually need to perform their roles. Pay careful attention to contractors and external
contributors, ensure they don’t receive excessive privileges, and revoke their
privileges when they stop working on the site.
Never use the default name for your admin directory, because hackers know the
default names for all common website platforms and will attempt to gain access to
them. Similarly, avoid using the default admin email addresses, because attackers
will try to compromise them using phishing emails or other methods.
Error Messages
Avoid displaying overly detailed error messages on your site, because they can
reveal weaknesses to an attacker, which can help them plan an attack.
Use SSL/TLS
Always enable SSL/TLS on all website pages, and avoid linking to unsecured HTTP
resources. When SSL/TLS is used consistently across your site, all communication
with users is encrypted, preventing many types of Man in the Middle (MITM) attacks
which can be used to deface your website.
Regularly scan your website for vulnerabilities, and invest time in remediating
vulnerabilities you discover. This will often be time consuming, because upgrading a
website platform or a plugin might break content or site functionality. But this is one
of the best ways to improve security in general, and reduce the chance of
penetration and defacement in particular.
Ensure that all forms or user inputs do not allow the injection of code into your
internal systems. Sanitize your inputs to prevent regular expressions, or any
characters or strings that may be used to execute code.
XSS enables an attacker to embed scripts on a web page, which execute when a
visitor loads the page, and can result in defacement, as well as other damaging
attacks such as session hijacking or drive-by downloads.
Sanitizing inputs can help prevent XSS, and you should be careful not to insert user
inputs or untrusted data into <script>, <style>, <div>, or similar tags in your HTML
code. A web Application firewall (WAF) can also help prevent XSS by blocking
communication with unknown or malicious external domains.
Bot management
Most defacement attacks are not the result of a manual, targeted attack. Instead,
hackers use bots to automatically scan a large number of websites for vulnerabilities,
and when a vulnerability is discovered, they automatically compromise and deface
the site. Hackers can achieve dubious fame by launching a broad, automated attack
against thousands or millions of sites.
Bot management technology uses multiple approaches to mitigate bad bots, such
as: static inspection of traffic headers; challenge-based detection, identifying bots by
asking them to process Javascript or interact with CAPTCHA; and behavior-based
inspection of website visitors to uncover bot traffic. These techniques make it
possible to protect against malicious bots, ensuring that legitimate traffic can access
to your site uninterrupted.
See how Imperva Web Application Firewall can help you with website
defacement attack.
DDoS Protection—maintain uptime in all situations. Prevent any type of DDoS attack,
of any size, from preventing access to your website and network infrastructure.
Bot protection—analyzes your bot traffic to pinpoint anomalies, identifies bad bot
behavior and validates it via challenge mechanisms that do not impact user traffic.
API security—protects APIs by ensuring only desired traffic can access your API
endpoint, as well as detecting and blocking exploits of vulnerabilities.
RASP—keep your applications safe from within against known and zero-day attacks.
Fast and accurate protection with no signature or learning mode.