A man-in-the-middle attack takes place amongst 3 entities which include two legitimate entities and a third-party eavesdropping on them. The attacker in a MITM will have the possibility to not only eavesdrop but also gain sensitive information such as user credentials, personal information, bank details and even install malicious software. In this article, we will go through the common types of man-in-the-middle attacks and how to protect yourself from them. How does a MITM attack work? Phishing attacks Imagine you get an email which requires you to log into your bank and the email...
Like in SQL injection, XPath injection attacks occur when a website constructs an XPath query for XML data from user-supplied information. Thus, the issues that occur when using XML to store data are quite similar to those faces with SQL. XPath injection is a type of attack where malicious user input can be used to grant unauthorized access or reveal sensitive information such as XML document structure and content. This style of attack is carried out by making the user’s input be used in the construction of the query string. Unlike SQL attacks which depend on the SQL dialect used by...
Most Common Cyber Security Threats and How to Mitigate Them
- by Susith Nonis
- in Security
- View 9076
Most common Cyber-Attacks? A cyber attack is an action which targets computer systems, infrastructures or networks with the motive of stealing, modifying or destroying data without the user’s consent. In this article, I will take you through the common types of attacks that happen online. Phishing This happens by sending false emails to users with the intent of getting sensitive information. This is a combination of social engineering and technical trickery where the attackers pretend to be someone or something legitimate and get your details. These emails come with links which...
Cross-site Scripting Explanation and Prevention Guidelines
There are numerous ways that a site’s security can be compromised. One possible method of attack is an injection attack (i.e. the attacker provides untrusted input to a program). The two most common types of injection attacks are: SQL injection (SQLi) and Cross-site Scripting (XSS) attacks. Today we will discuss the latter and how to protect your site from XSS vulnerabilities. Cross-site Scripting is a type of computer security vulnerability which allows attackers to inject client-side scripts into web-pages viewed by other users. The attack is carried out when the victim actually...
Cyber-attacks are executed in a nearly uncountable amount of ways. One such style of attack is an injection attack (i.e. when an attacker supplies an untrusted input to a program which is the executed). There are many types of injections attacks, however, the most common ones are SQL injection (SQLi) and Cross-site Scripting (XSS). Today we will delve a little deeper on what exactly is a SQLi attack, how it is carried out and how to defend yourself against it. What is SQLi? SQL injection (SQLi) is a type of injection attack that allows the execution of malicious SQL statements. This style...
How to Setup Password Protected Directory in Plesk
When you add password protection to a directory, site visitors are prompted for a username and password when they try to access it. They can only view the directory contents after typing a valid username and password. To create these password protected directories, follow the steps outlined below. Login to Plesk Server admin panel. In the left sidebar, click Websites & Domains. Click the Password-Protected Directories icon. Under Tools, click Add Protected Directory. Under Settings, in the Directory name text box, type the name of the...
Let’s Encrypt is a free SSL certificate provider and verifier. It is becoming more and more popular among small website owners. Even NASA is using it for some of it’s smaller sites (i.e. 3000 different sites) thus, you are in safe hands using them. To start with, you will need a Linux web hosting account with cPanel to install the certificate. Go to https://zerossl.com/free-ssl/#crt Enter email address (for renewal reminders) On the right-hand side, you have a field called “Domains”, add your domain to this. Include mydomain.com and www.mydomain.com....
Why Do Domains Get Blacklisted and How To Delist Them
What is a Blacklist? Depending on the source, the amount of daily spam emails being sent is anywhere between 80 to 95% of all emails sent on the internet that day. With such large numbers, most experts agree that manually sorting through your inbox to get rid of spam has become highly inefficient. As such, public blacklists of mail servers and IP addresses have been created to prevent repeat offenders from relaying spam. A blacklist is a list of blocked domains, email addresses or IP addresses. When a website gets on one of these lists, users can no longer access the site directly and...
What are Clickjacking Attacks and How to Avoid Them?
- by Antoniy Yushkevych
- in Web Hosting
- View 1034
What is clickjacking? Have you ever visited a website, clicked on an element you wanted to open and instead opened a pesky ad? Well, then you have experienced a clickjacking attack. To be more specific, it is an attack that tricks the user into clicking a webpage element that is invisible or disguised as another element. Here’s an example: In the above screenshot taken from a video streaming site, the yellow arrow signifies the actual link that needs to be clicked to open the video, while the red arrow shows an example of a clickjacking attack. It is so because if the WATCH...
What is DDoS? A DDoS or Distributed-Denial-of-Service attack is an unauthorized attempt to increase the traffic of a targeted server or network by staggering the target or its surrounding infrastructure with a huge amount of internet traffic. A DDoS attack achieves effectiveness by using multiple computer systems as the source of the traffic. In short, a DDoS attack is when hackers attempt to make a website or computer unavailable by flooding or crashing the website with too much traffic. How does a DDoS attack work? A DDoS attack happens when an attacker takes control of a network of...