The 5 most common website attacks in 2018 & how to defeat them.

1. Bots & Website scraping

Bots are clever little bits of code the trawl around the internet. There are some nice bots like Googles bots which help index your website on search engines.

But then there are those downright naughty bots, and these bad bots now make up one-third of internet traffic according to recent research by Impreva.

What does it mean to me?

These little tinkers have the ability to link up a number of different computers and networks to generate one motherload of a website attack in a single hit.

Spambots also lurk around the internet stealing data such as email addresses in order to send junk emails in huge numbers. They can also be used to try and attempt login access to your website using various usernames and passwords.

How do I stop it

An anti-bot solution should be set in place to block the naughty ones and allow the nice ones. These are also self learning, by detecting a high number of hits from a single source and then blocking that source in future.

2. DDoS Attacks

A DDos (Distributed Denial of Service) attack comes from clever bots that have linked a number of computers together for a single evil purpose.

These linked networks then create a huge amount of traffic towards a single website like a heat syncing nuclear missile.

What does it mean to me?

When your website gets hit with a DDos attack it creates a bottleneck effect in your resources and bandwidth until your website eventually gives up and keels over on its back (shuts down). At best can cause your website to go down for a short time, or at worst corrupt your data entirely. Meaning either a short term or long term loss of sales and online reputation.

How do I stop it?

Having a firewall on your server as well as website is the best way of preventing DDos Attacks. Having a firewall with real-time intelligent detection blocks all known offending computers (across the web) that have been used to do this, and in the second instance detects any huge floods of traffic and automatically blocks these at present and in the future. In addition running a downtime monitor ca instantly notify you or your web agency in the unlikely event that your website does ever go down.

3. Cross-site Scripting Attacks

Known as XSS, this little bliter attempts to insert bad code into areas of your website.

The bad code is then automatically used against any of the unsuspecting victims that may be using your website.

What does it mean to me?

If your website is compromised, this means that when a user clicks a link on your website they will go to another dodgy destination. The users personal data and other critical information can then be easily stolen. In essence, an all-round GDPR nightmare as well as something you do not want to have to explain to your customers!

How can I stop it?

This is based around the quality of code. If your website runs on a content management system such as WordPress or Magento then the key here is ensuring your CMS software and any plugins are up to date, as holes can often be found and exploited in these popular business website solutions.

Although it is worth noting, if you do not know what you are doing then updating your website CMS or Plugins could also cause you to potentially break your website unintentionally.

4. SQL Injection

No one likes an injection! These attempt to inject SQL (commands) into your database so they cause mayhem. This can be caused by loopholes in your CMS or plugin code in the same way as the aforementioned Cross-Site Scripting attacks. SQL injections will often try to exploit their attacks using contact forms or other input fields.

What does it mean to me?

If successful, an SQL injection could allow the attacker to steal personal data, customer data and even credit card numbers. This could result in a potential GDPR related fine as well as complete loss of trust from any of your valued customers.

How do I stop it?

Firstly ensuring there are no loopholes in your website by keeping your CMS and any plugins up to date.

Secondly having a website based firewall can automatically filter out any malicious SQL injections from your website.

5. Man in the middle and Malware

Malware seeks to delve into any potential exploits in your website by any means possible.

In addition Man in the middle attacks mean that without having a secure website HTTPS certificate, any users data input can be stolen if they are on an open network.

What does it mean to me?

With malware attacks your website content could be changed or used to promote any unscrupulous adverts generating money for the attacker. Malware can also be used to delete and hold you to ransom for any important data. A man in the middle could also be used to gain password access to your website either via your own admin or clients login details if they are browsing on an open wifi network. This can cause a whole number of costly issues and loss of sales depending on the level of attack.

How do I stop it?

A web based malware scanner can ensure your website code is scanned and cleansed as well as blocking any known or potential attacker sources. In addition adding a HTTPS Certificate (The little green padlock you see in web browsers) will block any Man in the Middle attacks by sending everything all data through encrypted secure methods.

In summary

It all sounds pretty scary, and it might never happen to you. But with these kind of attacks only on the increase and bad-bots taking up a third of online traffic then having a secure hosted solution is an insurance worth considering.

Luckily we offer all the above solutions and more with our Premium Website Hosting & Security Packages. Or if you just simply want some friendly advise and to check if your website is secured then please contact us and we would be happy to help.