Cont’d from “3 Signs that your Web Server’s Security has been Compromised“
#2: Check-out the Admin Interfaces
Most web applications have some sort of administrative interface. These can be used as an ideal way of allowing hackers into your system. Hackers are often able to manipulate any inherent weaknesses when it comes to password details. It’s surprising how many web applications have this fault. Here’s what to look out for to try and spot illegal access.
- Has an account has a recent update or modification?
- Are there a significant number of failed log-in attempts?
- Look for any odd looking changes to the configuration of applications
- Check out any alterations to event schedules
- Look for any unscheduled events e.g. deployment of a .war file in a Java application
#3: Being Meticulous
Most hackers will use their own individual knowledge and skill set to gain access to your web server and network. They will probe their way around the various web applications and in doing so will leave some tell-tale signs behind. An alert IT professional can spot these signs by carrying out regular, meticulous searches. When searching, you should take the following criteria into account:
- Are there any 500 errors in any of the web applications? (SQL injections errors; read or write path errors; permission errors)
- Look for web server access to any corporate or confidential data
- Check to see if anyone has accessed the system via a Google inurl:foo:exr:bar search
- Check out ant large occurrences of 404 “page not found” errors
Keeping Alert
The majority of attacks on web servers don’t get spotted. They don’t always manifest themselves in the way you might expect. They may for example rob you of some of your bandwidth and use your server to attack others. But the better the hacker, the more unlikely he/she is to be virtually undetectable, until it’s too late. Luckily for us many hackers are “hacks” (sometimes referred to as Script Kiddies). In other words they’re not that clever. This means that the checks we’ve discussed above, will, nine times out of ten, enable you to detect whether or not your web server has indeed been compromised. Being on the alert is the key.
Of course, you don’t have to do all of this yourself and there are software applications that can do all of this and more for you to ensure that all of your network, storage, files and disks are monitored 24/7.
To see what we here at Power Admin can do for you, why not give us a call, download a free trial or contact us via the online form.
Photo Credit: elhombredenegro via Compfight cc
William Thompson
William Thompson is the Marketing Manager at Power Admin, a server monitoring software business in the Kansas City area. You can find him on Google+ and Twitter. William has been a professional in website design, digital marketing and 3D/graphic design for over 20 years.