Little bit on web site security

April 22. 2021 0 Comments

Many people saying: “I created small site, surely nobody will want to hack it”. And this is 100% wrong. And I will explain why.

Yeah, it is true that hack into Google, Microsoft or any financial institution will be quite profitable for hackers and they are definitely trying. But it is one side of the story. Other side of the story that to do it they need computer power and millions of the computers. Hacking big company from personal computer has many limitations:

There is chance that other side will be able to find where you are from and then there is possibility of serious personal consequences for hacker.
Very often after few attempts IP address of hacker will be blocked. This block is easy to overcome but it will require time and thus reduce effectiveness of hack.
Trying to do it from personal computer can be quite slow and sometimes you need like millions attempts to do something.

As result it is much safer to do hacking from millions of hacked computers. It called bot farm. It can be your computer, or it can be website you are hosting.

If you do not believe me. I can provide following example. When recently I posted series of posts on how to run .NET Core app on AWS Lightsail Linux instance. Most experiments in done on my own virtual computer and after I iron all steps, I created instance in Amazon and re-run the same commands. Within minutes I see traffic and attempts to use vulnerability in Python, its tools, common vulnerability in common libraries used for web development, SQL Injection attacks etc. I just created that site, and it didn’t even have DNS name and yet it was already under attack. And trust me, exactly the same happens with your site.

Also, I would like to mention that with all this cryptocurrency boom sometimes you can be hacked just to mine cryptocurrency. Normally it is not profitable to mine cryptocurrency on CPU due to electricity cost. But electricity is free for hacker. So why not.

And lastly your computer or web site can be used to send spam. Yeah, each computer brings cents but if you have million computers these cents very quickly turn into thousands of dollars.

You don’t want to wake up from sound of broken door and with screams: “FBI!!!”. So keep you site protected.