Attacks on Web servers and Security

 

What Is a Web Server?

A Web Server is a software and hardware that is designed to serve Web Pages using HyperText Transfer Protocol (HTTP). All the served contents are usually HTML(Hyper Text Markup Language) documents which include texts,objects, images, and scripts. Every web server consists of an IP address and a domain name. For example, if you type the URL "http://www.exampleDomain.co.in/mobile.html" in your browser, this sends a request to the server whose domain name is exampleDomain.co.in.The server then fetches the page "mobile.html" and sends it to your respective browser.
The data is stored in the server database.

 

How to Setup a Web Server?

Any computer can be easily turned into a Web Server. By installing the server software and getting connected to the Internet it can be achieved. The person must have a dedicated computer with an operating system along with a direct Internet connection with TCP/IP software. Various Web Server software applications are available on the internet.

Softwares to set up a Web Server:

1. Apache  2.IIS

Setting up the server using Apache:

Step1: Download the .msi installation wizard available from the Apache Download Page. Then perform the manual installation process.

Step2: Configure the IIS. Since Apache listens for requests on TCP/IP port 80, we must remove or disable the programs that are currently running on that port.

Step3: Download the manually installable ZIP file from www.apachelounge.com/download/ and thereby extract the ZIP file to the root of the C:/ drive.

Step4:Configure Apache using the text file conf/httpd.conf which is present in the Apache folder.

Step5: We must test our installation process. Open the cmd and run the following bits of code : cd/Apache24/bin --->Navigating to Apache bin directory httpd -t---> Testing httpd.conf validity It should give the message "Syntax OK".

Step6:Finally install the Apache as a Windows Service and Test the Web Server.

 

How Does A Web Server Work?

Suppose you are surfing the web on your computer. You type and enter any URL into your active browser. Magically, the page corresponding to your given URL pops on your screen.



Attacks on Web Servers

Every website over the internet is prone to security attacks that lead to the breaching of data. These are generally performed by hackers who have malicious intentions. Most of these attacks mainly focus on stealing financial and private data from users. Each of these security attacks has its specifics and types. Here we are discussing a few of those.

 

 

Basics of Web Scraping

Web Scraping is finding and extracting pictures and other media files from specified website URLs and saving them to your hard drive. Web Scraping is the ability to copy the structure of a Website to a local disk and obtain a complete profile of the site and all its files and links. We can use Black Widow for sniffing a website for downloadable content. Web scraping is often used in many illegal ways which include undercutting prices and copyright infringement.

Price Scraping and Content Scraping are the subsets of Web Scraping. 

In Price Scraping, bots are being used for monitoring illegal competitive prices and gathering other sensitive information related to the pricing from various e-commerce sites. Content Scraping, on the other hand, involves duplicity and reuse of data using bots illegally.

Web scraping technically is not an illegal process, but the decision involves several other factors like how one uses the extracted data, does one violates the terms and conditions statements while scraping. Many big tech giants like Facebook, Amazon, Uber, etc. use the method of web scraping to hold vast amounts of data.

 



 

Man-In-The-Middle Attack

It is a common type of cybersecurity attack that allows the attacker to intrude on the communication between two targets. These kinds of attacks are most common among sites where the data is not encrypted. Man-In-The-Middle Attack involves three players, the unaware victim---the entity to which the victim is trying to communicate---the man-in-the-middle who is intercepting and accessing the entire communication.

Let's imagine a scenario where the user has to login into a portal to complete some registration process. Behind the scenes, the man-in-the-middle created the fake portal where the user without any hesitation gave his/her credentials which are now completely accessible to the malicious person. 

Email Hijacking, Wi-Fi Eavesdropping, Session Hijacking are the few common types of MITM attacks that unsecured sites generally go through.


 


 

Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) is a type of computer security vulnerability typically found in web applications that allow code injection by malicious web users into web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited Cross-Site Scripting vulnerability can be used by attackers to bypass access controls such as the same-origin policy. Recently, vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. Cross-Site scripting was originally referred to as CSS, although this usage has been largely discontinued.

The ratio of XSS attacks is exceptionally large as compared to other attacks performed.


Directory Traversal Attack



 

Login Process on the Websites

  1. Let us say that you are sitting at your computer, surfing the Web, and you open a Website to Login into your account.
  2. You type in the Login Username and Password and click on Sign-in, and you get into your account.
  3. Web Server receives the Username and Password and forwards it to the Database server.
  4. The database server receives the Username and Password from the Web Server and checks its tables for that Username and Password and sends the result of the authentication to the Web Server.
  5. Web Server receives the authentication result from the database server and based on the result, redirects the User to the proper Webpage.
  6. If the authentication is true, the User gets signed in to the account, and if it fails User is asked to Sign-in again.


SQL Injection Attacks

 

A SQL injection attack exploits a vulnerability in a web server database by executing malicious SQL statements that allow the attacker to gain access to the database and read, modify, or delete information. Attackers can use SQL injection vulnerabilities to bypass application security measures. The websites and web applications that use an SQL database like MySQL, Oracle, SQL Servers, etc. may get affected due to SQL injection. An example of a SQL injection attack is making the condition true by giving the identical value to a web page. These values can be inserted into a login as follows:

 

How SQL Injection attacks are performed? 

For performing such attacks the attacker will first find few vulnerable user inputs within the web page or web application. A web page having such vulnerabilities uses such user inputs directly in a SQL query. The attacker then creates a malicious payload (contents created by the attacker). These contents are then sent and result in the execution of malicious SQL commands in the database.


PHP Injection

This attack provides the means for a Hacker to execute his/her system-level code on a target web server. The attacker takes the advantage of a script that contains system functions/calls to read and execute malicious code on a remote server. With this capability, an attacker can compromise the web server and access files with the same rights as the server system software. Most vulnerabilities are the result of bad coding habits or a lack of PHP application security awareness among developers. Most PHP web applications consist of parts of code from other web applications. If the shared piece of code is vulnerable, all the applications using it become vulnerable.

For example, several PHP programs contain a vulnerability that could enable the transfer of unchecked user commands to the eval() function.

Insecure Code Sample:

exec("ping -c 4 " .$_GET['host'], $output);

echo ""; 

print_r($output);

echo "";

 

 






 

PREVENTIONS AND SAFETY MEASURES

  1. Feeling nervous after knowing about such kinds of attacks and that it might happen on your system too? There is nothing to worry about since for every malicious action there is safety prevention. Let us look into a few of such preventive measures that can save your day.
  2. Avoid entering unknown websites, especially the ones which do not have an SSL certificate. This certificate encrypts your data and prevents attacks such as the MITM. Websites starting with HTTPS are secured and safe to go.
  3. Many antivirus programs such as AVAST use web searching protection which beforehand informs you whether the URL you want to go to is safe or not.
  4. You can protect your website against XSS attacks by simply setting up a web application firewall(WAF). WAF will act as a filter that will block any malicious requests to your website.
  5. To protect your website from SQL injection attacks, you must have a proper codebase with parameterized statements. You can even use any third-party authentication for database protection purposes. 
  6. Lastly, always scan for network loopholes in your system, update your antivirus software, firewall system, and OS system. 



 

Sources: Network Security: A Hacker's Perspective by Ankit Fadia.
 https://shounaksaheb.wordpress.com/category/web-hacking/     (self blog)
 https://www.sitepoint.com/how-to-install-apache-on-windows/

 

Image Sources:  

https://www.linkedin.com/pulse/how-web-works-part-ii-client-server-model-structure-preethi-kasireddy/
 

https://www.wallarm.com/what/what-is-mitm-man-in-the-middle-attack