DDoS - A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. This is the result of multiple compromised systems (for example a botnet) flooding the targeted system(s) with traffic. When a server is overloaded with connections, new connections can no longer be accepted and the system shuts down.
Purpose: Shut down a website or company
Consequences: Down time, lost business, lost reputation
Remediation: SiteLock does not currently have remediation services
Redirect - (.htaccess - Linux) (web.config - windows) – This is when a website is correctly viewable when accessed through a browser directly, however when the site is searched for within Google or another search engine it is redirected to an unintended site. This type of a hack is commonly referred to as a .htaccess hack as that is the file affected.
Purpose: Steal traffic to increase SEO, ruin reputation, and steal customer info
Consequences: Lost business, lost reputation, customer lawsuits for stolen data
Remediation: Cleaning out the infected code with SMART or manually
Backdoor – When hackers break into a website or hosting account they will commonly leave a “Backdoor” file. This allows them easy access to come and go as they please. This is commonly found on sites that have had several attacks within a small period of time. These hacks are not as easy to find as there is usually no malicious script. They look just like normal files but are very malicious and give total control to the hacker.
Purpose: Ongoing control of a website
Consequences: Unlimited negative possibilities
Remediation: Cleaning out the infected code with SMART or manually
Defacement – This occurs when a customer’s website is replaced with a site the hacker puts up. This is commonly a one page site glorifying the hacker, hacking group or an opinion or belief by the hacker. This is usually where a hacker has replaced or rewritten a customer’s index file with a file of their own.
Purpose: Claim hacker credibility, practice, promote their belief/cause
Consequences: Lost business, customer distrust, lost reputation, blacklisting
Remediation: Remove the infected index file manually
Malware (Links) – This is one of the most common types of hacks seen at SiteLock. This is when a customer is directly or indirectly linking to a third party site that has been blacklisted by Google. Linking to a blacklisted site can result in your website being blacklisted by Google as well (domino effect). So whether the customer is linking to their friend’s site (puppyblankets.com) or the hacker has added new links for SEO purpose (buygoldcheapnow.us) the customer is in danger of being blacklisted by Google.
Purpose: Increase traffic to 3rd party sites, ruin reputation, practice
Consequences: Customers sent to wrong sites, customer distrust, blacklisting
Remediation: Manual website clean
SQLi – (Pronounced Sequel Injections) A code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injections exploit security vulnerabilities in an application's software, for example, when user input fields are not properly verified or when escape characters embedded in SQL statements are not used. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Examples:
- On October 1, 2012, a hacker group called "Team GhostShell" published the personal records of students, faculty, employees, and alumni from 53 universities including Harvard, Princeton, Stanford, Cornell, Johns Hopkins, and the University of Zurich on pastebin.com. The hackers claimed that they were trying to “raise awareness towards the changes made in today’s education”, siting changing education laws in Europe and increases in tuition in the US.
- On June 27, 2013, the hacker group "RedHack" breached the Istanbul Administration Site. They claimed that they’ve been able to erase people's debts to water, gas, internet, electricity, and telephone companies. Additionally, they published admin user name and password for other citizens to login and clear their debts.
- On June 1, 2011, "Hacktivists" were accused of using SQLi to steal coupons, download keys, and passwords that were stored in plaintext on Sony's website, accessing the personal information of a million users.
Purpose: Steal sensitive information stored in databases
Consequences: Lost customers, lost reputation, fines and fees
Remediation: Manual fix, validation of input fields, escape characters
Cross-Site Scripting (XSS) – There are two main types of cross-site scripting, reflective and stored.
Reflected (Non-Persistent): This occurs when the script or coding that they hacker has created is sent via a third party tool like an email. They will send this script in an email asking the victim to click on the link below and verify your logins or check out this site for instance. When the victim clicks on the link the code will be sent to the web application and then returned to the victim, essentially executing the code or script. If the victim enters any information it can be sent to the hacker and session cookies can be stolen.
Stored (Persistent): This is when the script or malware is stored on the web application. Stored XSS attacks are the most devastating as they affect all visitors to that specific page or link.
Purpose: Phishing or stealing customer information
Consequences: lost business, lost reputation, lawsuits
Remediation: Manual fixes, validation of input fields, escape characters
Pharma Hack – When a client has a site with several pharmacy ads on it you will know they are a victim of this type of attack. This can be seen directly on the website or when searched in Google. Sometimes hackers will hyperlink random words on a customer’s site that when clicked on take the visitor to an online pharmacy. Other times this will show pharmacy ads as headers when the site is searched in Google.
Purpose: Increased business for the online pharmacy, ruin reputation
Consequences: Lost reputation, lost business, customer distrust, blacklisting
Remediation: Remove the pharma coding automatically or manually
If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:
Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
| Country | Number |
| Australia | 0011 - 800-3687-7863 1-800-767-513 |
| Austria | 00 - 800-3687-7863 |
| Belgium | 00 - 800-3687-7863 |
| Denmark | 00 - 800-3687-7863 |
| Finland | 990 - 800-3687-7863 (Telecom Finland) 00 - 800-3687-7863 (Finnet) |
| France | 00 - 800-3687-7863 |
| Germany | 00 - 800-3687-7863 |
| Hong Kong | 001 - 800-3687-7863 (Voice) 002 - 800-3687-7863 (Fax) |
| Ireland | 00 - 800-3687-7863 |
| Israel | 014 - 800-3687-7863 |
| Italy | 00 - 800-3687-7863 |
| Japan | 001 - 800-3687-7863 (KDD) 004 - 800-3687-7863 (ITJ) 0061 - 800-3687-7863 (IDC) |
| Korea | 001 - 800-3687-7863 (Korea Telecom) 002 - 800-3687-7863 (Dacom) |
| Malaysia | 00 - 800-3687-7863 |
| Netherlands | 00 - 800-3687-7863 |
| New Zealand | 00 - 800-3687-7863 0800-4413101 |
| Norway | 00 - 800-3687-7863 |
| Singapore | 001 - 800-3687-7863 |
| Spain | 00 - 800-3687-7863 |
| Sweden | 00 - 800-3687-7863 (Telia) 00 - 800-3687-7863 (Tele2) |
| Switzerland | 00 - 800-3687-7863 |
| Taiwan | 00 - 800-3687-7863 |
| United Kingdom | 00 - 800-3687-7863 0800 121 6078 +44 (0) 118 953 3088 |