Need help securing backend of website
- Thread starter Khawk
- Start date
- Status
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.
I think you'd be suprised how many servers get hacked every day. There are thousands if not millions of bots that just scout the web for servers and try various exploits on them.
Yes they get hacked but you make it sound like a its a major problem, think of it this way:
1 minecraft server gets hacked they loose a small amount of money. Unless it was hypixel or something it wouldn't be a huge issue.
It's not a "huge" issue but in most cases your server will be added to a bot-net and be taking apart in DDOS-attacks which mind end up getting your server suspended.
It is a major problem to small servers though regardless of how large they are. It is so easy to do this as there are so many tutorials out there that show you how to find xss and sql injection
That's why you get DDOS protection.[DOUBLEPOST=1470056943][/DOUBLEPOST]
It isn't a major problem if they have been clever and taken a backup of there server...
It's not the problem of them just deleting your website but with SQL injector etc, I would be able to access all of the emails, passwords and personal information of everyone that has registered to your website.
We did it boys, we hacked the mainframe.
Have a good day,
Xasabam[DOUBLEPOST=1470092135][/DOUBLEPOST]
If they're not encrypting passwords, they've got much bigger problems.
Last edited:
On a more serious note, you need to be way more specific about things if you want to get real help from anyone!
We did it boys, we hacked the mainframe.
Have a good day,
Xasabam[DOUBLEPOST=1470092135][/DOUBLEPOST]
If they're not encrypting passwords, they've got much bigger problems.
Wouldn't it just take a few hours though to decrypt all of the passwords depending on the encryption they are using?
I don't see why someone wouldn't be using SHA-256 for passwords. With current computers, it's unrealistic to directly "decrypt" anything encrypted with SHA-256. Realistically, it can't be undone. The most effective method would be to try to guess the password, encrypt it, and then see if the result matches with the one in the database. Obviously, this has no benefit over just trying to guess their password directly, and unless their password is incredibly weak, will take a long time.
Of course, if they're not encrypting and/or are not using encryption that is equivalent to SHA-256, they have massive problems.
DDoS protection wouldn't help if it's your server being used as one of the nodes in the botnet. DDoS protection usually only helps inbound, not outbound (though hosts will often suspend you if they detect malicious activity).
That's only if you get good hosting not some shit multicraft.
I'm pretty sure any host that isn't offshore and runs their own hardware has some solution in place to detect outbound attacks.
Meh, that's what you think, some of there service isn't great trust me.
Obviously some don't, and they get in trouble when bad clients join.
That is ridiculous. The attacker would have to add new software to you server such as a new plugin, or a modifier version of your server software. You can easily prevent that by keeping a backup of your server and if someone does gain access delete all the files and throw your backup on the server.
If it's a rat/trojan, and you reinstall your server software etc, it's still possible for it to come back as it has already been in the system and hard drive. That all depends on how good the code is for it.
If your host doesn't allow you to access the system / hard drive the "trojan" won't be able to either.
- Status
