WEB DEFACEMENT AND WEBSITE FORGERY

BY: CHANDEEP CHANDNI CHARU CHAVI DARPAN DEEKSHA

WEB DEFACEMENT

INTRODUCTION

Defacement is generally meant as a kind of electronic graffiti, although recently it has become a means to spread messages by politically motivated "cyber protesters" or hacktivists.

Website defacement is an attack on a website that changes the visual appearance of the original site.

This is a very common form of attack that seriously damages the trust and the reputation of a website.

Today's web defacements are more than just a graffiti or hactivism as attackers do it as a starting milestone causing more serious computer security problems like botnets, phishing, spams, malware hosting etc.

VULNERABILITIES Website defacement might not get as much

publicity as the other forms of attacks on the web, but that is not to say it is not as prevalent. Here will address three facets of web defacement:-

the vulnerabilities that allow a hacker inside your website

how the hacker defaces the website how to prevent website defacement.

An important and often overlooked aspect of web design is WEB SECURITY, securing your website is an extremely important step in maintaining data integrity and availability of resources.

Availability issues are raised along side security issues because if the hacker fails to deface your site, he might then proceed to attack it with a DOS (Denial of Service) attack.

FOR EXAMPLE: When coding HTML do not try to hide your passwords in the HTML code. This sounds like a reasonable first step to protecting your website, but many web developers out of laziness do this. Also, don’t try to hide anything within your comments or documentation that might reveal too much in the way of your schema or design of elements such as a database

EXAMPLES

Hong Kong official government website.

The Hong Kong official government was hacked by Chinese hackers making a political statement by embarrassing the prime minister and his wife. This is a perfect example of why web defacement should be paid attention to more closely and be protected against.

Website defacement during weeks of the Iraq war.

One event in particular that did spur many website defacements was the Iraq war, specifically at the onset of the war. Below there is a graph obtained from www.f-secure.com, a website focused on security and cataloging many of the defaced sites. This graph in particular lists week 10-12 of the Iraq war.

METHODS TO PROTECT DEFACEMENT

To protect a website against such attacks there are various methods.

First, do not write any code, passwords, or schemas within the HTML of your website that will give hackers clues searching for victims something they can work with. Create proper and strict form validation, allowing too many value types can open a backdoor for the hacker.

Beware of the security in your message boards. Script kiddies are known to use widely available malware and code to get in through message boards.

Buying software designed specifically to protect your website. For example, www.catbird.com offers software specifically made to ensure content integrity on your site. Every two minutes it checks the pre-approved content authorized by you against any changes made and will promptly warn you.

Another Web application designed to protect sites is WebAgain by Lockstep. WebAgain is a simple application that sits as a kind of staging server where site authors send their content.

The tool uses FTP or a network share to send new content to any Web server and to check if pages have been changed on the site. Checks can be made as often as required

CONCLUSION

It used to only embarrass the company who had gotten defaced. However we are now seeing it evolve into more sinister and dangerous intentions. Personal information such as credit card numbers or other forms of identity can be picked off by savvy hackers who manage to break into a website. For these reasons, web defacements warrants serious considerations from security experts and should be a top priority for any website owner

What is a Web Forgery? What is Phishing?

INTRODUCTION

Web Forgery (also known as “Phishing”) is a form of identity theft that occurs when a malicious Web site impersonates a legitimate one in order to trick you into giving up sensitive information such as passwords, account details, or credit card numbers. Phishing attacks usually come from email messages that attempt to lure the recipient into updating their personal information on fake, but very real looking, Web sites

Frequently askedQuestion

What is an Attack Site? What is Malware?

Malware is software designed to infect your computer without your knowledge. Malware is most often used to steal personal information, send junk e-mail (spam), or spread more malware.

Attack Sites are Web sites that try to infect your computer with malware when you visit. These attacks can be very difficult to detect; even a site that looks safe may be secretly trying to attack you. Sometimes the Web site’s owner won’t even know that the site has been turned into an Attack Site.

Link manipulation

How do I use the Phishing and Malware Protection features?

These features are turned on by default so unless your security preferences have been changed, you are likely already using them. Phishing and Malware Protection options can be found on the Security Preferences pane. 

Go to Tools > Options… > Security.

FRAUDULENT WEBSITE IN THE NAME OF SHIRDI SAI BABA

www.saibabasansthan.in This fraudulent website promises to give every person 1

to 108 Silver Flowers for Baba's offering, in return of a payment ranging from INR.561/- to INR.41,116/-On seeing this appeal, on the occasion of Akshaya Tritiya this year, many a Sai Devotees got deceived and they made payments to this website, with a hope of getting the promised Silver Flowers & Prasad from Shirdi. 

But when nothing came in Hand, they knocked the doors of the Sai Sansthan in Shirdi. It is then when the Sansthan also learnt of this fraud website being run.