Monitor Your Website For Cyber Hacker Attacks

Even though the United States has a Cyber Command for Cybersecurity, they still lack a simple solution to stop threats in their tracks.
Even though the United States has a Cyber Command for Cybersecurity, they still lack a simple solution to stop threats in their tracks. | Source

I have taken steps to monitor and stop hackers in real time when they attack my own website. And I'll explain how. Why can't big business do the same?

In May 2011 I received emails from Best Buy, Citigroup, Home Depot, Capital One and JC Penny, warning me that my personal info was stolen from their computers.

You might have received these notices too. There are continual reports of data being compromised on large corporate and government computer systems.

I was wondering how all these companies I do business with had failed to protect my data.

Digging a little deeper I discovered that all of them shared my personal information with one common company. They all use the services of an advertising company named Epsilon in Dallas, Texas. And their privacy policy isn't very protective as they all let Epsilon have the data on their customers.

So Epsilon probably knows more about you, with the combined data, than any of the individual firms you deal with. And I can only guess what can happen when Epsilon gets hacked, as they did in May 2011.

Citibank should know how to protect their client's data from cyber threats. They have the resources. They just don't have the knowledge.  A simple monitoring algorithm, as I do, would have stopped it before 100 hacks, not 360,000.
Citibank should know how to protect their client's data from cyber threats. They have the resources. They just don't have the knowledge. A simple monitoring algorithm, as I do, would have stopped it before 100 hacks, not 360,000.

According to Reuters, 360,000 Citigroup accounts were hacked in the May cyber attack.

It doesn’t leave me with any kind of a secure feeling when the notices I received went on to say that no critical data required to commit fraud was taken. Steal a little from one firm, a little from another, and before you know it, they have all the data required to steal my identity.

I monitor my credit activity with So if someone were to apply for a loan in my name, I would be notified immediately. So I’m not really worried for myself. But these ongoing cyber attacks make me wonder how these large corporations can be so lacking of security.

In June 2011 a hacker group broke into a publicly allocated portion of the Senate’s website. Luckily they were stopped from getting into an internal part of the network by the site’s firewall. (Source: )

Sympathetic people leave flowers and candles at the Google’s Chinese headquarters after hacked.
Sympathetic people leave flowers and candles at the Google’s Chinese headquarters after hacked. | Source

Even Google was hacked!

In June 2011 hundreds of Gmail accounts were compromised by a hacker in China. Some of them belonged to U.S. Government officials. (Source: Washington Post).

We have to ask ourselves how safe our privacy is if all these trusted companies were hacked at the same time. They evidently do not have strong enough defenses in place to catch and trap cyber attacks.

It can be done and hackers can be blocked in real time. But I don't see that being done enough.

Computer systems that are online with the Internet need to have better controls in place to avoid hackers from getting through. They are continuously trying. And processes need to be developed that block the specific preditor the instant their attack is obvious.

What I Did To Protect My Website

I have taken additional steps with my own business web site. I wrote some code to monitor and discover cyber attacks that seek to compromise security.

You might be familiar with the page on most websites that tells you you've reached a non-existent page. Webmasters now this as a 404 error page. If you click on a link to a page that no longer exists or if you type the URL yourself and mistype it, you will go to that 404 page. In most cases this is simply another HTML coded page that may include additional instructions to help guide the visitor. Here's an example...

Example of my 404 error page
Example of my 404 error page | Source

I went a step further with my own website by creating real time monitoring of server hacking attempts.

I wrote a 404 error routine that captures information about the visitor and sends it to me immediately in an email. A large number of 404 errors indicates possible hacking. So I capture info such as the visitors IP address, their location in the world, what site and page they were just looking at before they clicked to my site, what page they are trying to see, what web browser they are using and even some of their system information.

I also look up of their DNS authenticity and sometimes the report states “Could be forged: hostname does not exist.” I find that interesting and an obvious clue that this visitor is up to no good.

Any Webmaster knows that all this information is available. After all, Google even gives us that info about visitors to our HubPages in our Google Analytics and Webmaster reports.

But I wonder how many big companies monitor this in real time for security reasons? If I can do it, they sure can. And they should.

Now I know what you are thinking. How can I make use of the info to block the hacker? And how can a big company with even more traffic ever keep up with constant cyber attacks, when little old me gets at least one per day?

The trick is to automate it. I like to get notified in real time via email just to know what going on with my website. But notifying a human being is not necessary. It's actually quite easy to write a routine to block hacker bots. I'll explain a little later how to automate the process to stop hackers in their tracks. It technical so I'll leave it for last.

What Hackers Are Up To

Since I get this information in real time, I can block IP addresses immediately when I see an attempt to find a back door access. But I also get to see what they are looking for.

I learn from those email notifications that the excessive attempts that end up getting 404 errors are searching for admin scripts, sql database scripts, and php setup code. This activity indicates to me an attempt to gain access to our server by hunting for a back door.

I'm noticing that these attempts always have IP addresses from foreign countries such as China, Japan, Bangladesh, India, Russia, Brazil, Ukraine, Lithuania, and Jordan. It’s very rare for me to catch a hacker from the U.S.

Some of these attacks are so vicious they take up a lot of bandwidth, hitting hundreds of non-existence pages in a matter of seconds. Obviously hoping to find one that is a back door entry to log in and get vital information from the rest of the server.

Some back doors they are searching for allow them to plant executable code to search for things like customer records. In my case, I don't have any scripts online that would allow access to my data. But the hackers don't know that and they are actually just using bots to scan every computer in the world, or in a selected country. Anyway, I keep my customer records off line. No connection to the Internet in any way whatsoever. And credit card info is not kept at all.

The hackers are doing this across the web and eventually they find a computer server where they can get in and sometimes they actually find something useful.

Allowing Access To Data Without Knowing It

Since I wrote code to send me emails showing what these hackers are looking for, I have discovered a particular targeted search that happens almost every day. Hackers looking for a file by the name of crossdomain.xml.

I don’t have that file on my server. But they keep scanning computers until they find it on some server somewhere. It may be a government installation or a big corporate office computer. Eventually they find one that has this file and once they do, they have a field day collecting data.

This file lets a user opt-in to allow other sites to read its data. Normally JavaScript, Flash, and Java limit reading data from the same website in the same domain. But opting-in to allow cross-domain data access is opening the door for trouble.

I am shocked that so many websites use this without monitoring it closely. This is the only reason why hackers are searching all sites until they find it. I feel that since I get hackers searching for this every day, it must be quite prominent. I wonder if some Webmasters have it on their server and don’t even realize it?

Stop Hackers In Their Tracks With Cyber Attack Monitoring

This last section is for Webmasters. But anyone else who’s interested can follow along to get the jest of what I’m about to explain. I'll explain it in English so anyone can follow along.

I’m not going to show my code that I wrote for my site. And it's not for sale either. But I will explain clearly what needs to be done. Programmers and webmasters will understand this.

Make a 404.php file and specify that to be the page to display when someone clicks to a non-existent page or enters a non-existent page in their browser. This will also capture bots that go around the Internet searching for back doors. Back doors are scripts that allow access.

Make the page display a friendly error telling a legitimate visitor that they stumbled upon a non-existent page and give them other options to find what they are looking for.

Now for the fun part...

Write PHP code that monitors hacker attacks. The method is to keep track of how many requests ended up with error-404's by the same IP address in a specified time period... say 30 seconds.

If more errors occur than is a reasonable number for a human, then it is most likely a cyber hacker bot. Examine the requests for files that include sql, admin, crossdomain, login, scripts, setup, and anything else that could provide a method of access to a hacker.

If a match is found then you can safely assume this is a hacker. No one else would be looking for access scripts and getting continuous 404 errors while searching.

So the next step of the PHP code routine is to capture the http referrer (where they came from), the redirect status (status code), the http user agent (browser info), the server signature (web server info), and any other info you might want to track.

Write additional PHP code that blocks that IP address. On an Apache server that’s done by adding a deny record to the htaccess file. That's the trick to block the hacker and it'll be done in milliseconds.

You can also include PHP code to send the details of the hacker attempt to an administrator’s email address for follow up. Or write the info to a report file that can be printed later for review.


The possibilities are endless of what you can do with this. Such as sharing the hacker’s IP address with other field office computers so they can block any discovered hackers too.

With my method I just described, cyber hackers can be stopped in real time before they succeed with getting through and compromising a server. If they try again from a different IP address, that too will be blocked in real time. They won't have a chance!

I have other ideas to enhance this implementation. How about developing a way to send hacker's IP addresses to a central database in real time.

There presently are a number of sites you can report hackers. Even the FBI has a “File a Complaint” link on their site for this purpose. But the data has to be entered by a human and it's time consuming. I wish I could just let the code I wrote interface with something like that when it happens.

I think all Webmasters need to work together to control cyber crime. The door can be shut to these attacks and the Internet can be made much more secure for us all.

© 2011 Glenn Stok

More by this Author

Reader Comments 31 comments

Ania L profile image

Ania L 5 years ago from United Kingdom

A lot of interesting information here, I guess I'll come back to it few more times to absorb it better :) Thanks for that, especially for the idea of 404!

FloraBreenRobison profile image

FloraBreenRobison 5 years ago

Forgive me for sounding stupid, but I do not know how you create a 404 php.file or code. Where on the site do you do this, for example, on a Wordpress or Blogger site? Do these parent websites, for lack of a better term, have a page of FAQ or instructions as to how to do this or do they expect you to be tech savvy?

K9keystrokes profile image

K9keystrokes 5 years ago from Northern, California

Wow Glenn, this is a ton of information in one convenient Hub! I think you have a brilliant approach, monitoring potential hacker cyber attacks on your website is so pro-active! Sure wish some of those big companies would implement this idea. So many of us could learn a ton from your expertise. Thank you for sharing your well thought out and presented tactics.



Simone Smith profile image

Simone Smith 5 years ago from San Francisco

This is really something, Glenn! You've given me a lot of things to work on personally to make my online life more secure. What a useful Hub this is!

I don't think that anyone would want to hack into my personal websites at this point, but if I ever have something that's worth defending, I'll certainly be returning to your Hub and doing exactly what you've done. I can't believe I hadn't heard about those methods before!

Glenn Stok profile image

Glenn Stok 5 years ago from Long Island, NY Author

Ania L -

You're welcome Ania. Thanks for stopping by.

FloraBreenRobison -

No question is ever a stupid question. It shows you are inquisitive. The 404 error page can only be created by the website owner, such as the Webmaster. Wordpress and other blogger sites usually already have a page for 404 errors. Try going to a non-existent page and you'll see it.

But what I was talking about was adding code (can be PHP, javascript or any other way too) that will capture cyber attackers and immediately block them. I don't think anyone else is doing that in such a straightforward manner, if at all. Especially not those companies I got those emails from.

K9keystrokes -

Thank you so much for such kind words. I agree with you that the big companies should definitely use some form of instant blocking.

Simone -

You'd be amazed. I bet your personal site IS being attacked. But they are not finding anything they can use to gain enrty. The bots hackers use try every possible IP address and then move on to the next, looking for an insecure server. Really nice to see you stop by. Thanks for checking out my entry into this weeks topic.

Pamela N Red profile image

Pamela N Red 5 years ago from Oklahoma

Glenn, it's terrible we have to do things like this and be so vigilant of people who look for ways to get our personal information. I haven't gotten any notices in my email lately but have had one of my banks send me a new card a year a go because they had some information compromised. Most have security devices in place but the hackers keep getting smarter and if they want it badly enough can get to it.

Glenn Stok profile image

Glenn Stok 5 years ago from Long Island, NY Author

Pamela - Very well stated. We always have to try to stay one step ahead of them. Thanks for checking out my hub.

jenubouka 5 years ago

Great info here, we who use the web and all its blunder should take our safety in our own hands and if one relies on the internet for a large part of their business and personal life they should educate themselves how to protect their info. Thank you, though I have no idea what you are talking about as far as 404 code, it has inspired me to learn what it is and how to do it

dallas93444 profile image

dallas93444 5 years ago from Bakersfield, CA

Good information. Perhaps our computers are seen by the "bad guys" as a farmer's produce stand on the honor system. No one is around and they snatch what they can get...

How come our secutity systems do not catch/stop this intrusion?

Glenn Stok profile image

Glenn Stok 5 years ago from Long Island, NY Author

jenubouka - 404 is an error that is returned when you try to go to a page on a website that does not exist. Thanks for checking out my hub.

dallas93444 - Interesting analogy. That's a helpful and accurate way to explain it. The security systems you ask about do not do what I propose in this hub. It's not perfect either, but it sure stops an intruder while they are still searching.

moiragallaga profile image

moiragallaga 5 years ago from Lisbon, Portugal

Very good and useful advice Glenn. I'm not tech savvy so quite a it of the technical stuff you discussed is way beyond my comprehension. however, your point comes clearly across about our need to protect our sites and especially our personal information and data. It's scary to know that big companies are quite vulnerable and how easily our data that they have can be easily compromised. I thought these big companies invested heavily in securing their systems.

Glenn Stok profile image

Glenn Stok 5 years ago from Long Island, NY Author

moiragallaga - All the reports about successful attacks makes it clear that companies need to crack down on this. Thanks for your insightful comment.

ThoughtSandwiches profile image

ThoughtSandwiches 5 years ago from Reno, Nevada

Hi Glenn...I have to say...this is an excellent hub with all kinds of details that (I didn't even know existed)...thanks for your great research and presentation!

PS...I like your floating face above the Voting buttons...yes...I voted...frequently and often!

BlissfulWriter profile image

BlissfulWriter 5 years ago

those are good tips to put in the 404 page. Definitely bookmarking article.

Glenn Stok profile image

Glenn Stok 5 years ago from Long Island, NY Author

ThoughtSandwiches - Yep, that's me! Thanks for the vote.

BlissfulWriter - Glad I could help. Let me know if you implement it and what you discover afterwards.

sligobay profile image

sligobay 5 years ago from east of the equator

Thanks Glenn for an easy-to-read article on complex subject matter. I'll forward the link to all my contacts.

Glenn Stok profile image

Glenn Stok 5 years ago from Long Island, NY Author

Sligobay, thanks for sharing.

Thriller profile image

Thriller 5 years ago from India

This is a really useful Hub Glenn. I will implementing these tips on my blogs. Thanks!

Glenn Stok profile image

Glenn Stok 5 years ago from Long Island, NY Author

Thriller, I'm glad you found this useful. Let me know how it works out when you implement it on your blog site.

Ubanichijioke 5 years ago

This is quite technical and useful. The only way to stop hackers is to put mechanisms in place and monitor all their activities but this requires a whole lot of technical know-how. Awesome and informative hub. Be blessed sir.

Sinea Pies profile image

Sinea Pies 5 years ago from Northeastern United States

Oh, this is where I wish I spoke html. I've learned a few little tricks but not like what you are talking about for webmasters. As usual, Glen Stok, great hub.

Hello, hello, profile image

Hello, hello, 5 years ago from London, UK

OMG, Glen, you are a marvel to me. This is a fantastic and helpful hub. Thank you.

ronhi profile image

ronhi 5 years ago from Kenya

Even Google was hacked? Thundering typhoons!Thanks for the tips u have shared though. very informative. I will definitely try to do that on my website too. Hope wont get stuck somewhere:-)

Jeff_McRitchie 5 years ago

I really enjoyed reading this Hub and found it to be very informative. Thanks for sharing it with us!

ThunderKeys profile image

ThunderKeys 5 years ago

Glen Ditto on all of the above comments! Your content is always incredible.

I'm a professional counselor with no computer skills. I call tech support to find the "any-key" when ever I'm asked to press it.

Are there any ways for people who can't write code or understand even the introductory tech language you've used here to protect their computers and websites from hackers?

We've had a number of bizarre things happen with our home computers including having our bank account information hacked last year.

The bank wouldn't give us any details about what actually happened except to say that someone was trying to access our bank account with stolen information from our computer.

Glenn Stok profile image

Glenn Stok 5 years ago from Long Island, NY Author

ThunderKeys, This Hub is for those who maintain their own website. But I do have another Hub about avoiding scams that answers your question about protecting your personal information and your own computer. Bank account information is usually taken from you by you inadvertently giving it away. People do this by clicking on links in emails to log into their bank account. Not realizing that they have clicked to a fake site. You can protect yourself and your security by making a policy to never clock on a link in an email. Period. Instead, go to the site of your bank via your own saved bookmarks, or by typing in the url.

manthy profile image

manthy 5 years ago from Alabama,USA

Thanks for the info - I have a site and this has helped me more than you know.

I have bookmarked this hub ;0)

Glenn Stok profile image

Glenn Stok 5 years ago from Long Island, NY Author

manthy, Glad you can make good use of it.

htodd profile image

htodd 5 years ago from United States

These days hacking attempts are huge ,Everyone must loook into this ..Great hub ,Thanks Glenn

ryankett 4 years ago

Can I tell you what I do? It's not a smart way of working, but it's better than nothing.

I check my analytics three times per day. When I have a large amount of direct traffic from the same city (e.g. 150 visits, 60 from Portland), I go into my Cpanel and determine the IP address of the visitor. I then block the IP address.

I have also blocked all IPs from Iran, China, and a couple of other countries - because 80% of the time my unexplained direct traffic was coming from these place!

Glenn Stok profile image

Glenn Stok 4 years ago from Long Island, NY Author

ryankett, That's good you do that. I find when I have high traffic all from one IP, he or she is trying multiple ways to log into some admin back door. It's useless for them since I don't have nay opening like that. But they try anyway, until they find another site where they get access and can do mayhem.

A useful tool... shows the full range of IP's for the country when you search for any IP address. It also shows the country fraud profile, which is high for China, India, Russia and others I mentioned in this Hub.

So I block those entire countries too. Trouble is, they have multiple ranges of IP's and you may not be blocking the entire country. You have to keep adding more IP ranges each time you find another situation as you explained.

Nevertheless, you are doing the right thing. Good for you! Thanks for stopping by and sharing.

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.

    Click to Rate This Article