Consequences of Ignoring Cyber Hacker Attacks on Your Website

Updated on September 6, 2019
Glenn Stok profile image

Glenn is a systems analyst with a Master’s Degree in Computer Science. He teaches Internet related topics based on his professional insight.

This is a review of the harm caused by companies and government agencies that don't monitor real-time hacker attempts. I include a simple solution that I do with my website to block bots that search for access to data.

In May 2011, the following companies notified me that a hacker stole my personal info from their computers: Best Buy, Citigroup, Home Depot, Capital One, and JC Penny.

I discovered that all the companies in the 2011 data breach shared customer personal information with one single company. They all use the services of an advertising company named Epsilon in Dallas, Texas. In addition, their privacy policy isn't very protective since they all let Epsilon have the data on their customers.

With this combined data, Epsilon probably knows more about you than any individual company. In May of 2011, all your personal information that was on their database got out to hackers.

There are ongoing reports of compromised data on large corporate and government computer systems:

  • Sears and Kmart reported a data breach in 2017.
  • Hackers attacked the Equifax credit reporting agency in July 2017.

Even though the United States has a Cyber Command for Cybersecurity, they still lack a simple solution to stop threats in their tracks.
Even though the United States has a Cyber Command for Cybersecurity, they still lack a simple solution to stop threats in their tracks. | Source

Cyber Attack on Citibank and Others

According to Reuters, 360,000 Citigroup accounts were hacked with a cyber attack in May of 2011. Citibank should know how to protect their client's data from cyber threats. They have the resources, but they don't know how to fix it. A simple monitoring algorithm, as I do, would have stopped it before 100 hacks, not 360,000.

Those warning notices assured me that the breach did not include critical data required to commit fraud. However, that didn’t leave me with any secure feeling. Steal a little from one firm, more from another, and before you know it, they have all the data required to steal my identity.

I monitor my credit activity with a monitoring firm, so if someone were to apply for a loan in my name, they would notify me immediately. Therefore, I’m not worried for myself, but these ongoing cyber-attacks make me wonder how these big corporations can be so lacking with security.

In June 2011 a hacker group broke into a publicly allocated portion of the Senate’s website. Luckily they were stopped from getting into an internal part of the network by the site’s firewall. (Source: reuters.com).

Google Got Hacked Too

Even Google was hacked! In June 2011 hundreds of Gmail accounts were compromised by a hacker in China. Some of them belonged to U.S. Government officials. (Source: Washington Post).

We have to ask ourselves how safe our privacy is if all these trusted companies were hacked at the same time. They don't have strong enough defenses in place to detect and stop cyber attacks.

They can block hackers in real-time, but I don't see that anyone is doing enough to implement that safety measure. Computer systems that are online with the Internet need to have better controls in place to avoid hackers from getting through. They are continuously trying.

Processes need to be implemented to block predators the instant their attack is apparent.

How to Monitor a Website for Hacking Attempts

I have taken steps to monitor and stop hacker attacks in real-time on my website. Large corporations and government agencies can protect their computers that way too. But they don't!

The process is so easy. I wrote code to monitor and discover cyber attacks that seek to compromise security.

You might be familiar with the page on websites that tell you that you've reached a non-existent page. It's known as a 404 error page. If you click on a link to a page that no longer exists or if you mistype a URL, you will get that 404 error.

I used that error condition to capture information about visitors who got a 404 error. And more importantly, the software code I wrote tracks their activity in real-time to determine if they are attempting to hack into my database.

I capture info such as

  • the visitors IP address,
  • their location in the world,
  • the site and the page they were looking at before they clicked to my website,
  • the page they were trying to see,
  • the web browser they were using,
  • and even some of their system information.

How can I make use of that info to block a hacker? The trick is to automate it.

A large number of simultaneous 404 errors from the same IP address indicates possible hacking. I look up their DNS authenticity, and sometimes that shows, “Could be forged: hostname does not exist.” I find that to be an obvious clue that the visitor is up to no good.

I like to get notified in real-time via email to know what's going on with my website. However, that notification is not necessary. It's quite easy to write a routine to block hacker bots automatically. I'll explain a little later how to automate the process to stop hackers in their tracks.

How to Track Hacking Activity on a Website

Since I programmed my website to send me emails of hacker attempts with all the data, I get to see what they are trying to achieve. It's usually a search to find back door access, admin scripts, SQL database scripts, and PHP setup code. This activity indicates an attempt to gain access to our server through one of these routines.

I'm noticing that these attempts always have IP addresses from foreign countries such as China, Japan, Bangladesh, India, Russia, Brazil, Ukraine, Lithuania, and Jordan. It’s rare for me to catch a hacker from the U.S.

Some of these attacks are so vicious they take up a lot of bandwidth, hitting hundreds of non-existent pages in a matter of seconds. They are hoping to find one that is a back door entry to log in and get vital information from the rest of the server.

I keep my customer records offline with no connection to the Internet in any way whatsoever. Besides, I don't have any scripts online that would allow access to my data, but the hackers don't know that. They try to get access anyway and eventually will find a business website that is easy to penetrate, and sometimes they find something useful.

Hackers use bots to scan every computer in the world or a selected country. Some scripts their bots are searching for, allow them to plant executable code to search for things like customer records.

How Companies Allow Access to Their Data Without Knowing It

Since I wrote code to send me emails showing what these hackers are looking for, I have discovered a particular targeted search that happens almost every day. Hackers are looking for a file by the name of crossdomain.xml.

I don’t have that file on my server, but they keep scanning computers until they find it on some server somewhere. It may be a government installation or a big corporate office computer. Eventually, they find one that has this file, and once they do, they have a field day collecting data.

This file lets a user opt-in to allow other sites to read its data. Typically JavaScript, Flash, and Java limit reading data from the same website in the same domain. However, opting-in to allow cross-domain data access is opening the door for trouble.

I am shocked that so many websites use this without monitoring it closely. That is the only reason why hackers are searching through all sites until they find it. I feel that since I get hackers searching for this every day, it must be quite prominent. I wonder if some Webmasters have it on their server and don’t even realize it.

How to Block Hackers and Stop Cyber Attacks

This last section is for Webmasters. Anyone else who’s interested can follow along to get the jest of what I’m about to explain. Programmers and webmasters will understand this, but I’ll explain it in plain English so anyone can follow along.

Make a 404.php file and specify that to be the page to display when someone clicks to a non-existent page or enters a non-existent page in their browser. That method will also capture bots that go around the Internet searching for back doors. Back doors are scripts that allow access.

Make the page display a friendly error telling a legitimate visitor that they stumbled upon a non-existent page. Include options to find their way around your website.

Now for the critical part:

Write PHP code that monitors hacker attacks. The method is to keep track of how many requests ended up with error-404's by the same IP address within a specified time—say 30 seconds.

If more errors occur than is a reasonable number for a human, then it is most likely a cyber hacker bot. Examine the requests for files that include SQL, admin, crossdomain, login, scripts, setup, and anything else that could provide a method of access to a hacker.

If there is a match, then you can safely assume this is a hacker. No one else would be looking for these types of scripts and getting continuous 404 errors while searching.

The next step of the PHP routine is to capture

  • the HTTP referrer (where they came from),
  • the redirect status (status code),
  • the HTTP user agent (browser info),
  • the server signature (webserver info),
  • and any other info you might want to track.

Write additional PHP code that blocks that IP address. On an Apache server, you do that by adding a deny record to the "htaccess" file. That's the trick to block the hacker, and it takes just milliseconds.

You can also include PHP code to send the details of the hacker attempt to an administrator’s email address for follow up. You can also post the info to a report file that can be printed later for review.

A Central Database of Hacker IP Addresses Is Strongly Needed

Imagine if everyone would share their hacker’s IP address with other field office computers so they can block any discovered hackers too. The possibilities are endless.

With this method, cyber hackers can be stopped in real-time before they succeed with getting through and compromising a server. If they try again from a different IP address, that too will be blocked in real-time. They won't have a chance!

I have other ideas to enhance this implementation, such as developing a way to send hacker's IP addresses to a central database. The United States Cyber Command for Cybersecurity is just the place for that! How about it?

There presently are several sites where you can report hackers. Even the FBI has a “File a Complaint” link on their website for this purpose. But the data has to be entered by a human and it's time-consuming. I wish I could just let the code I wrote interface with something like that when it happens.

I think all Webmasters need to work together to control cybercrime. They can shut the door to these attacks, and the Internet can be much more secure for us all.

This content is accurate and true to the best of the author’s knowledge and is not meant to substitute for formal and individualized advice from a qualified professional.

Questions & Answers

    © 2011 Glenn Stok

    Reader Comments

      0 of 8192 characters used
      Post Comment
      • Glenn Stok profile imageAUTHOR

        Glenn Stok 

        7 years ago from Long Island, NY

        ryankett, That's good you do that. I find when I have high traffic all from one IP, he or she is trying multiple ways to log into some admin back door. It's useless for them since I don't have nay opening like that. But they try anyway, until they find another site where they get access and can do mayhem.

        A useful tool... dnsstuff.com shows the full range of IP's for the country when you search for any IP address. It also shows the country fraud profile, which is high for China, India, Russia and others I mentioned in this Hub.

        So I block those entire countries too. Trouble is, they have multiple ranges of IP's and you may not be blocking the entire country. You have to keep adding more IP ranges each time you find another situation as you explained.

        Nevertheless, you are doing the right thing. Good for you! Thanks for stopping by and sharing.

      • profile image

        ryankett 

        7 years ago

        Can I tell you what I do? It's not a smart way of working, but it's better than nothing.

        I check my analytics three times per day. When I have a large amount of direct traffic from the same city (e.g. 150 visits, 60 from Portland), I go into my Cpanel and determine the IP address of the visitor. I then block the IP address.

        I have also blocked all IPs from Iran, China, and a couple of other countries - because 80% of the time my unexplained direct traffic was coming from these place!

      • htodd profile image

        htodd 

        8 years ago from United States

        These days hacking attempts are huge ,Everyone must loook into this ..Great hub ,Thanks Glenn

      • Glenn Stok profile imageAUTHOR

        Glenn Stok 

        8 years ago from Long Island, NY

        ThunderKeys, This Hub is for those who maintain their own website. But I do have another Hub about avoiding scams that answers your question about protecting your personal information and your own computer. Bank account information is usually taken from you by you inadvertently giving it away. People do this by clicking on links in emails to log into their bank account. Not realizing that they have clicked to a fake site. You can protect yourself and your security by making a policy to never clock on a link in an email. Period. Instead, go to the site of your bank via your own saved bookmarks, or by typing in the url.

      • ThunderKeys profile image

        ThunderKeys 

        8 years ago

        Glen Ditto on all of the above comments! Your content is always incredible.

        I'm a professional counselor with no computer skills. I call tech support to find the "any-key" when ever I'm asked to press it.

        Are there any ways for people who can't write code or understand even the introductory tech language you've used here to protect their computers and websites from hackers?

        We've had a number of bizarre things happen with our home computers including having our bank account information hacked last year.

        The bank wouldn't give us any details about what actually happened except to say that someone was trying to access our bank account with stolen information from our computer.

      • ronhi profile image

        ronhi 

        8 years ago from Kenya

        Even Google was hacked? Thundering typhoons!Thanks for the tips u have shared though. very informative. I will definitely try to do that on my website too. Hope wont get stuck somewhere:-)

      • sligobay profile image

        sligobay 

        8 years ago from east of the equator

        Thanks Glenn for an easy-to-read article on complex subject matter. I'll forward the link to all my contacts.

      • Glenn Stok profile imageAUTHOR

        Glenn Stok 

        8 years ago from Long Island, NY

        moiragallaga - All the reports about successful attacks makes it clear that companies need to crack down on this. Thanks for your insightful comment.

      • moiragallaga profile image

        Moira Garcia Gallaga 

        8 years ago from Lisbon, Portugal

        Very good and useful advice Glenn. I'm not tech savvy so quite a it of the technical stuff you discussed is way beyond my comprehension. however, your point comes clearly across about our need to protect our sites and especially our personal information and data. It's scary to know that big companies are quite vulnerable and how easily our data that they have can be easily compromised. I thought these big companies invested heavily in securing their systems.

      • Glenn Stok profile imageAUTHOR

        Glenn Stok 

        8 years ago from Long Island, NY

        jenubouka - 404 is an error that is returned when you try to go to a page on a website that does not exist. Thanks for checking out my hub.

        dallas93444 - Interesting analogy. That's a helpful and accurate way to explain it. The security systems you ask about do not do what I propose in this hub. It's not perfect either, but it sure stops an intruder while they are still searching.

      • dallas93444 profile image

        Dallas W Thompson 

        8 years ago from Bakersfield, CA

        Good information. Perhaps our computers are seen by the "bad guys" as a farmer's produce stand on the honor system. No one is around and they snatch what they can get...

        How come our secutity systems do not catch/stop this intrusion?

      • profile image

        jenubouka 

        8 years ago

        Great info here, we who use the web and all its blunder should take our safety in our own hands and if one relies on the internet for a large part of their business and personal life they should educate themselves how to protect their info. Thank you, though I have no idea what you are talking about as far as 404 code, it has inspired me to learn what it is and how to do it

      • Glenn Stok profile imageAUTHOR

        Glenn Stok 

        8 years ago from Long Island, NY

        Pamela - Very well stated. We always have to try to stay one step ahead of them. Thanks for checking out my hub.

      • Pamela N Red profile image

        Pamela N Red 

        8 years ago from Oklahoma

        Glenn, it's terrible we have to do things like this and be so vigilant of people who look for ways to get our personal information. I haven't gotten any notices in my email lately but have had one of my banks send me a new card a year a go because they had some information compromised. Most have security devices in place but the hackers keep getting smarter and if they want it badly enough can get to it.

      • Glenn Stok profile imageAUTHOR

        Glenn Stok 

        8 years ago from Long Island, NY

        Ania L -

        You're welcome Ania. Thanks for stopping by.

        FloraBreenRobison -

        No question is ever a stupid question. It shows you are inquisitive. The 404 error page can only be created by the website owner, such as the Webmaster. Wordpress and other blogger sites usually already have a page for 404 errors. Try going to a non-existent page and you'll see it.

        But what I was talking about was adding code (can be PHP, javascript or any other way too) that will capture cyber attackers and immediately block them. I don't think anyone else is doing that in such a straightforward manner, if at all. Especially not those companies I got those emails from.

        K9keystrokes -

        Thank you so much for such kind words. I agree with you that the big companies should definitely use some form of instant blocking.

        Simone -

        You'd be amazed. I bet your personal site IS being attacked. But they are not finding anything they can use to gain enrty. The bots hackers use try every possible IP address and then move on to the next, looking for an insecure server. Really nice to see you stop by. Thanks for checking out my entry into this weeks topic.

      • Simone Smith profile image

        Simone Haruko Smith 

        8 years ago from San Francisco

        This is really something, Glenn! You've given me a lot of things to work on personally to make my online life more secure. What a useful Hub this is!

        I don't think that anyone would want to hack into my personal websites at this point, but if I ever have something that's worth defending, I'll certainly be returning to your Hub and doing exactly what you've done. I can't believe I hadn't heard about those methods before!

      • K9keystrokes profile image

        India Arnold 

        8 years ago from Northern, California

        Wow Glenn, this is a ton of information in one convenient Hub! I think you have a brilliant approach, monitoring potential hacker cyber attacks on your website is so pro-active! Sure wish some of those big companies would implement this idea. So many of us could learn a ton from your expertise. Thank you for sharing your well thought out and presented tactics.

        Cheers~

        K9

      • FloraBreenRobison profile image

        FloraBreenRobison 

        8 years ago

        Forgive me for sounding stupid, but I do not know how you create a 404 php.file or code. Where on the site do you do this, for example, on a Wordpress or Blogger site? Do these parent websites, for lack of a better term, have a page of FAQ or instructions as to how to do this or do they expect you to be tech savvy?

      • Ania L profile image

        Ania L 

        8 years ago from United Kingdom

        A lot of interesting information here, I guess I'll come back to it few more times to absorb it better :) Thanks for that, especially for the idea of 404!

      working

      This website uses cookies

      As a user in the EEA, your approval is needed on a few things. To provide a better website experience, turbofuture.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

      For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://turbofuture.com/privacy-policy#gdpr

      Show Details
      Necessary
      HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
      LoginThis is necessary to sign in to the HubPages Service.
      Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
      AkismetThis is used to detect comment spam. (Privacy Policy)
      HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
      HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
      Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
      CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
      Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
      Features
      Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
      Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
      Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
      Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
      Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
      VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
      PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
      Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
      MavenThis supports the Maven widget and search functionality. (Privacy Policy)
      Marketing
      Google AdSenseThis is an ad network. (Privacy Policy)
      Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
      Index ExchangeThis is an ad network. (Privacy Policy)
      SovrnThis is an ad network. (Privacy Policy)
      Facebook AdsThis is an ad network. (Privacy Policy)
      Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
      AppNexusThis is an ad network. (Privacy Policy)
      OpenxThis is an ad network. (Privacy Policy)
      Rubicon ProjectThis is an ad network. (Privacy Policy)
      TripleLiftThis is an ad network. (Privacy Policy)
      Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
      Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
      Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
      Statistics
      Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
      ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
      Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
      ClickscoThis is a data management platform studying reader behavior (Privacy Policy)