website attack and how to prevent from them

Top 10 Common Website Attacks And How To Prevent

Security is the most important thing to be considered when it especially comes to the website. If we see a close look, we can see different numbers of attacks coming and exposing the website every day.

There is various type of website attack which are affecting business, individual, social communities every day. However, if the website operator put an extra effort to take down or solve the severe security problem, then it can surely safeguard their website from their data being exposed to attackers.

10 Of The Most Commonly Used Web Attack Are

DDOS Attack

DDOS atack on website server

In this attack, a hacker breaks the accessibility of the host by temporarily disrupting the service of the host connected to the internet to its visitor and by denying all the permission from the server. In simple term it can be thought of as a group of people trying to enter a room, but an attacker closes the door. The attacker gets nothing when he performs DDOS attacks; however, for some of them, it can satisfy their need for service denial. This attack is beneficial when a business wants to take down another company by taking their website down.


Phising atack
Picture: Phishing Attack on Victim Credit Card Website

Phishing is the falseness act of accessing private and sensitive information, such as credit card, email, phone, password, etc. It is done by cloning the original website into HTML and allowing confusing people so that they can insert their sensitive information think that the site is original. Phishing website allows user to view spoofed website thinking that it is  legitimate and genuine. After the data is exposed to hacker phishing victim finds out that their information has been exposed.

SQL Injection

SQL injection on website server
Picture: SQL injection from sql query

Sql injection is a code injection attack in which hackers attemps to target data driven application. In this attack vulnerable SQL statements are inserted. This allows attackers to access, modify, duplicate and delete the existing data. A hacker with proficient knowledge in SQL can completely disclosure all the database in an existing system or can even make it unavailable and can become Dabatabse analyst of the server. SQLi is considered as one of top 10 web vulnerabilities.

Cross- Site Scripting

This attack in used in website when a hacker injects a malicious code into the web page which are viewed by other users. The injected code can execute in client side of the other. This attack can be used by attacker to gain access control. It use known vulnerabilities. A hacker seeks to find ways of injecting scripts into web pages an attacker can gain access to session cookies, and  many other information managed by the browser on behalf of the user. XSS is a method of code injection.

Man-in-the-Middle (MitM) Attack

Man in the Middle Atack
Picture: Man in the Middle Attack

In this attack Man refers especially to the hacker who acts in the middle of client and server. When two parties are exchanging informations between then attackers secretly relays or intercept the communication between two parties. In this process when two parties communicate with each other they may think that they are secrety communicating which in fact is in control of the hijacker.

Sensitive Data Exposure

Sensitive data exposure
Picture: Data Exposure

Sensitive Data Exposure Attack is especially used to bypass the different forms of encryption in order the target the specific senstitve information such as password, credit card, Personal Itentification Number etc. Secret data like password,Credit card etc mostly needs to be However, this is not securely implemented, if it is, in an unsecured or incomplete manner, Allowing the hacker to easily steal the information.

Eavesdropping Atack

Eavesdropping attack on victim website
Picture: Eavesdropping attack

Eavesdropping attack is the process of interception all the network traffic. By eavesdropping, a hacker can access passwords, credit card numbers, and other vital information that a user might be sending or receiving over the internet. Eavesdropping can be passive or active.

Brute Force Attack

Brute Forece Attack on userid and password
Picture: Brute-Force Attack

The is the most widely used to attack and very popular among hackers. This hack works in a way that If there is a login form in a website then the hacker can program a specialized script to continuously try to login to that website with different combination of key each time until the correct key is found. It may take time depending upon the weakness of the password. The best way to save yourself from bruteforce is to use long , strong and unique password.

Malware Attack

Malware Attack on website server
Picture: Malware Attack

A malware attack is a type of web attack in which a malicious code performs a designated activity in a victims computer they may or may not have knowledge about.

Session Hijacking

Session Hijacking
Picture: Session Hijacking on Server

When you’re using the internet, your computer has number of processes running with servers around the world. Each process has its own session containing your information. This process or session helps the server to identify your real identity, which should stay private between you and the webserver.  However, this can be intercepted by the attacker and can hijack the session by accessing the session ID and making a request from other SessionID allowing them to log in as an authorized person to view and modify unauthorized data.

Conclusion: You need a deep understanding of the attack before you can protect yourself. We have discussed 10 most common website attacks. We can see that that are various option for hackers to choose between the types of attack such as DDoS, malware infection, man-in-the-middle, to try to gain unauthorized access to critical information and sensitive data.

How You Can Protect Your Site From Web Attack

  1. Keep your system and antivirus updated
  2. Configure the firewall to allow only the specific ports and hosts you need,
  3. Keep your password strong and unique
  4. Make regular backups of your database and FTP
  5. Frequently check all the activity for any suspicious activities
  6. Use Cloudfare to prevent DDOS attacks.

Bhuwan Dahal

Studied BCA(Bachelor In Computer Application), Bhuwan is a self-taught SEO Specialist and Blogger. He has been working for one of the biggest Fintech company in Nepal. Bhuwan believes in consistency and hard work. Also, he is the SEO specialist in 99Aana which is Nepal’s No. 1 property portal. Stay in touch with Bhuwan via social media.

Get more stuff

Subscribe and get interesting stuff and updates to your inbox.

Thank you for subscribing.

Something went wrong.