The Web and The Assailants
Introduction
World Wide Web ("WWW") W3 simply called Web was created in 1989/1990; that is about 28 years ago by a British scientist "Tim Berners-Lee". Since then, there have been many breaches compel to the Web by people called "Hackers". In this post, we will learn about rudimentary of the Web, Web terminology and How they are attacked.
This may be bored to people who do not like the technical aspect of the Web but trust me I'm going to make it simple and fun.
First of all, let's define some terms; Web, Web page, Web server, Web browser, Web host, Domain name, DNS, Database, and Protocol.
Terminology
Web
The web is a global medium used for transporting and exchanging of information through the Internet, it contains a bunch of Web pages written in a Markup language (HTML) identified by Uniform Resource Locators (URLs) that can be accessed by a Web Browser provided there is Internet access. Some people get muddled between the Web and the Internet which are actually different. Internet is the global network of servers that make communication possible worldwide while the Web is a service on the Internet similarly to Email which is a service on the Web. Also, know that the Web makes up the large portion of the internet.
Web Browser
This is what you used to access this page you are reading right now. A Web browser is a mobile and PC Web client/program used to access Websites and navigate through it Web pages.
Web Server
A Web server is a hardware system or software program or both of the working together that uses HTTP (Hypertext Transfer Protocol) to deliver Web pages through Web browser somewhere out on the Internet based on request given, it is used in web hosting.
A computer running this program is also referred to as a server.
A web server is a physical or virtual server in which web server role is installed. For example, IIS, Apache, LiteSpeed etc. are web servers. source
Web Host
A web host is a server or cluster of a server that rents/sell out it resources for individuals, organizations to upload their web files and make it accessible through the web. The web hosting services provide maintenance to the server, site files make it available and accessible every time, it is also referred to as web host server as they use a Web server to host websites.
Domain Name
Domain name is a distinctive name used to identify a website. Domain name is alphabetical form of an IP address. For https://steemit.com steemit is the domain name while https:// is the protocol and .com is the top-level domain which implies commercial.
When you want to tell your friend about a site (for example: steemit.com) surely you will tell them the name of the site, that name (steemit) is the domain name. In the real world, your name is your domain name because it's your identifier
Domain Name Server
DNS (Domain Name Server) is the key to allowing us to use friendly names when surfing the web instead of needing to remember IP Addresses. The basic job of DNS is to convert alphabetical domain name (steemit.com) to IP address (54.175.52.219).
It would be difficult to remember IP address as an identifier to different sites so, DNS was invented and it converts the address we typed into the URL of our browser to IP address and then locate the actual server, you only connect through a website name server conjointly referred to as a DNS
Database
A database is an application that stores a collection of Data in rows and columns. The database offers various APIs for creating, accessing and managing the data it holds. And database(DB) servers can be integrated with our web development so that we can pick up/manipulate the things we want from the database without many difficulties.
Some of the Database are DB servers, MySQLi(Open source), MSSQL, MS-ACCESS, Oracle, Postgre SQL(open source), SQLite.
Protocol
A protocol is the set of standard rules that must be accomplished to perform a particular task/operation or in concise it is ruled that govern how devices in the network communicate. A protocol has port for each set of the protocol, some of the protocols are IP (Internet Protocol uses a set of rules for devices to communicate at the internet address level it works with TCP i.e TCP/IP), HTTP (Hypertext Transfer Protocol uses set of rules for server to deliver a web page Port:80), FTP (File Transfer Protocol Port uses a set of rules to send files to different network Port:21), TCP (Transmission control protocol uses a set of rules to exchange messages over a network Port:1).
Vulnerability
[Image Source: pixabay. Public domain licensed]No website is 99% secure as no machine is 100% efficiency. When it comes to the internet, security is a myth, the developers only try to increase the level of security. Here are some of the Vulnerabilities used to attack the web; XSS, MySQLi, DNN, Google Dork.
The best website to find zero-day exploits is exploit-db.
Mostly, vulnerability is caused by the developers by having an error in their codes.
XSS
Cross Site Scripting (XSS) is a vulnerability used to exploit website when there is an error in the Javascript. XSS allows an attacker to inject malicious script into web pages viewed by other users.
Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.[1] Bug bounty company HackerOne in 2017 reported that XSS is still a major threat vector. source
SQL Injection
SQL injection is the common and famous method of attacking websites. SQLi allows an attacker to input malicious SQL queries through the URL or SQLi software which could get private details such as admin username, password, credit card information et cetera from the Database.
Google Dork
Google dorks are queries input into the Search engine search box which could fetch out private details. Google dorks are widely used to fetch out websites that are vulnerable.
Example of Google dork queries are "site:site name", "filetype:pdf", "index of *" etc
Web Deception
[Image Source: pixabay. Public domain licensed]The most common method used to hoax people are Phishing and Spamming.
Phishing
I guess you already know or have heard of phishing on Steemit. Phishing is the most method used for stealing Steemians username and password. Phishing is the act of cloning the original website and use fake domain related to it.
Beware of websites you access that ask for personal credentials like login details, credit card. Check the domain name thoroughly before you input your username, password and other details
Spamming
Do you receive fake messages that look like an official message? If yes, that's spamming. Spamming is the act of sending fake messages to random emails with the aim to trick the users and get their private data.
Web Tools
[Image Source: pixabay. Public domain licensed]Some of the tools used for attacking/inspecting the Web are Havij, Acunetix;
Acunetix
Acunetix Vulnerability Scanner is a Software that scans, analyzes and displays websites vulnerabilities.
Acunetix Vulnerability Scanner ensures web application security by securing your website and web applications against hacker attacks. source
Havij
Havij is a software for Windows users that check websites if it is vulnerable to SQLi or not.
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. source
Conclusion
The web is a bunch of Web pages hosted on Web host services provided by companies. Web host uses a web server to make the website accessible via a Web browser. Web pages may contain media files like images, audio, video. Hyperlinks give access to navigate between different web pages. Multiple web pages with the similar domain name on the same host make up a Website. Websites that are vulnerable are likely to be attacked by hackers using different exploits.
Thanks for reading my blog. More post coming on Web watch out!
REFERENCES
- World wide web - wikipedia
- Web server and host difference - quora
- DNS and NS difference - quora
- Port numbers - webopedia
- Protocol - ecomputernotes
- Protocol - quora
- XSS - wikipedia
- Acunetix - acunetix
- Havij - darknet
Nice work! I'm a non-tech person, and this was easy to follow.
@horpey the simplicity of website creation really interesting me, I will love to follow closely and derived some salient fact on creation of website some day I will create one website via your article. I bookmark this.
Thanks man
Well detailed and simplified information. I love the way you made it easy for layman to understand
Congratulations @horpey! You have completed the following achievement on Steemit and have been rewarded with new badge(s) :
Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word
STOPTo support your work, I also upvoted your post!
STOP
This is a very detailed and expository piece. And I absolutely agree with you that no platform is absolutely secure - the only thing we need to do is to take the necessary precaution to minimize cyber attacks.
Nice one
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by horpey from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
Be sure to leave at least 50SP undelegated on your account.
Hi @horpey!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 4.148 which ranks you at #2883 across all Steem accounts.
Your rank has dropped 36 places in the last three days (old rank 2847).
In our last Algorithmic Curation Round, consisting of 450 contributions, your post is ranked at #90.
Evaluation of your UA score:
Feel free to join our @steem-ua Discord server