Here are 8 most common types of security attacks. A permanent removal of malware means understanding the type of attack that happened, how it happened and blocking that door permanently. In the security lingo this is called root cause analysis and fixing the vulnerability.
- Cross-site scripting: Simply called script injection, rogue scripts are injected into the webpage for nasty purposes. This could redirect your site to some external URL or download malware to user’s machine etc.
- SQL injection: This means injecting SQL commands into a script to execute them on the database. Depending on the command, this could purge the database or send the entire data to an unauthorised party etc.
- Path disclosure: The path disclosure vulnerability is basically information leak about the physical path to the website on your web-hosting server. A hacker could use this information to aggravate the attack.
- Denial-of-Service attack: Also called DoS attack in short, a DoS attacks tries to create fake traffic to overload your website, so much so that it becomes unavailable due to system hog. An extension to DoS is the DDoS attack with stands for Distributed Denial of Service. This one originates from multiple IP addresses.
- Arbitrary code execution: Remember the
evalfunction? This function evaluates and executes a given piece of code during run-time. This means if you pass it any arbitrary code during run-time, it will execute it. And if somehow the code is malicious, it can be used for nefarious purposes.
- Cross-site request forgery: Remember eCommerce sites asking you not to click on links sent via emails? An attacker could send you a clickable link which executes an action like transfer of money or any other malicious action from your own account.
- Data breach (information disclosure): Data breach or leak can occur due to several reasons. In very simple terms data breach is the leak of data that was intended to be confidential to begin with. For eg. a misconfigured PHP install could output bare credentials if it fails to process the PHP script and instead outputs it as text.
- File inclusion: File inclusion can be arbitrary, local or remote. If a rogue file is allowed to be included in the application, it can execute malicious code.
Malware attacks are not just limited to the above. However they all eventually result in malicious code being executed for nefarious purposes. All this can be avoided by server-hardening and proactively monitoring the web-application.