The Most Common Simple Hacks

The Most Common Simple Hacks

There’s something about hacking that is infinitely interesting to geeks, especially those who have either been impacted by a hack or have a slightly unhealthy obsession with Simulacra and Simulation (and The Matrix). Almost unexcitingly, however, a lot of the hacks that dominate the internet aren’t actually too sophisticated. You get some ‘hacks’ like DDOS attacks that are widespread and easy to protect against, but with very basic know-how, hackers can just use Google to find sites that are vulnerable to their chosen attacks and implement them relatively simply.

By knowing about the most common hacks, you’ll be better prepared to spot them and deal with them. Here’s a look at four of the most utilized ones.

DNS Spoof

Some domain name systems have certain vulnerabilities (it’s not worth getting into the intricacies of it here, but we have a DNS dependency that means attacks can be prevalent). Those vulnerabilities can basically be exploited to result in a hacker redirecting traf

The Most Common Simple Hacks

fic from your website to another one… that can look completely identical but just comes loaded with malware. It can be used to leverage the trust of a site’s brand to capture credit card info and other personal data. It’s also very, very hard to detect if you are a site visitor – you have to have faith in the website you are using.

UI Redress

A UI redress is a beautifully simple hack. It involves a hacker creating a spoofed user interface for a website, only for a short amount of time, and then capturing users that click certain elements of that UI, taking them to an unfamiliar website, and loading them up with malware. A UI redress is a kind of phishing in that it involves simply tricking people, but it can cause serious damage to a webmaster if a hacker can simply DNS Spoof you and make a copy of your site. The consequent impact will cause a website’s reputation to absolutely plummet.

Reflected XSS

What is Reflected xss? It’s a name that sounds complicated, but you can compare it to a UI redress. It just works the opposite way – instead of a user clicking a button and getting hacked, the hacker is the user. The hacker basically puts in code into a site (perhaps in a comment section, for example), which makes the most of a vulnerability in a site’s plugins, servers, or web-apps, allowing a piece of JavaScript to make its way into an entry and get executed on the server-end. Once it’s in, it can cause havoc.

SQL Injection

An absolutely classic hacking technique; it’s insane that this still works as it has been around for so long. Some sites have an SQL database (pronounced Sequel, it’s a server database, simply put), which can be deceived with a simple line of code, which can crack open your site and give a hacker access to anything on your database.

Many skilled hackers can work their way backward and exploit other elements of a site after an SQL injection. Worst of all, vulnerabilities are insanely easy to find – there’s even a list called Google Dorks that helps hackers find vulnerable sites. If you’re a webmaster that uses SQL, you need to make sure you have this covered.