Blog

2 common website attacks: DOS and SQL Injection

2 common website attacks: DOS and SQL Injection

     Hackers have many ways of attacking your website, and it’s important to stay up to date on the most common attacks so you can do what you can to prevent them from occurring. Malicious individuals can attack your data via your computer or they can infect an entire network. Two of the most common website attacks are Denial of Service (DoS) attacks and SQL Injection attacks.

DOS attacks

     The goal of a DOS attack is for one computer to send so much data to your website server that your network is overwhelmed and shuts down. As a result of being flooded with useless information, your website appears to be down, and legitimate users can no longer access the site.

     On a small scale, these “denial of service” attacks are called DoS attacks; DoS describes attacks where only one computer is trying to flood your website. On a larger scale, it’s called a DDoS (Distributed Denial of Service) attack. With a DDoS attack, a botnet — a whole network of hijacked/infected computers — will flood the target site. (Interesting fact — The DDoS technique was first used by the hacker “MafiaBoy” who used this hack to shut down yahoo.com for about one hour just to show his friend he was capable of doing so. He was only 15 years old at the time!) Because of the brute strength of a DDOS attack, they are much harder for a server to withstand when compared to a regular DOS attack.

SQL Injection attacks

     An SQL Injection attack occurs when a hacker enters malicious code onto someone’s site. On a badly written website (or a WordPress site that isn’t frequently updated!) someone can push malicious code to the site through a web form. For example, instead of writing his name in the “Enter your name” field, the hacker could write something like “Robert’; DROP TABLE Users;” This is the equivalent of saying, “My name is Robert and I command you to delete all registered users on this site!”

Preventing website attacks

     When it comes to DOS attacks, they are, unfortunately, quite difficult to prevent if your adversary is determined to attack your site. SQL Injections, however, are fairly simple to prevent using a technique called sanitizing (or escaping) your inputs. Also be sure to install regular security updates if you’re using WordPress. Check out this article on how to prevent SQL Injection attacks.

     If you’re interested in learning about other technical topics simplified for new webmasters, find more of these on our blog.