Hacking is a sad reality, but Drupal is doing a very good job of mitigating the risks, by quickly making people aware of them.
As soon as a vulnerability in popular CMS platforms like Drupal is discovered, millions of crawlers operated by hackers (similar to Google bots) start searching for vulnerable websites. Once a victim is identified, their website gets hacked, patched (to prevent “competition” to overtake the same site) and backdoor’ed. Within several days, access to the compromised website will be sold on the black market, more than likely to several different customers at the same time who each may well resell it several more times. Like this, your personal blog may be easily involved in a dozen different criminal offenses such as hosting illicit content, sending spam, and infecting visitors, to name just a few.
Featured Download: Social media access at work. Do your employees know the rules?
Many people simply don’t realise that their website is a very attractive target for hackers. Obviously, hackers don’t aim to hack their particular website, they just need to hack as many as they can: to steal visitors’ traffic and to infect visitors with malware that turns their PCs into bots to perform DDoS attacks or send spam. Any website (even your personal blog!) can be easily sold on the black market – the price mainly depends only on how popular/reputable the website is. So, the more websites hackers have to sell, the bigger the volume discount. However, if you offer to sell tens of thousands of websites at once, you can get enough income even with large discounts. This is just one of the reasons why hackers are looking for websites that are easy and quick to hack into.
By Ilia Kolochenko, CEO, High-Tech Bridge
About High-Tech Bridge
Headquartered in Geneva, Switzerland, High-Tech Bridge provides customers in Europe, the United States, the Middle East and across the globe with information security services such as penetration testing, security auditing, computer crime investigation and web application security testing.
In 2012, analyst firm Frost & Sullivan recognised High-Tech Bridge as one of the market leading service providers in the ethical hacking industry. High-Tech Bridge also received the prestigious Online Trust Alliance Honor Roll award in 2012, 2013 and 2014.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.