Protecting Against Website Defacement

By: John Halfacre – 22Jan2017

Website defacement refers to unauthorized changes made to the appearance of a webpage or website. In some cases, an entire website may be replaced by unauthorized content, while in others, a third party may inject code that adds irrelevant or inappropriate images, pop-ups, or text that were previously nonexistent. Other forms of website defacement include inserting malicious code which may infect visitors’ computers with viruses. Hackers may commit website defacement for pure enjoyment, or in protest, as seen in the 2015 defacing of the Lenovo website, in protest against the Superfish controversy by a group of “hacktivists” called the Lizard Squad.

Preventing Website Defacement:

Ensuring that all security measures are up-to-date and enabled is the first step to protecting your website from being infiltrated by hackers. Those attempting to deface a website may use completely legitimate connections and a buffer overflow to import malicious code. Regular audits of the security system of a website, as well as penetration tests on a secure website, can help identify weaknesses of a website’s security.
If a website allows for data entry fields, for example an email sign up, where user input is inserted into SQL statements in the website code, a hacker may enter a series of code that leads to a SQL injection attack. Protecting a website against this possibility includes using bound variables with a prepared statement. The parameter values are therefore validated and combined into a compiled statement rather than becoming a SQL string. Another way to protect against SQL injection attacks is to validate input, such as limiting inputs to accepted characters, whitelisting a set of possible attack values, and checking for unusually long inputs.
Attackers may also try to pass scripting code into a web form, in attempt to run unauthorized code on the website. This is called cross site scripting, and it allows hackers to embed scripting code in the webpage, which may cause a change in appearance, stealing session cookies, or forming other cross site scripting on other sites. The way to prevent users from cross site scripting is to properly encode HTML or URL output. The website code should also validate input and web application firewalls should be put into place.

Actions to Take After Website Defacement:

As hacking becomes more common, knowing how to resolve the issue after a defacement is important. Even if the likelihood of defacement is small, backing up website data will allow for easier restoration in the situation that the website is defaced. Instead of searching through the website code and deleting the corrupted sections, replacing the entire code with the original will be less time-consuming. Many Worpdress websites will face this type of attack and you may need WordPress malware removal. Having someone regularly monitoring the website will also ensure that website defacing is identified soon and corrected as soon as possible. If website defacement is acted upon immediately, damage to the company’s brand is minimal. However, if news media have noticed the defacement, sending a public statement or apologizing for any offensive messages may be necessary.