A web server is a program that uses HTTP protocol to serve the files from the websites to users, in response to their requests, which are forwarded by their computers’ HTTP clients. Dedicated computers and appliances may be referred to as web servers as well. It’s mean web servers control large number of information. If a person get into a web server, he can do whatever he wants to the information and websites that are served by that web server. Here I will tell you few major web server attack types. So you can configure your web server correctly and save yourself from these sort of attacks.
Web Server Attack Types
Directory traversal attacks– This type of attacks exploits bugs in the web server to gain unauthorized access to files and folders that are not in the public domain. Once the attacker has gained access, they can download sensitive information, execute commands on the server or install malicious software.
- Denial of Service Attacks– With the help of this attack type, the web server may become unreachable, timed out, crash or become unavailable to the legitimate users. This is commonly used to bring down the servers for specific tasks.
- Domain Name System Hijacking – In this attack, attacker changes the DNS settings to redirect to his own web server.
- Sniffing– Data sent over the network without encryption may be intercepted and used to gain unauthorized access to the web server.
- Phishing– This is a attack that clones a real website to a fake website. Users are unaware whether they are on the real website or not, can be tricked to steal their sensitive information like logins, bank details or any other confidential information.
- Pharming– In this attack, attacker compromises the Domain Name System (DNS) or on the user computer so that traffic is directed to a malicious site.
- Defacement– With this type of attack, the attacker replaces the organization’s website with his own page. Whatever he want to replace on the website, he can do it in this attack.
There may be several other web server attack types, but these are the most used attacks against web servers.