Root Exploits – The Death of an Unsecured ECommerce Site

Posted by Webmaster - July 25, 2012 - Blog - No Comments

There are a lot of different ways an eCommerce site can get attacked. You could get hit with a DDoS attack. Your users could get mass-emailed phishing messages. They could even try to steal individual user passwords. None are as powerful or as dangerous as a root exploit, however.

A root exploit is when a hacker goes after root access on your server. If they should succeed, they’ll have unlimited power over your server and your business.

They’ll be able to plant backdoors to let themselves into your system again in the future. They’ll be able to alter logs to mask their presence. They’ll be able to download your database at will. They’ll be able to delete your database or alter your site in any way they choose. They’ll literally have free run over your whole system.

Getting hacked in any form in general is bad. But getting “rooted” could literally spell the end of your business.

So what are root exploits? How can you prevent it?

==> Patches and Operating System Bugs

One of the most common types of attacks performed by attackers is to scan for the operating system used by a platform, then try a known attack.

For example, the hacker might scan the internet for a specific version of Apache. If they find it, they’ll try a couple different known exploits for that server version.

If the sysadmin didn’t apply the patch for that known security exploit, the hacker will instantly gain root access to the server.

The way around this kind of attack is simple: always, always, always patch your servers. Your sysadmin needs to be fast and vigilant about patching any new security holes found in the operating system.

There could also be holes found in specific software that could give hackers access. These should be patched quickly as well.

==> Buffer Overflow Attacks

A buffer overflow attack is when a hacker forces data into your memory buffer. They can do this if a piece of software didn’t effectively write their memory allocation code.

The data they force into your memory buffer is actually a piece of code to be executed. When your server accesses that memory buffer, the code will be executed, giving them root access.

The best way to prevent buffer overflow attacks is also to patch everything and upgrade everything the moment a vulnerability is discovered.

For custom code, make sure your engineers are trained in server security and know how to write code in a way that allocates memory without leaving holes for buffer overflows.

==> Executing Scripts on the Server

Executing scripts on the server is most commonly done by adding code to a URL or through form submissions. MySQL injections are common types of script attacks, though other kinds of scripts can also be executed against the server.

Protecting yourself against this kind of attack is best done with verification. Verify every query sent to the server to make sure no unexpected commands are hidden inside.

These are some of the most common types of root exploits. Think of root exploits like the jugular of hacking. Never leave these exposed, as one strike could take your whole business out of commission.