The 'contact' section on the website is an open door for hackers
According to security consulting firm SecureTest (UK), the "contact us" feature, which helps outsiders send information to web site operators, is unsafe and makes it easy for hackers to attack denial of service (DDoS) on the computer. mail manager.
The severity of these attacks is not the same because it depends on where the company is hosting the server. If they hire a host at another service provider, the risk is lower than self-hosting.
Contact form on QuanTriMang
In the case of a company setting the server itself for its website, the server is usually located in the DMZ (configuring a firewall for the LAN) between the internal and external firewalls. The "contact" form merely creates an e-mail on demand and sends its content to the internal server to forward it to an address on the LAN.
Often, mail filtering systems treat the web server as an internal mail management client. If the attack is intentional, the hacker will send a large amount of e-mail containing malicious code, causing the server to be paralyzed. Writing code to change the content of messages or attacking computer networks linked from fake IP addresses makes the situation more serious. If the site also set an auto-reply mode (for both correct and incorrect addresses - usually a hacker address), the server will easily be "flooded" in the e-mail to report the results (do not send OK).
Ken Munro, Director of SecureTest, said many organizations are not interested in this vulnerability. There are many ways to fend off the type of DDoS attack through the "contact" section, such as asking the sender to enter a few words from a certain image that the computer cannot read (the same way Yahoo requires when users create mailboxes). ).
- Is it possible to open the plane when flying?
- Key points of the car door lock system
- This is what really happens if you want to open the airplane door while in the middle of the sky
- VDC's website is hacked by hackers?
- Nhacso.net website is attacked by hackers
- Website of ASUStek circuit board firm is attacked by hackers
- The website of the Facebook boss is hacked
- Hackers 'hack' tickets to Macworld Conference
- Why do hackers like to wear hooded shirts, sitting in the dark?
- Why should you keep the cage washer door open?
- The reason for not being able to open the airplane door in mid-air
- Google is open to open source