If you log into your dashboard, you can see which types of attacks attempted to attack your website that past week. Just filter the dates that you want to analyze, and you can see your total website visits compared to the attempted hack attacks.
In the below example, you can see that the past two weeks, there were a variety of hack attacks attacking this website (Stealth Commanding, Request Header Filtering, Directory Traversal, Invalid URL, etc).
However, what exactly are these web attacks and their risks? Below, you can find the purposes associated to each of the attacks that your website was protected against as well as their implications.
Types of Web Attacks and Their Purposes and Implications
Buffer Overflow - Triggers server overrun by excessive data input beyond its capacity.
SQL Injection - Inserts malicious SQL queries in a website in order to access unauthorized data in a database.
Cross Site Scripting - Redirects visitors to phishing sites or extracts their information by malicious code insertion in a web server.
Stealth Commanding - Involves code execution, which can allow a hacker to take over the server.
Error Handling - Intentionally causes server-side errors in order to investigate server information.
Directory Listing - Attempts to disclose directory structure in a server.
Request Header Filtering - Discloses server information or causes server-side error by sending abnormal request headers.
Directory Traversal – Tries to move to a higher directory through access control vulnerability.
Request Method Filtering - Potentially shuts down the server by sending abnormal request methods.
Extension Filtering - Tries to upload a file with suspicious file extensions.
Invalid URL - Could cause error by requesting an abnormal URI to the server.
Response Header Filtering - Exposes web server data due to attacks focusing on information included in HTTP Response.
Privacy Output Filtering - Extracts sensitive private information from a server.
User Defined Pattern - Malicious attack pattern requests identified by Cloudbric.
Invalid HTTP - Causes an error by sending an abnormal HTTP request form.
Include Injection – External malicious files can be uploaded and executed on the web server.
File Upload - Tries to upload malware onto a server.
IP Filtering – Blocks access from specific IPs, IP ranges, and countries.
Parameter Tampering - Sends parameter values that were not originally requested by the web server or manipulates parameters sent from the web server.
Cookie Poisoning - Modifies cookie settings of web visitors.
Privacy File Filtering - Steals sensitive private information found in private files.
Privacy Input Filtering – Uploads sensitive private information to a web server.
Suspicious Access - Continuously sends abnormal requests.
URL Access Control - Attempts to gain access to certain URIs and files.
Website Defacement - Attempts to deface or vandalize a website.
Input Content Filtering - Sends improper strings/contents to the server.
Unvalidated Redirects - Redirects visitors to other unrequested sites by inserting malicious code in the server.