A Contribution to Detect and Prevent a Website Defacement

Abstract

One of the most common hackers attacks on organizations public communication infrastructure is website defacement. This attack consists of modifying the appearance of a website by affixing a signature or a particular message or making the website inactive. The goals of web defacement are diverse and range from simply recognizing the technical prowess of the hacker to claims messages posted on the victim's website by minority groups, referred to as hacktivism. The main consequence of this attack is the loss of credibility of the hacked organization. This can, in some cases, lead to indirect economic losses because of the distorted web content conveyed by the hacked organization. Since websites carry a very large amount of information, it is very important to protect them from this form of attack. In most cases, the defense against web defacement relies on monitoring websites and restoring the system after the incident occurred. The time between the execution of the attack and the system's restoration time is highly dependent on the performance of the website's monitoring tool and the response capacity of the technical teams. Most of website defacement defense tools available on the market are generally based on the verification of the integrity of the data and the notification of the administrators when signatures change. This technique is more or less effective for static websites subjected to weak modification cycles. For dynamic websites, interfaced with databases or syndicated, where the changes are relatively short and random, it becomes almost impossible to use techniques based solely on signature verification and data integrity to know if a website was attacked. This work proposes a model that combines several techniques (data integrity analysis, changes of the value of an artifice and the adoption of high availability architecture) to be used to develop a tool against this type of attacks.