Pin It

Web Server Hacking Techniques

Lots of people know use, configure and manage their webservers but only few of them really know how to protect their web server from getting hacked i.e making it hack proof. Today lots of websites are hosted on a dedicated web servers so it's extremely important to make your web server hack proof in order to prevent any theft and data loss, Before I mention techniques used by hackers to compromise a web server and how you can protect your web server you should know what a web server is and how it works.
What is a webserver?

Basically a webserver is a single computer or more used to host websites, For a website to be available to every one (connected to internet) 24/7 it needs to be hosted on a webserver

How webservers work?

Webservers work in a simple manner, When ever you are using browser to surf any page your browser will request that particular page from the webserver and the server sends back the requested page.


The above picture illustrates how a webserver works.

How Are Webservers Compromised Or hacked?

There are multiple reasons why a webserver gets compromised or hacked, one of the major reason is installing the webserver with default and lack of updates and weak passwords. Once the server is compromised the hacker can use it to do malicious things online. For Example Hacked webservers can be used to as zombies to for performing a more powerful DDOS attack

Webserver Hacking Techniques

Below mentioned are some of the techniques which can be used by malicious hackers to compromise a webserver.

Orthodox Password Cracking Techniques

1. A hacker can use variety of password Cracking Techniques such as Brute force, Dictionary attacks and rainbow tables to crack weak administrator account passwords, However these attacks create huge logs of presence, so therefore smarter hackers either use a proxy or any other iP hiding method or they use already compromised systems to perform the attack.

2. Man In The Middle Attack

A hacker can also perform a man in the middle attack also known as ARP poisoning to steal credentials of administrator account.

3.  Keyloggers And Trojans

If A hacker can manage to install a trojan or a keylogger on administrator's computer then, the malicious hacker can easily capture the credentials

4. DNS Cache Poisoning Attack

If a hacker can manage to insert fake address records for a domain name into DNS server and can make the webserver accept the fake address record then the hacker or intruder can easily control your browser, This attack is extremely dangerous as it happens without the users knowledge, The topic is quite big and is not possible to explain it here, depending upon readers response I might make a seprate tutorial on this attack

There are many other techniques used by hackers such as Ftp server intrusion, social engineering, exploiting web application bugs which are probably to be explained in the upcoming posts at rha.

Hope you have enjoyed reading the post and have probably got some idea how hackers can attack your web server, In the next post I will continue the series and will introduce some methods you can use to protect your webserver from getting compromised.

Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .

At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.

Subscribe to RHA

Enjoyed this article?
Subscribe to "Rafay Hacking Articles" and get daily updates in your inbox for free!


Kindly Bookmark it and Share it with Friends:


Ezikeo Mathews said...

Rafay awesome post, I am eagerly waiting for the next part..

Anonymous said...

Nice article rafay...

Aneesh M. Makker on February 10, 2011 at 9:55 AM said...

needless to say, nice article rafay. keep it up :)

DEVIL'S BLOG on February 10, 2011 at 11:10 PM said...

There's no doubt whenever you write, there's a block buster. Awesome post.

Samar Dhwoj Acharya on February 17, 2011 at 6:51 PM said...

You should have described the web application bugs as SQL injection is probably one of the most used technique for the defacement. But still good post.

Rafay Baloch on February 18, 2011 at 5:10 AM said...

Yes you are right, I thought to write on it but the article would have gotten more bigger as it is a lengthy topic to cover.

1-Tiiik on February 19, 2011 at 2:41 PM said...

hEy bro i wonder if you can do a counter strike 1.6 servers hack to get the password of a server you know
or a steam hack
i will be really glade if you do so

Microsoft on February 21, 2011 at 9:43 PM said...

Hi Rafay your hacking system is too much nice and all of your articles mostly I read when I am free.
I need your mail id: I have one topic that you will done. We will discuss it by mail. thanks. my name is sidhdharth vora. and my mail id is

riomah said...

how to start a hacker

chets on February 23, 2011 at 10:26 AM said...

great yar....rafay...go head and write more interesting artical with examples.....thx buddy

Geek on March 26, 2011 at 3:41 AM said...

A brute force attack can help in breaking a strong password also but it takes too much time.

Anonymous said...

A awesome Post

Saheb on July 8, 2011 at 9:21 AM said...

Kindly get a tut on DNS cache poisoning attack ..

dileep on July 12, 2011 at 9:17 PM said...

Kindly get a tut on DNS cache poisoning attack ..

kayus said...

Please i am a new hacker recomend books for me toyou use.

Dare to ask? :)

Blog Archive


Recent Comments


Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.