Here's how to protect your website from hackers – create a Zip file 'bomb'
Want to beat web vulnerability scanners? Here's a simple file you can add to make them crash.
Hackers keep getting smarter, and it's commonplace for companies and organisations to have their websites taken offline or hacked into to steal sensitive customer financial information.
But what if there was a way for you to stop them? Of course, the best way to do this is to make sure that your website and servers are constantly updated with the latest software patches as soon as new security vulnerabilities are discovered.
However, there's always a chance you might miss one, or that attackers might figure out security vulnerabilities the good guys haven't yet discovered and use them to their advantage.
Independent security researcher Christian Haschek has come up with an idea to stop hackers in their tracks, especially if your website is built on WordPress – which has a huge number of security flaws.
Hackers commonly use web vulnerability scanners to discover vulnerable websites. These scanners are programmed to poke away at websites, going through a list of popular known security vulnerabilities, until it finds one that the website's owners haven't patched against.
But what if you could attack the scanners, instead of letting them poke around your website looking for a way in?
Haschek, who is based in Vienna, has figured out that if you create a gigantic .gzip file, and you implement a PHP script he has written, then every time a vulnerability scanner starts in on your website, you can "bomb" it by causing the scanner to freeze up.
You can download a 42KB file that someone else has made here, but don't open it, or your PC hard drives will run out of space, since once extracted, the true file size is actually 4.5 petabytes (4.5 million GB).
Haschek tested the script and found that it had the ability to cause Google Chrome, Edge, Internet Explorer 11, Nikto and SQLMap to crash, which seems a fitting retribution to hackers.
Give it a go, and let IBT Technology know how you get on defending your servers and websites.
© Copyright IBTimes 2024. All rights reserved.