Security Best Practices

Why One Gets Hacked Even After Using A Firewall?

Have you ever been in a situation where you were using a firewall and still got hacked? There are several reasons why that might have happened, I have listed some of them below:

1. Outdated and vulnerable software components.

If you have been using any outdated or vulnerable software components (CMS, plugins themes, etc), it might be the reason behind the hack. Attackers can exploit the known vulnerability in these to bypass any web application firewall. Firewalls are not programmed to stop a vulnerability attack.

2. You are on shared hosting.

Multiple unprotected sites on the server without proper isolation can result in Cross-Site Infection. It is recommended that you protect each one of those sites. In addition, also modify the file ownership structure, file permissions, etc. so that all sites are isolated.

3. Missing Security Patches.

We see a lot of credit card hacks on Magento sites. One thing most of them have in common is that they have many missing Magento security patches. We recommend you install all the security patches regularly to secure your website better.

4. Improper file/folder permissions.

777 permissions on file & folders are exploitable. A permission of 777 means your files are accessible to the public. A remote user could write to or upload files and then trick the server (or some other process on your system) into reading or executing them.

It’s very difficult to lock down every single way this could happen if there are world-writable directories.

We strongly advise against using 777 as file/folder permissions. The recommended permissions are- 755 for folders & 644 for files. Refer to this guide for more information.

5. Compromised Admin accounts/passwords.

If any of the admin account passwords are known to the hacker, they can easily log in to the backend and perform malicious actions. Ensure no admin account is compromised on your website.

6. Improper implementation of WAF.

The Astra Firewall comes with different features. Most powerful of which is the ability to whitelist parameters/URLs, etc.

If a suspicious URL is whitelisted, the firewall would not be able to monitor any activity from that URL. This vitally means the attacker can upload a malicious file to a page.

7. Restoring from infected backups.

Daily backups are often done on websites for any emergencies at a later time. Sometimes the website owners can restore a previously infected backup and thus have an infected site. Firewalls have no role of protection in this case.

8. Rogue developers/ third party access.

We have seen cases where a site developer went rogue and placed a backdoor in the site. In other situations, someone with physical access to the developer’s system or such important devices can also harm the site. Firewalls can not possibly protect you from this.

9. Security Vulnerabilities

Security vulnerabilities such as business logic errors and others can aid an attacker in hacking a website. While a WAF can stop attacks trying to exploit many of such vulnerabilities, it is still recommended to have a security audit done on your website in addition to the firewall.

10. Weak passwords.

One of the biggest risks is the usage of weak passwords. More often than not web owners overlook the importance to create and use safe passwords. An attacker can easily brute force/guess these and get access to the user or admin’s profile. Refer to this guide to learn more about how to create a strong password.

11. Improper CMS configuration.

Improper configuration of CMS can sometimes result in giving privileged access to unauthorized users. For example, new users in WordPress gets added as Admin instead of a subscriber.

12. Phishing

Phishing is a highly used trick to fish sensitive details. Hackers can use phishing to get privileged users such as admins to enter their passwords in fake pages and thus obtain backend access.

13. Open ports

Having insecure open ports can serve attackers to perform attacks that can bypass web application firewalls.

14. Usage of plugins that are no longer supported.

Using plugins that are no longer supported again poses serious risks. This can result in the exploitation of unpatched vulnerabilities by hackers. For instance, the yuzo related posts plugin, rich review are no longer supported and vulnerable.

Note: The reasons why a website could get infected even if it’s running a firewall include, but are not limited to, the above.

Note: If you are a WordPress user, you can eliminate most of these vulnerabilities using a single plugin- WP Hardening by Astra. WP Hardening is a security audit & fixer tool for WordPress. You can secure 12+ security areas on your WordPress with this plugin.

Was this helpful?