Website Defacement

Website defacement is similar to drawing graffiti on a wall, only it happens virtually. Websites’ appearance change - pictures and/or words are scrawled across the defaced website.

Why Websites are Defaced

Attackers may have different motivations when they deface a website. Political motivation is one. Attackers who are against a government or a particular movement can choose to deface related websites to air their views. Attackers who do this are known as "hacktivists". They may change the content of the defaced website with a picture or a message of their choice.

Other attackers may choose to deface a website for fun - to mock site owners by finding website vulnerabilities and exploiting these to deface the website. These attackers "taunt" the site owners. Similar to hacktivits, these attackers deface a website with a picture or a message of their choice.

In both cases, website owners face some damage to their reputation once their sites are defaced.

  • A normal, fully-functioning site

  • Contents of the site suddenly change

  • Cybercriminals change the site’s code via various means. It can be…

  • …through SQL injection

  • or content management system (CMS) compromise

  • Users who visit the site will not be able to access the site

  • Addressing the issue requires: Getting a copy of logs and compromised sites

  • Removing offensive content

  • Patching the website



How are Websites Defaced

The most common methods of website defacements are:

  • Via SQL injections - Attackers exploit a vulnerability to insert malicious SQL statements in a website.
  • Via compromised content management systems - In 2013, attackers compromised numerous websites hosted on publicly available content management systems such as WordPress. The attackers compromised these sites by brute-force attack.
  • By gaining access to web servers - Attackers who obtain credentials to gain access to web servers can manipulate sites/pages hosted on these web servers.


What Can Users Do?

IT administrators and website owners should always be ready to respond to website defacements. To prevent website defacements and other similar attacks:

  • Have a backup of your site ready to help ease reverting your site to its normal state
  • Employ strong passwords and account management policies to prevent unauthorized intrusions
  • Check system and application vulnerabilities on critical servers including web servers
  • Monitor for any unauthorized changes on critical servers such as web server, DNS server, and database servers
  • Monitor for unexpected excessive load/traffic to web server & DNS servers
  • Monitor for new webpage setup or new URL path accessed
  • Monitor for signs of communication with command & control servers from within your network