Booqashada mareegaha xaasidnimada leh waxay noqon kartaa mid ka mid ah waxyaabaha ugu xun ee ku dhici kara dadka wax ka baadhaya internetka^(Internet) , gaar ahaan kuwa xiisaynaya wax iibsiga online-ka ah. Maamulayaasha shabakadaha waxay u baahan yihiin inay ogaadaan hanjabaadaha iyo shabakadaha, iyo awoodahooda ba'an - luminta macaamiishu waa kan ugu horreeya. Haddii aad maamusho degel ama blog, waxaad u baahan tahay inaad wax ka ogaato hanjabaadaha mareegaha suurtagalka ah. Maqaalkani waxa uu ka hadlayaa hanjabaadaha iyo natiijooyinkooda, hababka qaar ee ay isticmaalaan hackers-ku si ay u waxyeeleeyaan mareegahaaga, ka dibna ka wada hadlaan siyaabaha loo ilaaliyo boggaga internetka.

^(Website) Hanjabaadaha ^(Threats)Mareegta^(Effects) iyo Saamayntooda^(Their) ama Awoodahooda

Waa ganacsi faa'iido leh in tuugadu ay xadaan xogta dadka oo ay u adeegsadaan dano gaar ah. Faa'iidooyinka waxay noqon karaan lacag ama aan la taaban karin. Iyadoo jabsiga, phishingka, iyo injineernimada bulshadu ay yihiin habab caadi ah, jabsadayaashu waxay sidoo kale isticmaalaan mareegaha dadka kale si ay u dhibaateeyaan kombuyuutarrada isticmaalaha oo ay u helaan xogtooda. Sawirka soo socdaa wuxuu ku siinayaa fikrad khataraha shabakadaha.

Waa, sidaa darteed, shaqada mareegaha in uu hubiyo in mareegaha ama keeda uu ka xor yahay kood kasta oo xaasidnimo ah iyo nuglaanta. Taasi maaha shaqo sahlan iyadoo la tixgelinayo in laga yaabo inay jiraan kumannaan bogag iyo hackers-ku si xushmad leh u geliyaa koodka boggaga qaarkood. Mar haddii ay tahay arrin sumcaddaada ku jirta, waa inaad samaysaa. Nasiib wanaag, waxaa jira qalabyo la heli karo oo iskaan kara mareegahaaga maalin kasta si ay kuugu soo bandhigaan warbixinta koodka faafa iyo dhibcooyinka nuglaanta (sida shaashadaha soo gelida, foomamka, iwm.).

Intaa waxaa dheer, daalacashada iyo biraawsarka plugins ayaa diyaar ah kuwaas oo kicinaya alaarmiga marka aad ku dhowdahay inaad booqato degel cudur leh. In kasta oo laga yaabo inaad hore u booqatay goobtaas, iyo in kasta oo ay kugu adkaan karto inaad rumaysato in goobta aad ku kalsoon tahay uu cudurku qaaday, haddana runtii waa xaasidnimo iyadoon maamulaha mareegaha aanu ogayn - sababtoo ah saacad ka hor, qaar ka mid ah hackers ayaa ku daray koodka goobta.

Isagoo ka hadlaya xaaladaha ugu xun - ama awoodaha hanjabaadaha mareegaha - waxaa jira laba dhinac oo waaweyn oo burbur ah:

1. Maamulayaasha shabakadaha waxa laga yaabaa inay lumiyaan saldhigga macaamiisha maadaama booqdeyaasha browserka uu kiciyo qaylo-dhaan marka ay isku dayaan inay booqdaan goobtooda; Google iwm. Matoorada raadinta ayaa laga yaabaa inay liiska madow ku qoraan website-ka haddii ay helaan nooc kasta oo kood xaasidnimo ah marka ay gurguuranayaan mareegaha.
2. Dhinaca isticmaalaha, kombayutarka isticmaalaha, sidaas awgeed xogtiisa/keeda waa la jabiyay oo waxay keeni kartaa xatooyo aqoonsiga.

Noocyada Caadiga ah ee Hanjabaadaha Mareegta

Midda ugu badan oo la dareemo waa guji-jacking^{(clickjacking)} . Habkan, lakab hufan oo kood xaasidnimo ah ayaa ku fadhiya badhan ama muuqaal. Markaad gujiso badhanka, waxay soo dejisanaysaa koodhka kombiyuutarkaaga. Waxaa laga yaabaa inaad ku aragtay habab la mid ah xayaysiisyada shabakadaha C-grade , oo inta badan la xidhiidha budhcad-badeednimada iyo macluumaadka dadka waaweyn, iwm.

Nuglaanta dib^{(Website redirection)} u jahaynta mareegaha waxa ay u sahlaysaa haakarisku in ay u adeegsadaan jihaynta faa'iidooyinkooda. Waxay joojin karaan xogta la isweydaarsanayo ama waxay isticmaali karaan jihaynta si ay isticmaalayaasha ugu jiheeyaan goobta phishingka.

Noocyada kale ee mareegaha, hanjabaadaha waxaa ka mid ah weerarrada la bartilmaameedsado iyadoo la isticmaalayo qalabyo ka faa'iidaysi diyaarsan^{(readymade exploit kits)} oo si fudud looga heli karo internetka^(Internet) . Xirmooyinkan ayaa awood u siinaya tuugta inay beegsadaan (noocyada) mareegaha qaarkood oo ay ku daraan xiriiro xaasidnimo leh. Hab kale ayaa ah in loo diro iimaylo bogga internetka oo leh xiriiro xaasidnimo leh oo ka gudba maamulaha mareegaha aan shaki lahayn si uu uga dhigo degel xaasidnimo ah.

Weeraradii ugu dambeeyay ee lagu qaaday mareegaha caanka ah ayaa tilmaamaya in xitaa mareegaha ugu weyn ay yihiin kuwo nugul. Dadka mar luminaya aqoonsigooda uma badna inay mar kale ku soo laabtaan goobta.

Bal qiyaas^(Imagine) meheraddaada ama shabakada e-ganacsigaaga oo lagu daray liiska madow oo aad ku hadhayso mugdi muddo toddobaadyo ah ilaa matoorada raadinta ay mar kale cadeeyaan. Iyadoo habka lagu helo bogga internetka ee laga saaro liiska madow uu yahay mid adag, ganacsigaagu ma sii noolaan karaa haddii uusan ku jirin aragtida dadweynaha toddobaadyo?

Akhri^(Read) : Sida looga saaro Coinhive crypto-mining script mareegahaaga.

Sida loo ilaaliyo ammaanka mareegaha

• Software-ka casriga ah^{(Up-to-date software)} : Ka dhig software-ka server-kaaga mareegaha in si buuxda loo cusboonaysiiyay oo la dhajiyay
• Shahaadooyinka SSL:^{(SSL Certificates:)} Shirkadaha bixiya shahaadooyinka badbaadada waxay hubiyaan mareegahaaga ka hor intaysan soo saarin shahaadada kalsoonida. Qaybta cagaarka ah ee ku taal barta ciwaanka ee ku xigta "https" waxay siisaa xoogaa dammaanad ah isticmaalayaasha mareegaha.
• Sireed:^{(Encryption:)} U isticmaal xiriir sugan wax kasta oo isticmaalayaashu ku sameeyaan mareegahaaga, gaar ahaan haddii ay ku lug leeyihiin wax kala iibsiga.
• U cusboonaysiinta EV SSL: ^{(Upgrade to EV SSL: )} Tani ku samee qayb kasta oo ka mid ah mareegaha halkaas oo macmiilku ka geli karo xogta
• Sawirka Malware-ka Maalinlaha ah:^{(Daily Malware Scan:)} Waxaad isticmaali kartaa alaabada ka baadha boggaaga mareegaha malware-ka adigoon yareynin waqtigooda culeyska. Sidan, waxaad ka saari kartaa koodhka xaasidnimada leh - haddii ay dhacdo - ka hor intaan isticmaalayaasha la taaban.
• Qiimaynta Toddobaadlaha ee Nuglaanta: ^{(Weekly Assessment of Vulnerabilities:)} Hubi^(Check) meelaha suurtagalka ah ee dayacanka oo ka hirgeli ammaan dheeraad ah halkaas.

Kuwa kore waa dhowr tibaaxood oo lagu sugi karo mareegahaaga. Waxay si kooban u sharraxaysaa hanjabaadaha loo geysto mareegaha iyo awoodahooda.

Hadda akhri^{(Now read)} : Sida loo sugo bogga WordPress^{(How to secure a WordPress site)} .

Maanta dambe, waxaan akhrin doonaa wax ku saabsan Drive-by soodejin^{(Drive-by downloads)}  iyo maalmo gudahood sida loo ilaaliyo degelka WordPress .

How to keep websites secure: Threats and Dealing with Vulnerabilities

Visiting a maliciouѕ website can be one of the worst thingѕ that can haрpen to people browsing the Internet, especially the ones interested in shopping online. Webmasters need to know threatѕ for and of websites, and their devastating capabіlities – losing consumer bаse being thе first. If you run a website or blog, you need to know about thе possible webѕite threats. This article talks of the threats and theіr outcomes, some mеthods used by hackеrs to malign your website, and thеn discuss ways on how to keep websites sеcure.

Website Threats and Their Effects or Capabilities

It is a profitable business for hackers to steal people’s data and use it for personal gains. The gains can be monetary or abstract. While hacking, phishing, and social engineering are common methods, hackers also use other people’s websites to compromise users’ computers and access their data. The following image gives you an idea of website threats.

It is, therefore, a webmaster’s job to make sure his or her website is free of any malicious code and vulnerability. That is not an easy job considering that there might be thousands of pages and the hacker selectively inserts the code on some pages. Since it is a matter of your reputation, you have to do it. Fortunately, there are some tools available that can scan your websites daily to present you with a report of infectious code and vulnerability points (like login screens, forms, etc.).

In addition, browsers and browser plugins are available that trigger an alarm when you are about to visit a malicious, infected website. Though you might have visited that site before, and though it might be hard for you to believe that a site you trust is infected, it may really be malicious without the webmaster knowing it – because an hour earlier, some hacker added some code to the site.

Speaking of worst-case scenarios – or capabilities of website threats – there are two major sides of damage:

1. Webmasters may lose their consumer base as visitors’ browser triggers an alarm when they attempt to visit their site; Google etc. search engines may blacklist the website if they find any type of malicious code while crawling the website.
2. On the user side, the user’s computer and hence his/her data is compromised and can result in identity theft.

Common Types of Website Threats

The most common and noticed is clickjacking. In this method, a transparent layer of malicious code sits on a button or video. When you click on the button, it downloads the code to your computer. You might have seen similar methods for advertising on C-grade websites, mostly related to piracy and adult content, etc.

Website redirection vulnerabilities enable hackers to use the redirections for their gains. They can either intercept data being exchanged or use the redirection to redirect users to a phishing site.

Among other types of websites, threats are targeted attacks using readymade exploit kits available easily on the Internet. These kits enable the hackers to target certain (types of) websites and add malicious links to them. Another method is to send emails to the website with malicious links that bypass the unsuspecting webmaster to make it a malicious website.

The recent attacks on popular websites indicate that even the biggest websites are vulnerable. People who once lose their credentials are not likely to return to the site again.

Imagine your business or e-commerce website getting blacklisted and you are left in dark for weeks until the search engines whitelist them again. While the process to get a website removed from blacklists is tough, can your business survive if it is not on the public view for weeks?

Read: How to remove Coinhive crypto-mining script from your website.

How to keep websites secure

• Up-to-date software: Keep your website server software fully updated and patched
• SSL Certificates: The companies offering safety certificates check your website before issuing the certificate of trust. The green part on the address bar next to “https” provides some assurance to the users of the website.
• Encryption: Use a secure connection for anything users do on your website, especially if involved in transactions.
• Upgrade to EV SSL: Do this in any part of the website where the customer may enter data
• Daily Malware Scan: You can use products that scans your website pages for malware without reducing their load time. This way, you can remove the malicious code – in case it is there – before users are affected.
• Weekly Assessment of Vulnerabilities: Check for possible points of vulnerabilities and implement additional security there.

The above are just a few tips for securing your website. It explains threats to websites and their capabilities in brief.

Now read: How to secure a WordPress site.

Later today, we will read about Drive-by downloads and in a few days about how to keep a WordPress website secure.

Related posts

• Tijaabi Badbaadada Browser si aad u hubiso in Browserkaaga uu sugan yahay

• Sida loo isticmaalo oo loogu daro Xisaabaadka Shaqada/Dugsiga ee Microsoft Authenticator app

• Sida loo joojiyo fasalada kaydinta la saari karo iyo gelida gudaha Windows 10

• Tirtir faylalka si joogto ah adigoo isticmaalaya barnaamijka File Shredder ee bilaashka ah ee Windows

• Tiny Security Suite wuxuu kaa caawinayaa inaad sir, jar jarto, oo aad ilaaliso faylasha ku jira PC gaaga

• Emsisoft Browser Security wuxuu xannibaa malware-ka iyo weerarrada phishingka

• Ka xaddid gelitaanka USB-ga Windows 10 kumbiyuutarka Ratool

• Sida loogu daro Faylka ama Nidaamka Ka Saarida Amniga Windows

• Quful calaamadaha miiska ama erayga sirta ah ayaa ilaaliya abka gudaha Windows - DeskLock

• Windows 10 waxay joojisaa taageerada RemoteFX vGPU; Dib ma u soo celin kartaa?

• Fasaxyada Nabadgelyada Internetka ee Fasaxa - Sida loo ilaaliyo ammaan marka aad fasaxayso

• Windows Security waxay leedahay Aan Bixiyeyaal Ammaan ku jirin Windows 11/10

• Hubinta Ammaanka Khibradda Daalacanka: Sidee buu ammaan u yahay browserkaagu?

• Ammaanka Internetka ee TACHYON waa beddelka habboon ee aaladaha kale ee bilaashka ah

• Sida loo qariyo ama loo tuso astaanta Amniga Windows ee Taskbar ee Windows 10

• Sida loo habeeyo Macluumaadka Xiriirka Taageerada gudaha Amniga Windows

• Jawaabta Dhacdada Lagu Sharaxay: Marxalado iyo Isha Furan software

• Ku ilaali Diiwaanka Bootka Master-ka ee kombuyuutarkaaga sifeeyaha MBR

• Sidee looga fogaan karaa in lagu daawado Kombayutarkaada?

• U beddelo PDF-yada khatarta ah, dukumeentiyada iyo sawirrada faylal ammaan ah