What is a website abuse by a malicious traffic?

What is a network traffic?

In reference to a website being hosted by a server, the web traffic is defined as a flow of data requests and exchange between the server that hosts a website and the the remote computers that request the data from the server.

Network traffic volume can be defined as the amount of data moving through a computer network at any given time. For efficiency of the data transmission, the data stream is broken down into data packets and transmitted over a network before being reassembled by the receiving device or computer.

When a volume of network traffic is intentionally increased to exceed capacity of the hosted website, it is considered a website abuse by an artificially created malicious traffic.

Website abuse

Website abuse is a continuous and/or recurring data requests that are intentionally initiated to cause harm. This type of activity can comprise of the following malicious activities

  • Botnets . The attackers use botnets to overwhelm the website hosting environment. A botnet is a group of computers infected by a malicious software that is controlled remotely. An attacker provides commands to the infected machines to send dummy requests to a server hosting a website.For example, each remotely controlled infected computer can only send 1 request per minute to a website. However, when thousands of hijacked computers are doing exactly the same within a minute, they can deplete resources of even the most robust website hosting environments.Blocking such activity is extremely difficult because of the amount of different computer IPs involved that do not have a specific IP range, nor they come from the same network.Bot networks are typically used to send spam and launch DDoS (Distributed Denial of Service)  attacks, and are usually rented out to other cyber-criminals. It is a criminal offense to install malware on a computer belonging to others without their permission.
  • Server Malware. I certain scenarios, a server can be infected by a malware that can cause harm to website functions. In the example of CMS systems such as WordPress, a plugin malware can
    • Inject malicious content into a website content to cause harm to a computer that accesses a website
    • Redirect connecting website visitor browsers to websites that force the visitors to download malicious software
    • Corrupt the output data in a way to crash the browsers of connecting machines
    • Inject a code into website that will cause an entire domain name to be blacklisted and removed from search engines
    • Randomly affect pages to be slowly de-indexed by search engines without the owner noticing any suspicious processes
    • Malicious plugins can hijack private website owner data and transmit the data to an attacker’s endpoint
    • A plugin can produce additional server load that would affect overall performance of a hosted website
    • A plugin that is remotely controlled can send out bulk emails as a background activity, which not only raises server load but generally results in a server’s IP being banned by receiving email services which report an IP abuse to global IP abuse databasesTo avoid possible risks surrounding a potential data breach, always ask the developers research, and check the plugin coding validity. The plugins you use must be up to date and regularly receive security patches.
  • Single point DDoS (Distributed Denial of Service). Although single node (machine)  attacks are not as common these days because they are coming from a single machine and are easily mitigated, amateurs are still using these attacks to cause harm to functional websites. The DDoS attacks overwhelm the target’s web server with requests, resulting in the site being unavailable for other visitors.
  • Cross-Site Scripting (XSS). Cross-site scripts target the website visitors of a website instead of the web application or the hosting server itself. The malicious individuals inserts a code into a vulnerable website, which is then executed by the website visitor’s browser. The code can compromise the user’s accounts, activates viruses or modifies a website’s content to hijack visitor’s private information.
  • Database injection attacks. This illegal activity involves finding a website vulnerability (generally web application files that can be accessed via TCP protocol) that allows the hackers to read and/or write data into a database directly. This is the most common type of a malicious attack.
  • Brute Force Attacks. These are straightforward attacks involving attempts to retrieve login information for a web software installed on a hosting server. These attacks involve ongoing attempts to find a password for an account by trying sequential data strings. At the same time, this is the most easiest attacks to mitigate since they usually come from a limited number of employed machines.
  • Phishing is to be reported the most common social engineering cyber crime. Individuals that employ this activity, disguise themselves as representatives of various services (such as bank accounts managers), and steal private information that leads to either data or monetary losses. Although this activity is not directly aimed at websites, email fishing often redirects recipients to visit websites to enter their private information. These malicious websites are often hosted on hijacked servers such as those that host other personal or business websites.