Website Defacement Detection and Monitoring Methods: A Review

Albalawi, Mariam; Aloufi, Rasha; Alamrani, Norah Ateeq; Albalawi, Neaimh Nasser; Aljaedi, Amer; Alharbi, Adel R.

doi:10.3390/electronics11213573

Cited by 7 publications

(3 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Between January 1, 2022, and September 6, 2023, a concerning total of 9,052 government websites were found to have been infiltrated with online gambling content, prompting how the government websites were being managed and secured. In some circumstances, these sites are hacked or defaced, and the web manager is unaware, or the pages are no longer maintained [4]. Despite global efforts to combat web defacements related to illegal activities, including online gambling, these remain elusive and challenging to eradicate [5].…”

Section: Introductionmentioning

confidence: 99%

Detecting Hidden Illegal Online Gambling on .go.id Domains Using Web Scraping Algorithms

Nurseno,

Aditiawarman,

Al Qodri Maarif

et al. 2024

matrik

View full text Add to dashboard Cite

The profitable gambling business has encouraged operators to promote online gambling using black hat SEO by targeting official sites such as government sites. Operators have used various techniques to prevent search engines from distinguishing between genuine and illegal content. This research aims to determine whether websites with the go.id domain have been compromised with hidden URLs affiliated with online gambling sites. The method used in this research is an experiment using a FOFA.info dataset containing a complete list of 450,000 .go.id domains. A web scraping algorithm developed in Python was used to identify potentially compromised websites from the targeted listby analyzing gambling-related keywords in local languages, such as ’slot,’ ’judi,’ ’gacor,’ and ’togel'. The results showed that 958 of the 1,482 suspected.go.id sites had been compromised with an accuracy rate of 99.1%. This implies that security gaps have been exploited by illegal online gambling sites, posing a reputational risk to the government. Lastly, the scrapping algorithm tool developed in this research can detect illegal online gambling hidden in domains such as .ac.id, .or.id, .sch.id, and help authorities take necessary action.

show abstract

Section: Introductionmentioning

confidence: 99%

Detecting Hidden Illegal Online Gambling on .go.id Domains Using Web Scraping Algorithms

Nurseno,

Aditiawarman,

Al Qodri Maarif

et al. 2024

matrik

View full text Add to dashboard Cite

show abstract

“…This is because website access is public [30], [31], [32], [33], [34]. Web-based systems' backend data can always be directly accessed and since majority of them are customized, their degrees of testing are lower compared to off-shelf applications [35]. With compromised systems, hackers are able to completely access organization's back end data, even with proper configurations to firewalls or repeated patching to applications and operating systems [36], [37], [38].…”

Section: Introductionmentioning

confidence: 99%

Review of the security challenges in web-based systems

Awuor¹

2023

World J. Adv. Eng. Technol. Sci.

View full text Add to dashboard Cite

Web-based systems are vulnerable to security issues similar to any other applications. Due to the characteristics of web-based systems such as their distributable nature and cross platform accessibility, security challenges are predominant. Recently, more focus has been placed on how to handle security concerns in web systems. Current solutions to counteract the web-based system security challenges include web system languages, firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), cryptographic techniques, digital certificates and signatures among others. However, attacks and threats such as cross site scripting (XSS), Distributed Denial of Service (DDoS), cross-site request forgery (CSRF) and structured query language (SQL) injection attacks are still common. This gives the impression that there are still security challenges in this regard, despite the efforts for detection and prevention of attacks. Consequently, due to their dynamism, secure architectures are pivotal for the security of web-based systems. The focus of this paper therefore, is to review the existing security challenges of web-based systems. It is evident from this literature study that most security challenges in web-based systems stem from the threat of unauthorized access and risks from implementing technologies and standards that are under developed as regards security.

show abstract

“…Website defacement is a cybercrime that includes trespassing on a website to modify its content and allowing hackers to upload comments and pictures that reflect their viewpoints and ideas, as well as acquiring prestige by stating their names [4].…”

Section: Introductionmentioning

confidence: 99%

The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities

et al. 2023

Self Cite

View full text Add to dashboard Cite

In recent years, the number of people using the Internet has increased worldwide, and the use of web applications in many areas of daily life, such as education, healthcare, finance, and entertainment, has also increased. On the other hand, there has been an increase in the number of web application security issues that directly compromise the confidentiality, availability, and integrity of data. One of the most widespread web problems is defacement. In this research, we focus on the vulnerabilities detected on the websites previously exploited and distorted by attackers, and we show the vulnerabilities discovered by the most popular scanning tools, such as OWASP ZAP, Burp Suite, and Nikto, depending on the risk from the highest to the lowest. First, we scan 1000 URLs of defaced websites by using three web application assessment tools (OWASP ZAP, Burp Suite, and Nikto) to detect vulnerabilities which should be taken care of and avoided when building and structuring websites. Then, we compare these tools based on their performance, scanning time, the names and number of vulnerabilities, and the severity of their impact (high, medium, low). Our results show that Burp Suite Professional has the highest number of vulnerabilities, while Nikto has the highest scanning speed. Additionally, the OWASP ZAP tool is shown to have medium- and low-level alerts, but no high-level alerts. Moreover, we detail the best and worst uses of these tools. Furthermore, we discuss the concept of Domain Name System (DNS), how it can be attacked in the most common ways, such as poisoning, DDOS, and DOS, and link it to our topic on the basis of the importance of its infrastructure and how it can be the cause of hacking and distorting sites. Moreover, we introduce the tools used for DNS monitoring. Finally, we give recommendations about the importance of security in the community and for programmers and application developers. Some of them do not have enough knowledge about security, which allow vulnerabilities to occur.

show abstract

Website Defacement Detection and Monitoring Methods: A Review

Cited by 7 publications

References 27 publications

Detecting Hidden Illegal Online Gambling on .go.id Domains Using Web Scraping Algorithms

Detecting Hidden Illegal Online Gambling on .go.id Domains Using Web Scraping Algorithms

Review of the security challenges in web-based systems

The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities

Contact Info

Product

Resources

About