Pinterest Stumbleupon Whatsapp
Ads by Google

website securityAs the internet evolves and the systems it’s running on become harder to hack, you’d think websites would be hacked less! In fact, the opposite is true, with the number one problem lying not in the software but in human complacency.

Once a possible hack is discovered, it can spread like wildfire through the hacker communities, so keeping your site up to date and addressing latent security holes is the absolute best defence.

That said, how can you know if your site is vulnerable? That’s where the free service HackerTarget.com comes in.

Limitations and Sign-Up Confusions:

The free accounts let’s you run up to 4 scans per day, the only other clause being that you cannot use certain scans with a free email address such as Hotmail, Yahoo or Gmail. The WordPress scan is available to everyone though.

Secondly, you don’t actually need to sign up – just initiate a security scan (described later) and you’ll receive an automated email. The first time you use the service, this email will contain a link to confirm your email address. Having clicked this link, you’ll then need to initiate a scan again. It’s a little bit confusing but we’re all adults, so I’m sure we’ll get over it.

What Type of Scans Can You Do:

This amazing service offers quite a comprehensive suite of security scans actually:

Ads by Google
  • WordPress / Drupal / Joomla
  • Domain Profiling
  • WhatWeb Scan
  • BlindElephant Fingerprinting
  • Nikto Server Scan
  • SQL Injection Test
  • OpenVAS Vulnerability Scan
  • Nmap Port Scanner

We don’t have space to address all the scan, so today I’ll be taking a look at the WordPress security scan, OpenVas and SQL injection test.

WordPress Security Scan:

Upon completion of your automated WordPress scan, you’ll get a nicely presented report. Let’s look at what it tells you:

Site Info

This displays the basic server versions as well as your WordPress version if it can find it. It’ll also tell you if your WordPress is out of date. This is important, as security vulnerabilities are found in older versions and running automated scans such as these is so easy, you can quickly find yourself the target of a hack.

website security

Site Links and Scripts

This shows a report of external links found on your site as well any malware that may have been injected into your page (or built into your theme!) – be sure to check over the list and check for anything you don’t immediately recognize.

check website security

Hosting Info

The last section lists some basic info about your host as well as other websites that share the same IP as yours.

check website security

SQL Injection Test:

Pretty much all the recent hacks Sony Pictures Online Hacked Using "Primitive and Common" Vulnerability, Data Unencrypted [News] Sony Pictures Online Hacked Using "Primitive and Common" Vulnerability, Data Unencrypted [News] On Thursday evening, hacker group "LulzSec" announced via Twitter that they had gained access to SonyPictures.com and stolen over 1 million accounts, passwords and sensitive user information. Shortly after the news broke, copies of the... Read More you’ve heard about in the news by infamous security group Lulzsec were performed using SQL injection attack. Basically, this means that SQL commands can be run on the server directly by adjusting the URL parameters or entering them into a search box. It works because many systems won’t check what’s given to them, they’ll just read it straight in. XKCD explains this better!

check website security

With any luck, the email report you get from a SQL injection test will be short and sweet, saying it found no vulnerabilities. WordPress has over the years, been found to be vulnerable, but these are usually patched as soon as they are found – so the lesson is, as ever – ALWAYS BE UPDATED.

OpenVAS IP Scanner:

This one might be more interesting to run on your home IP address (which you can find at whatismyipaddress.com), as it’s basically a port scanner. It’ll list all the ports open to the world, which are then just another access route for a hacker to reach your PC. Once a hacker knows what ports are open and what they are used for, they can begin testing each one in turn to find vulnerabilities on them. Run on your home IP, you may even find some rogue processes that are secretly sending out spam emails.

website security

I do hope you try out some of these incredible free scans, especially if you run a blog and are relatively clueless about the whole security thing. I would say post back here if you get any alarming results, but that might make you a target – so best to post anonymously and leave out your web address! Do you know of any similar user-friendly, free online (and trustworthy) tools to perform these scans? Share that knowledge!

Image Credit: ShutterStock

  1. Ankur
    August 8, 2011 at 9:53 am

    Checking this for my website . 

  2. i_hack_sites
    August 8, 2011 at 9:44 am

    Thanks for the review! I am currently putting together some additional "help" and content to make the sign-up process a bit clearer.

    We have gone through some significant upgrades and site changes over the past month or so.

  3. Tina
    August 8, 2011 at 1:15 am

    I just wonder how he managed to post that link. He must have managed to bypass the moderation queue. He was not whitelisted, but he is blacklisted now for sure!

    • James Bruce
      August 9, 2011 at 1:27 pm

      Perhaps we should consider adding it to the banned words list, it seems to be occurring quite a lot. Jeffery caught one on answers the other day too. 

Leave a Reply

Your email address will not be published. Required fields are marked *