IDEAS home Printed from https://ideas.repec.org/a/apa/ijtess/2020p1-7.html
   My bibliography  Save this article

Attacks on Newly Registered Content Management Websites – A Comparison

Author

Listed:
  • Marko Niinimaki

    (Webster University Thailand, Bangkok, Thailand)

  • John Lawrence

    (Webster University Thailand, Bangkok, Thailand)

  • Kitichai Chanyalikit

    (Webster University Thailand, Bangkok, Thailand)

  • Veli Pajula

    (University Consortium of Seinajoki, Seinajoki, Finland)

Abstract

Web Content Management Systems (CMSs) are tools for creating and maintaining commercial-quality websites. Their popularity has increased, but so has their complexity and the number of third-party modules. These, however, increase the risk of vulnerabilities. This paper presents a case study of hacker/intrusion activities on CMS websites. We study how much of the incoming traffic is potentially malicious and where it originates from. Additionally, we study if CMS’s based on different CMS software attract different kinds of traffic. To implement our study, we have registered and launched three virtual websites (running on the same computer). Each site runs its own popular CMS software, but their content is identical (a weblog with a simple template). The sites run for six months on a platform of a commercial web hosting provider. Our methodology is empirical, and our analysis is based on logging every HTTP request that was sent to the sites. This was done using the logging capabilities of the webserver software, Apache. We compare the sites with each other, with an established website, and an empty website. Our analysis shows that more than 90% of all traffic to the websites (both old and new) is potentially malicious. Further, we find that a large majority of the intrusion attempts are very unsophisticated: they do not try to exploit any specific vulnerabilities of the underlying CMS. Therefore, keeping the CMS up-to-date and following CMS hardening practices is enough to repel these attacks.

Suggested Citation

  • Marko Niinimaki & John Lawrence & Kitichai Chanyalikit & Veli Pajula, 2020. "Attacks on Newly Registered Content Management Websites – A Comparison," International Journal of Technology and Engineering Studies, PROF.IR.DR.Mohid Jailani Mohd Nor, vol. 6(1), pages 1-7.
    • Handle: RePEc:apa:ijtess:2020:p:1-7
    DOI: 10.20469/ijtes.6.10001-1
    as

    Download full text from publisher

    File URL: https://kkgpublications.com/technology-engineering-studies-volume-6-issue-1/
    Download Restriction: no
    File URL: https://kkgpublications.com/wp-content/uploads/2020/11/ijtes.6.10001-1.pdf
    Download Restriction: no
    File URL: https://libkey.io/10.20469/ijtes.6.10001-1?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Kiyoshi Nagata, 2019. "Website evaluation using cluster structures," Journal of Advances in Technology and Engineering Research, A/Professor Akbar A. Khatibi, vol. 5(1), pages 25-36.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.

      Corrections

      All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:apa:ijtess:2020:p:1-7. See general information about how to correct material in RePEc.

      If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

      If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

      If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

      For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: PROF.IR.DR.Mohid Jailani Mohd Nor (email available below). General contact details of provider: https://kkgpublications.com/technology/ .

      Please note that corrections may take a couple of weeks to filter through the various RePEc services.

      IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.