The main route for many web site hacks, defacement, and denial of service (DDoS) attacks is Man-in-the-Middle (MITM) exploits. It is a very easy concept to understand for all of us; consider an unknown person is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. It has a very techie background for those who want to know more – check out Wikipedia for the background or definitions. Here I will solely deal with a pragmatic approach of what you can do to STOP any MTIM.
Firstly a healthy element of paranoia helps, consider from the PC you are reading this article with, what possible connections are there? Home or office network, local ISP, regional backbone routers, international re-routers, DNS servers, server farms, ad networks, web site host, and finally the web site, MITM could be lurking inside anyone of these connections, points or nodes, and as we know so well at StopBadware, within a script on a web site. Worried? Don’t be; just assume the MITM is there, you have the all the solutions at hand and mostly free. The answer is in the technical background “cryptography”, i.e. encryption, passwords, Chmod (website file permissions), and CAPTCHA (establishing the user is a human). Action checklist for all:
Email: use a digital ID or certificate (low cost), PGP encryption (pretty good privacy – free), and as a surprise for sensitive email I now use and recommend Gmail with HTTPS, less connections! All this STOPS any MITM from being able to read your emails.
Web Surfing: Only access online shops or other personal ID sensitive areas where there is HTTPS (SLL), look at the web address, use secure and change your passwords regularly. If you really want to be in control use Firefox with added extras e.g. No-Script (STOPS any script, unless you say OK), Key Scrambler (encrypts any login or password entry STOPS keyloggers), set your privacy options to accept any cookie (STOPS unwanted and bad cookies from being stored on your PC), even consider using PHproxy (this STOPS a web site from even gaining your real IP address).
Webmasters: Only use FTPS to transfer files between your web site and the PC (this STOPS any MITM from intercepting data), use Chmod to restrict access to files, encrypt file directories where you can, apply different passwords to access cPanel, phpMyAdmin, use CAPTCHA for user logins and apply SSL for user data areas (these actions STOP any MTIM from gaining access to your files.
Blocking: Probably the best offensive action you can take, think of it like this “your PC is your home your website is your shop, club, bar, you have the total right to bar entrance to hooligans or thieves”. It is much easier to refuse entrance than to try and throw the unwanted visitor out. For example use OpenDNS on your router it is free, automatically STOPS phishing sites and many other blocking options. Use banning lists on cPanel, ban spammers on your forum, or ask your host for help.
Finally refuse to be a victim and hide in the bunker, STOP the MTIM you actually have all the tools at hand. But…. what if a MITM is already hiding inside before you go on the offensive? Check and clean your PC of any BadWare; for the webmaster does your webhost also host any bad guys? Easy to determine, check the latest block lists on the web.
