Support
- Advanced Backup
- Client Side
- Cloud Enterprise
- ColdFusion
- Control Panel
- cPanel
- Customer Portal
- DNS Information
- Dedicated Servers
- DirectAdmin
- Domain Name
- dotDefender
- Block Uploads by Filetype with dotDefender in Linux
- Change Admin Email Address for dotDefender Blocked Requests
- Common Whitelist Rules for DotDefender
- Configure dotDefender Default Error Page
- Whitelist an IP Address
- dotDefender Pattern Details
- Locate dotDefender Blocked Requests: Windows
- Whitelist a URI
- Locate dotDefender Blocked Requests: Linux
- Migrating dotDefender Settings to New Hardware
- Dreamweaver
- FileCatalyst
- Front Page
- FTP
- General Information
- Hosted Exchange & SharePoint
- IIS6
- IIS7
- Juniper Netscreen Firewalls
- Linux
- List Server
- MIVA Merchant
- MySQL
- Patching / Server Updates
- phpMyAdmin
- Plesk
- Policies and Procedures
- Premium Spam Filtering
- Programming
- Ruby on Rails
- Search Engine Submission
- SharePoint 3
- SharePoint 2010
- SiteDesigner
- SmarterMail 3
- SmarterMail 4
- SmarterMail 5
- SmarterMail 6
- SmarterMail 7
- SmarterStats
- SmarterTrack
- SQL Server
- Secure Socket Layer (SSL)
- Uploading Your Website
- Video Tutorials
- Windows Server 2003
- Windows Server 2008
- Web Design
- WordPress
- Advanced Monitoring
- MediaWiki
- Enkompass
- Microsoft Outlook 2010
- Android
- Outlook Web Access
- Critical Availability Service
- NAS Data Transfer
- Customer Portal Demos
- Joomla
- Moodle
- Cloud Dedicated
- Gallery CMS
- phpBB
- Standard Monitoring
- Righteous Restore
- NAS (Network Attached Storage)
- Networking
- SmarterMail 8
- PCI Security Scan
- LinkTiger
- Windows Cloud VPS
- Linux Cloud VPS
- Linux VPS
- Windows VPS
- Hyper V
- ENSIM
- Alert Logic
- Webmin
- e107
- Vbulletin
- VPN
- Visual Vault
- Mozilla Thunderbird
- PyroCMS
- Active Directory
- Vmware Related
- Drupal
dotDefender Pattern Details
The Pattern Recognition Security Engine identifies patterns that enable prevention of the following types of application-level attacks. If you have specific questions regarding an attack or need assistance in tracking down a blocked request, please let us know.
Encoding
Encoding is a method of representing characters in different ways for use in computer systems. ASCII (American Standard Code for Information Interchange) and UTF (Unicode Transformation Format) are examples where the same text is encoded in various ways, so that a web server can interpret it. An Encoding attack uses obfuscation to "hide" suspect packets from security tools by using, for example, UTF or HEX (Hexadecimal) encoding. This results in a disguised injection of malicious phrases in URLs, parameters, or metadata.
Buffer Overflow
When an application sends more data to a buffer than the buffer is designed to hold, the overflow can cause a system crash or create a vulnerability that enables unauthorized system access.
SQL Injection
SQL (Structured Query Language) provides an interface to facilitate access to and interaction with a database. A database usually stores data in tables and procedures. An SQL injection is an attack method that aims at penetrating a back-end database to manipulate, steal, or modify information in the database. This attack method exploits the Web Application by injecting malicious queries, causing the manipulation of data.
Cross-Site Scripting
Scripting is a programming technique that comprises a set of instructions executed by another program (such as a web browser). Scripting is used to create dynamic pages in Web Applications. Cross-Site Scripting is a client-side attack method that occurs when an attacker uses a web-based application to send malicious code to another user of the same application. This attack is most common in dynamically-generated application pages, where embedded application forms are built. This attack is automatically executed when the client's browser opens an HTML web page. As a result of Cross-Site Scripting, a user's browser mistakenly identifies the script to have originated from a trusted source, allowing the maliciously injected code to access cookies, session tokens, or any other sensitive information.
Stored attacks
These occur when the injected malicious code is stored on a target server such as a bulletin board, a visitor log, or a comment field. The victim retrieves and executes the malicious code from the server, when interacting with the target server.
Reflected attacks
These occur when the user is tricked into clicking a malicious link, or submitting a manipulated form (crafted by the attacker). The injected code travels to the vulnerable web server which directs the cross-site attack back to the user's browser. The browser then executes the malicious code, assuming it comes from a trusted server.
Path Traversal
A URL is a web address translated into a path on the Web Server. A URL leads to specific directories and files residing on the server. Path Traversal is an attack mechanism that changes the original path to a path desired by an attacker, in order to gain access to internal libraries and folders. Path Traversal gains access to an organization's server files and directories that are otherwise inaccessible to external users. Path Traversing is implemented with common OS operations, such as using the characters "/../../.." for traversing between files and directories.
Probing
Probing is an attack aiming to collect information about a Web Server and Applications, based on common practices and educated guesses. Attackers send probes looking for common weaknesses, and third party software that has known vulnerabilities. This information can be used to breach and thereby gain unauthorized access to the server.
Remote Command Execution
Once a Web server has been breached, an attacker can attempt to execute OS commands or programs installed on that server. This type of attack often follows SQL Injection, Path Traversal, or other attacks. In this mode of attack, an attacker executes commands through the Web Application. The commands will be executed under the privileges of the Web Application, which may allow access to the database, OS commands, and more.
Cookie Manipulation
Cookies are commonly used to store user identification and privileges information. Cookie Manipulation refers to a range of attack methods that aim to deceive the Web Server into sending cookies that the attacker is unauthorized to receive. Using the cookies, an attacker can obtain unauthorized access to the Web Server. CRLF Injection (Carriage Return/Line Feed) is an example of Cookie Manipulation.
Default Windows Directories and Files
Default Windows Directories and Files are components created by default during the installation of IIS and related applications, such as FrontPage, IIS sample page, and more. These default components contain known weaknesses, which an attacker may use to breach the server.
XML Schema
XML Schema is a document that describes, in a formal way, the syntax elements and parameters of a web language. It is used in web services and XML based applications. Since the XML Schema describes all of the available service functions, hackers may use this information to discover vulnerabilities in the application.
XPath Injection
XPath is a language used to access parts of an XML document. Hackers may insert malicious code into XML parameters to gain access to the Web Server, or retrieve information from the database. All protection methods are similar to those for SQL Injection.
XPath Cross-Site Scripting
XPath is a language used to access parts of an XML document. Hackers may insert malicious code into XML parameters to execute cross-site scripting attacks (see Cross-Site Scripting).