In a world that has become increasingly connected and when plenty of our personal and financial information is increasingly being captured and stored on servers, the threat of hackers and the harm they can cause us has become increasingly significant.

Whether it is for personal gains, promoting a political agenda, plain mischief or as a form of online activism (or “hacktivism” as it is now called) we are hearing more and more about hackers attacking and bringing down sites or gaining access to crucial data and information.

But, how exactly do website hackers hack websites and servers? Well, it would be wrong to presume that everything is known about the intricate ways they actually do it because, for one, software and online security companies immediately close any breaches as soon as they are discovered and the hackers have to come up with new ways to get around their defenses. Therefore, a hack that works today becomes obsolete as soon as the security holes are patched up.

Secondly, not all attacks are discovered or known about. If a hacker breaches a system and leaves without a trace or causing damage, the attack, for all sense and purpose, remains undiscovered – hence the way it was done might never be figured out. Then of course there is the fact that anyone can find hacking tools that do the job without the hacker having a clue about how the code even works.

And so, the methods listed below are the general ways hacks are done and are to serve as educational and informational references only.

1. Keyloggers: perhaps the easiest way to gain access to all your online information is to monitor you while you go online. Keyloggers are software that are installed on victims’ computers and record every keystroke that is made. Everything from usernames and passwords to credit card details can be captured and sent back to the hackers over the internet.
2. Phishing: a surprisingly large number of people fall victim to this method and end up sending confidential information simply because they received an email instructing them to do so. In their defense, the emails usually imitate the letterheads, logos and signs of legitimate companies. The messages normally state that the readers’ email, bank or social media account has been accessed or an unusually activity has been noted and that they should send in their user names and passwords to confirm they are the true owners of the accounts. Others may ask readers to go to a site that looks like the real thing but are actually duplicates that are intended to capture the details of the unsuspecting victims.
3. Injection attacks: if the SQL server which is used by your website is not properly secured, hackers can “inject” their own commands to gain unauthorized access or download information from them.
4. Portal Hacking: in this method that is similar to an injection attack, hackers take control of a website by tweaking its URLs to work against itself until it opens an upload-account that is then used to replace the sites’ own files by new, malicious or infected ones (so that the hacker can continue to access and control the site remotely).
5. Distributed Denial of Service (DDoS) attack: the purpose of this attack is to simply overwhelm a website’s host server with information requests until it simply can’t cope and ends up crashing. The attack is sustained over an extended period of time and can originate from hijacked computers that are spread out across the world or a single device that has special DDoS software (which sends out an immense amount of requests to a server) installed on it.
6. Clickjacking Attack: a hacker creates a web page that is transparent and superimposes it on another legitimate one. All the fields (like username, password, credit card details etc.) are aligned so when the unsuspecting victims input the information they are actually doing so on the hackers page that is hovering above the real one, just like a see-through film.
7. Cross Site Scripting (XSS) attacks: here an application, a URL “get” request or a file packet is run on a browser and pops up in the window without undergoing a validation process. When visitors see a request for, say, user name and password they type it in assuming it to be a legitimate request from the website.

We have seen a few of the most common attack methods, so let’s sign off with a quick note on how to go about protecting ourselves:

1. Always keep anti-viruses updated.
2. Never open emails or attachments from unknown sources.
3. Never use thumb drives that haven’t been scanned for malicious code – even then proceed with extreme caution.
4. Never leave laptops, computers, smart phones etc. unlocked and unmonitored.
5. Double check URLs of sites that demand usernames and passwords: social media sites, online bank accounts and email sites.
6. Never, ever use the same password over and over again – one breach brings all the others down.

But, most importantly, choose a web hosting provider that has all the data protection protocols in place. Look for the latest versions of software: operating systems, databases etc. That way, any direct attacks to your website can be thwarted without putting your visitors at risk and in case your visitors’ devices are already infected they won’t be able to mess with your site’s inner workings. A good hosting provider makes sure you don’t have to worry about such stuff – they do the worrying for you.