Notifications on Vulnerabilities or Misconfigurations in the Context of Hacked Webservers

Note: This page is still partially under construction - for further content please check again later.

Private individuals, associations, self-employed, and small and medium-sized enterprises (SMEs) make up the largest proportion of all websites. However, this group in particular often lacks the resources to professionally manage and regularly maintain websites. As a result, it is often difficult to recognize when the own website has security vulnerabilities and has been hacked. As part of the INSPECTION project funded by the German Federal Ministry of Education and Research (BMBF), we investigated unauthorized malicious website redirects, a specific type of SEO spam, which allows website owners to recognize early on that their website has been compromised. We identified search engine entries which revelaed that a websites is used to redirect to fake shops. These redirects were hidden in the website files by attackers. For the website owner, this hacking is initially “invisible”, as the website itself is displayed normally and can still be accessed. However, the manipulated redirects can be found in the corresponding search engine entries - attackers must have had access to the website's file system. It is therefore important that website owners are informed and supported in cleaning up the website and taking general security measures.

What was INSPECTION about?

The aim of INSPECTION was to automatically identify websites affected by unauthorized malicious website redirects by crawling as much of the German-speaking Internet as possible and classifying the websites externally using AI technology. In a human-centered approach, (potentially) affected parties as well as service providers, such as hosting providers, were made aware of the problem and - if they had been hacked themselves - informed about the incident.

To this end, measures were developed to inform affected website owner and support them in remediating the problem. The so-called “teachable moment” was used, i.e., the fact that the moment the website owners are made aware of the specific problem with their website, they are most likely to be willing to increase the security of their website.

Based on interviews with potentially affected and already notified companies, we evaluated which communication channels and senders would be suitable for vulnerability notifications. Based on the findings, we used the notification text we designed to investigate the effect of sender and framing and whether there is an interaction effect between sender and framing. We also used semi-structured interviews to investigate the reasons website owners have for not fixing the hack despite being notified.

The project consortium included experts from the fields of web analytics (mindUp Web & Intelligence GmbH), incident response management for analyzing cyber attacks (BDO Wirtschaftsprüfungsgesellschaft AG) and the comprehensible communication of effective IT security and awareness measures (SECUSO@KIT). Web hosters, industry and security associations and international multipliers were also involved in the project as associated partners.

What measures are available?

As part of the INSPECTION project, various awareness materials were developed to help website owners become aware of unauthorized malicious website redirects and how to fix them. These include, for example, tips on how to effectively inform those affected about hacking. In addition, materials have been developed that website owners can use to identify for themselves whether their own website has been hacked. Furthermore, measures for remediation are described and tips are given on how those affected can secure their own website in the future. The following materials have been created:

  • Two awareness videos on unauthorized malicious website redirects, how to identify them, fix them and take protective measures against future hackings
  • An awareness presentation for events
  • A notification text to inform affected website owners about unauthorized malicious website redirects

Publications

  • A. Hennig, et al. 2022. Standing out among the daily spam: How to catch website owners attention by means of vulnerability notifications. In Conference on Human Factors in Computing Systems (CHI ’22 Extended Abstracts), Available: https://doi.org/10.1145/3491101.3519847
  • A. Hennig. 2022. Your website has been hijacked: Raising awareness for an invisible problem. In Sicherheit 2022: Sicherheit, Schutz und Zuverlässigkeit: Konferenzband der 11. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.v. (GI), Available: https://doi.org/10.18420/sicherheit2022_18
  • A. Hennig et al. 2022. Your Cookie Disclaimer is not in line with the ideas of the GDPR. Why? In Human Aspects of Information Security and Assurance. Available: https://doi.org/10.1007/978-3-031-12172-2_17
  • A. Hennig et al. 2022. Poster: How to best inform website owners about vulnerabilities on their websites. European Symposium on Usable Security (EuroUSEC 2022), Available: https://publikationen.bibliothek.kit.edu/1000157146
  • A. Hennig et al. 2023. Poster: Ihre Website wurde gehackt: Awareness schaffen für ein unsichtbares Problem. 2023 Nationale Konferenz IT-Sicherheitsforschung: Die digital vernetzte Gesellschaft stärken, Available: https://publikationen.bibliothek.kit.edu/1000157190
  • A. Hennig et al. 2023. Poster: Beware of website hackers: Developing an awareness video to warn for website hacking. 19th Symposium on Usable Privacy and Security. Co-located with USENIX Security ’23 (SOUPS 2023), Available: https://publikationen.bibliothek.kit.edu/1000160706
  • A. Hennig et al. 2023. Vision: What the hack is going on? A first look at how website owners became aware that their website was hacked. In: Proceedings of the 2023 European Symposium on Usable Security (EuroUSEC 2023), pp. 312-317, Available: https://doi.org/10.1145/3617072.3617101