This article will explain the “web hacking term: deface/defacement”, part of a series – website hacking terms.
What is deface? Or a website defacement?
Spoil the surface or appearance of (something), e.g., by drawing or writing on it.
disfigure – deform – mar
From the given definition, deface is altering an appearance of something. When applied to web penetration, literally it is the modification of a website’s certain page/changing of a website’s visual appearance. It can be, taking a webpage down (delete) and replacing with a new modified one, or putting of images/scripts/texts that are not present in the original webpage/site.
Take for example our newest report of La Zallete website being defaced. As you can see below, the website is still defaced and image/messages of the hacker is still present on the website.
- For security purposes:
I see a lot of defaced websites where messages are popping up “zero security, please secure your website admin!” . It targets the security personnel of the website to highlight security flaw.
- Just for fun:
There is a lot of these, mocking the administrator. “You are maintaining this website but what the f*ck are you doing.”
- For Protest:
In today’s age, in the rise of anonymous, this is the common reason of a website being defaced. Mass website defacements in an operation. Hacktivism, an online protest, wherein hacktivist protest a message or a cause of (their) belief.
A quick example, to this is bringing someones/business reputation down.
How do hackers deface a website?
- SQL injection: allows unauthorized users gained administrative access.
- Remote File Inclusion: a shell is executed in the server, allows hacker to run server side commands the same as an administrator.
- Local File Inclusion and other web vulnerabilities.
I hope in some way, this short article helps you understand the term “deface/website defacement.”