Home / Info Sec / Web Hacking Terms: What is Website Deface/Defacement

Web Hacking Terms: What is Website Deface/Defacement

We have published a lot of articles about web hacking, mentioned and talked about “defaced website” “being defaced” “pinoy hacker deface”, but there are still those people who do not have an idea what it is all about.

This article will explain the “web hacking term: deface/defacement”, part of a series – website hacking terms.

What is deface? Or a website defacement?

Spoil the surface or appearance of (something), e.g., by drawing or writing on it.
Mar; disfigure.
disfigure – deform – mar

From the given definition, deface is altering an appearance of something. When applied to web penetration, literally it is the modification of a website’s certain page/changing of a website’s visual appearance. It can be, taking a webpage down (delete) and replacing with a new modified one, or putting of images/scripts/texts that are not present in the original webpage/site.

Take for example our newest report of La Zallete website being defaced. As you can see below, the website is still defaced and image/messages of the hacker is still present on the website.

There could be a lot of reason why hackers target websites and ended defacing it, so why do hackers deface websites?

  • For security purposes:
    I see a lot of defaced websites where messages are popping up “zero security, please secure your website admin!” . It targets the security personnel of the website to highlight security flaw.
  • Just for fun:
    There is a lot of these, mocking the administrator. “You are maintaining this website but what the f*ck are you doing.”
  • For Protest:
    In today’s age, in the rise of anonymous, this is the common reason of a website being defaced. Mass website defacements in an operation. Hacktivism, an online protest, wherein hacktivist protest a message or a cause of (their) belief.
  • Others:
    A quick example, to this is bringing someones/business reputation down.

How do hackers deface a website?

  • SQL injection: allows unauthorized users gained administrative access.
  • XSS : embeds malicious script(HTML and JavaScript (others being VBScript, ActiveX, HTML, or Flash) , executed in client side ( users web browser )
  • Remote File Inclusion: a shell is executed in the server, allows hacker to run server side commands the same as an administrator.
  • Local File Inclusion and other web vulnerabilities.

I hope in some way, this short article helps you understand the term “deface/website defacement.”

About Clifford Trigo

Hi there! I am Clifford Trigo from the island of Bohol, come over here and lets have fun! :3 Just keep reading :D