Are you ready to prevent script intrusion attacks?

Source: Internet
Author: User

Author: Xiao Wang Source: bkjia.com

As a network administrator, many of my friends are also responsible for the website development and maintenance of the organization. I think everyone is proficient in WEB development, however, it may not be clear about how to write secure script code and how intruders can penetrate the server through the WEB. Many of my friends mistakenly think that my server has a hardware firewall, in addition, if only port 80 is enabled, there will be no network security problems. Next I will introduce several common script attack methods, so that you can find security protection methods to improve server security.

1. Simple script attacks
This type of attack is caused by poor filtering of special characters in WEB programming. Although it cannot pose a serious threat to server security, however, intruders can publish malicious code containing HTML statements to disrupt the order of the website, thus adversely affecting the website. For example, if a website does not filter special characters when registering a user, it may be used by non-Chatting users. Assume that the forum administrator ID is webmaster, then someone may register the user name as <A> webmaster </A>. Although the IDs are different, they are displayed the same on the page, if the bored person changes the other information to be the same as the webmaster, it is difficult for others to distinguish which of the two IDs is true and which is false. Many websites have self-developed message boards and support HTML message submission. This gives the attackers the opportunity to write an automatic pop-up window and open a webpage code with Trojans, in this way, someone else may be planted a trojan when Browsing this message. The defense method is very simple. You can add a filter function:


<%
Function SqlCheck (fString)
FString = Replace (fString ,"","")
FString = Replace (fString ,"","")
FString = Replace (fString ,";","")
FString = Replace (fString ,"--","")
FString = Replace (fString ,",","")
FString = Replace (fString ,"(","")
FString = Replace (fString ,")","")
FString = Replace (fString, "= ","")
FString = Replace (fString, "% ","")
FString = Replace (fString ,"*","")
FString = Replace (fString, "<","")
FString = Replace (fString, "> ","")
SqlCheck = fString
End function
%>
 


In the above filter function, String = Replace (fString, "<", "") fString = Replace (fString, "> ","") you can remove the "<" and ">" symbols in the statement to make HTML code unable to run.

2. SQL Injection vulnerability attack
It is also called SQL injection attack, which is a common WEB attack method. It uses the attack of cross-table queries on databases by constructing special SQL statements, in this way, it is easy for intruders to obtain a WebShell, and then use this WebShell for further penetration until the system's management permissions are obtained. Therefore, this attack method is very harmful. We recommend that you use NBSI, WED + WIS and other injection tools of Xiao Rong to scan your website to see if this vulnerability exists. There is also a special SQL injection vulnerability, which is especially special because it uses the construction of special SQL statements to fool user identity code, for example, after an intruder finds the Background Management Portal, enter "or 1 = 1", "or =", and ") in the administrator username and password. or (a = a "," "or" a "=" a "," or a = a "," or 1 = 1 -- ", and other strings (excluding quotation marks), submit, you may directly go to the background management interface, which also shows how important it is to filter special characters. Also, be sure not to let others know the website's background management page address, except for the above reasons, this also prevents intruders from entering the background management by brute force cracking the username and password of the background administrator. In addition to the filter function mentioned above, the defense method for such attacks also shields website error information and requires IIS execution permissions, previous magazines have also described the preventive methods in detail, but do not describe them here.

3. Attacks on the entire site system and Forum
Many websites use well-known and powerful systems and forums, such as mobile, and BBSXP, therefore, security risks are inevitable. Because the code of these systems can be obtained directly from the Internet, and there are many websites using these systems, there are also many people studying these system vulnerabilities, we often see articles about the latest vulnerabilities in the system on the Internet. We recommend that you download the latest patches from the official website of these systems occasionally.

This article aims to improve the security awareness of WEB application developers and find ways to prevent intruders. It aims to prevent intruders by studying intrusion methods, we hope that you will not use some of the methods described in this article for attacks. This method will cause any losses, and BKJIA and the author will not be liable for any losses.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.