Detailed defense against cron attacks (times your cron Security)

Detailed defense against cron attacks (times your cron Security)
A few days ago, my friend said that his website consumed a lot of yundou, and then read the logs and found that most of them were cron. php. Then it is not accessed by an intranet IP address, nor has monitoring been added. It is estimated that it is maliciously accessed by others .. However, it is not safe to modify the name, and adding the IP address to the blacklist will not be very effective. Because the IP address can be changed at any time, I added a piece of code to solve this problem. It is to add a get to cron. php to pass the parameter, and then modify cron in config. yaml to solve the problem of malicious access. The consumption in the past few days must be reduced. This example tells us that if you are using an open-source program, when someone finds your open-source program, you can look at the code to find ways to consume your beans. Therefore, we need to take a long journey of wisdom. Although the technical content is not very high, it will still be much safer. After all, he doesn't know whether your beans are consumed, and he just tries to attack your program .. However, the cron output is OK at the beginning. Now it does not GET to transmit data, but it also returns OK, but now the execution is successful, yes is returned. Next let's go to the topic. Add the following sentence to cron. php. If (empty ($ _ GET ['Password']) | $ _ GET ['Password']! = 'User @ test') exit ('OK'); // both password and user @ test can be modified at Will // The access method is domain name/program name. php? Password = user @ test then modify the config. yaml file and add "program name. php? Password = user @ test "here" program name. php? Password = user @ test "is not absolute. If you have modified password and user @ test in the place where if, you also need to modify it here. This example is as follows. -Description: Task url: cron. php? Password = user @ test schedule: */1 ****