Detailed defense against cron attacks (times your cron Security)

Source: Internet
Author: User

Detailed defense against cron attacks (times your cron Security)
A few days ago, my friend said that his website consumed a lot of yundou, and then read the logs and found that most of them were cron. php. Then it is not accessed by an intranet IP address, nor has monitoring been added. It is estimated that it is maliciously accessed by others .. However, it is not safe to modify the name, and adding the IP address to the blacklist will not be very effective. Because the IP address can be changed at any time, I added a piece of code to solve this problem. It is to add a get to cron. php to pass the parameter, and then modify cron in config. yaml to solve the problem of malicious access. The consumption in the past few days must be reduced. This example tells us that if you are using an open-source program, when someone finds your open-source program, you can look at the code to find ways to consume your beans. Therefore, we need to take a long journey of wisdom. Although the technical content is not very high, it will still be much safer. After all, he doesn't know whether your beans are consumed, and he just tries to attack your program .. However, the cron output is OK at the beginning. Now it does not GET to transmit data, but it also returns OK, but now the execution is successful, yes is returned. Next let's go to the topic. Add the following sentence to cron. php. If (empty ($ _ GET ['Password']) | $ _ GET ['Password']! = 'User @ test') exit ('OK'); // both password and user @ test can be modified at Will // The access method is domain name/program name. php? Password = user @ test then modify the config. yaml file and add "program name. php? Password = user @ test "here" program name. php? Password = user @ test "is not absolute. If you have modified password and user @ test in the place where if, you also need to modify it here. This example is as follows. -Description: Task url: cron. php? Password = user @ test schedule: */1 ****

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.