Aluminum cutting machine I made a PHP finished product website some time ago, the source code is spent 10 yuan package to buy a few hundred sets of that type of source code, but soon, my website has been hacked by others. In addition, many black links have been added, So Baidu has made my website a risky website. Later, I checked the website's vulnerabilities everywhere, it turns out that this website has two major vulnerabilities:
The first point is that after the website is uploaded, there is an install. This is the database setting background secret;
The second point is the website background permissions, which is the most common problem for this finished website, that is, if the background login address is login or '1' = '1, this 80% website can be accessed. If you don't believe it, you can try it. After someone else goes in, it will all be changed to your own things. I suffered a loss in this regard. The countermeasure (I am a cainiao) is to make the background login address a little more complicated, so that others cannot guess what background address you set.
Aluminum Cutting Machine