In this way, I believe your website will survive soon. For example, if I have a website, the daily IP address is nearly 20 thousand. Later, the website homepage was infected with Trojans, and the traffic dropped every day. I still don't know why during that time. Later, a netizen sent a QQ email saying that my website was infected with Trojans. I was shocked. Now on the homepage, I found many codes that I have never seen before. I also found many people who have found the reason for being hacked. Fortunately, my popularity is not bad! With the help of my friends, I finally found that the so-called "hacker" was exploiting an SQL injection vulnerability in the mall. I intruded into my website and then modified it. Later, it took a lot of effort to fix it.
Below I will tell you some hacker intrusion techniques I know. I hope it will help the major webmasters.
1: SQL Injection Vulnerability-this vulnerability can expose your administrator's background password and related information of your members, and then log on to your background to escalate permissions using backups, then do whatever you want.
2: XSS Cross-Site vulnerability-this vulnerability can also steal your identity information. A typical example is to give you a strange URL, just a trick ...... Of course, we have also used our website vulnerabilities to embed cross-site code into our website. As soon as you access a problematic page, you will find it.
3: sniffing-intrude into hosts in the same network segment .. Then, use a tool to sniff the server administrator account password and FTP password of the CIDR block. And other important information
4: Server Overflow-this vulnerability seems to be rare at present, as long as the administrator patches frequently .. Haha ..
5: Upload Vulnerability-The WEBSHELL can be obtained directly by using the upload vulnerability, which has a high level of hazard and has been popular in the past. It is rare at present .. Unless some small websites developed by myself may have this vulnerability... However, there is another case where the WebServer is not properly configured and the Put method is allowed. You can also directly put ......
6: Side Note: Simply put, it is .. On your server. Your website is safe .. However, some other sites on your server are exposed. Because they all belong to the same server .. So others will use other servers. Elevation of Privilege. Then obtain your server permissions.
7: social engineering-I believe there are many webmasters. All of them have a common password. Tell You. This is not the case. If someone else invades your server. Read the password of your administrator account .. Tell You. It is very likely that your fuel tank/QQ/MSN/and so on... They are all stolen together .. If your email is commonly used. Register a VM. Registered domain name. Contract for renting servers, etc .. I believe the consequences are hard to test!
8: lazy ---- some webmasters. Download the entire site from the Internet .. Do not change anything. Only change the name. Change QQ contact information. It is directly uploaded to the server for publishing .. In this way. Others will use the default database. Default Administrator account password intrusion .. Do not be lazy to be a webmaster ..!
The above are common hacker intrusion techniques I know .. !. Everyone strives to ensure the security of their websites/servers .!! Never be too lazy ..
The following are some tools for your reference ,:
Server vulnerability scanning tool: Nessus. You can find some unpatched and weak password problems.
Website vulnerability scanning tool:
IBM AppScan, Which is professional and available for download and release on the market.
HP's WebInspect and HP websites also have trial downloads, which are professional.
Www.IiScan.com is a new website. After you log on to the website and register it, you can scan your website for any vulnerabilities, which is relatively simple.