Talking about vulnerabilities and Countermeasures of finished PHP web websites. Aluminum cutting machine I made a PHP finished product website some time ago, the source code is spent 10 yuan package to buy a few hundred sets of that type of source code, but soon, my website was hacked by others, and I made a PHP finished product website some time ago. the Source Code is the type of source code that costs 10 yuan to package and buy hundreds of sets, however, soon after, my website was hacked, and a lot of black chains were added, so Baidu made my website a risky website, later, I checked the website's vulnerabilities and found out that the website has two major vulnerabilities:
The first point is that after the website is uploaded, there is an install. this is the database setting background secret;
The second point is the website background permissions, which is the most common problem for this finished website, that is, if the background login address is login or '1' = '1, this 80% website can be accessed. if you don't believe it, you can try it. after someone else goes in, it will all be changed to your own things. I suffered a loss in this regard. the countermeasure (I am a Cainiao) is to make the background login address a little more complicated, so that others cannot guess what background address you set.
Aluminum cutting machine
...