可能黑客攻击我的ASP表格 - 需要建议 [英] Possible hacking of my ASP form - Need advice
问题描述
我一直收到通过电子邮件发送给我的表单结果,表明我的网站提交的表格
提交的所有字段都是空白的或者空的,
但我的代码应阻止用户继续进行,如果他们将任何
字段留空。我的猜测是有人试图使用表格来破解网站
获取进入或运行命令 - 我真的不知道
因为我是不是黑客。我只知道表格往往对这些类型的攻击很敏感。
我希望有人可以对可能发生的事情有所了解
以及我如何最好地尝试阻止此类事情。我认为
即使他们输入了各种命令或其他形式,我可能会在结果中得到一些命令,但是
每个字段都是空的。
任何想法?
谢谢!
Jim
Hi,
I keep getting form results emailed to me that would indicate a form
from my web site is getting submitted with all fields blank or empty,
but my code should preventing users from proceeding if they left any
field blank. My guess is that someone is trying to hack the site
using the form to gain entry or run commands -- I don''t really know
since I''m not a hacker. I just know that forms are often susceptible
to these kinds of attacks.
I was hoping someone could shed some light on what may be happening
and how I may best try to prevent such things. I would think that
even if they entered various commands or whatnot into the form that I
might get some of those commands back in the results, but instead
every field comes back empty.
Any ideas?
Thanks!
Jim
推荐答案
www.aspfaq.com 有很多关于防止SQL注入攻击的好东西
-
----------------- -----------------------------------------
Curt Christianson(Software_AT_Darkfalz.Com)
所有者/首席设计师,DF-Software
http://www.Darkfalz.com
--------------------------- ------------------------------
...提供免费脚本&每个人的代码snippits ...
----------------------------------- ----------------------
" Jim" <请************ @ hotmail.com>在消息中写道
news:bd ************************** @ posting.google.c om ...
www.aspfaq.com has a bunch of good stuff on preventing SQL Injection attacks
--
----------------------------------------------------------
Curt Christianson (Software_AT_Darkfalz.Com)
Owner/Lead Designer, DF-Software
http://www.Darkfalz.com
---------------------------------------------------------
...Offering free scripts & code snippits for everyone...
---------------------------------------------------------
"Jim" <Do************@hotmail.com> wrote in message
news:bd**************************@posting.google.c om...
我一直收到通过电子邮件发送给我的表格结果,表明我的网站上的表格已经提交,所有字段都是空白或空白,<但是如果他们将任何
字段留空,我的代码应阻止用户继续操作。我的猜测是有人试图破解网站
使用表格获取进入或运行命令 - 我真的不知道
因为我不是黑客。我只知道表格往往容易受到这类攻击的影响。
我希望有人可以了解可能发生的事情
以及我最好如何尝试防止这样的事情。我认为即使他们输入了各种命令或其他形式的东西,我可能会在结果中得到一些命令,但是
每个字段都会空回来。 />
任何想法?
谢谢!
Jim
Hi,
I keep getting form results emailed to me that would indicate a form
from my web site is getting submitted with all fields blank or empty,
but my code should preventing users from proceeding if they left any
field blank. My guess is that someone is trying to hack the site
using the form to gain entry or run commands -- I don''t really know
since I''m not a hacker. I just know that forms are often susceptible
to these kinds of attacks.
I was hoping someone could shed some light on what may be happening
and how I may best try to prevent such things. I would think that
even if they entered various commands or whatnot into the form that I
might get some of those commands back in the results, but instead
every field comes back empty.
Any ideas?
Thanks!
Jim
只接受从您自己的服务器提交的表格IP add应该减少
外部攻击的可能性
" Jim" <请************ @ hotmail.com>在消息中写道
news:bd ************************** @ posting.google.c om ...
only accept forms submitted from your own servers IP add should reduce
possibility of external attack
"Jim" <Do************@hotmail.com> wrote in message
news:bd**************************@posting.google.c om...
我一直收到通过电子邮件发送给我的表格结果,表明我的网站上的表格已经提交,所有字段都是空白或空白,<但是如果他们将任何
字段留空,我的代码应阻止用户继续操作。我的猜测是有人试图破解网站
使用表格获取进入或运行命令 - 我真的不知道
因为我不是黑客。我只知道表格往往容易受到这类攻击的影响。
我希望有人可以了解可能发生的事情
以及我最好如何尝试防止这样的事情。我认为即使他们输入了各种命令或其他形式的东西,我可能会在结果中得到一些命令,但是
每个字段都会空回来。 />
任何想法?
谢谢!
Jim
Hi,
I keep getting form results emailed to me that would indicate a form
from my web site is getting submitted with all fields blank or empty,
but my code should preventing users from proceeding if they left any
field blank. My guess is that someone is trying to hack the site
using the form to gain entry or run commands -- I don''t really know
since I''m not a hacker. I just know that forms are often susceptible
to these kinds of attacks.
I was hoping someone could shed some light on what may be happening
and how I may best try to prevent such things. I would think that
even if they entered various commands or whatnot into the form that I
might get some of those commands back in the results, but instead
every field comes back empty.
Any ideas?
Thanks!
Jim
>>来自:jason(ja ** *@catamaranco.com)
>>From: jason (ja***@catamaranco.com)
请确保您没有使用会话变量,就像它们过期一样。
用户可以在数据库或表单中输入空值。
感谢您提示,但我没有使用会话变量。
来自:Curt_C [MVP](software_AT_darkfalz.com)
www.aspfaq.com 在预防SQL注入
攻击方面有很多好处
对不起,我应该提到,我没有使用数据库。这是一个非常简单的html表单,上面有一个脚本给我发电子邮件结果
with CDONTS。
来自:Tim Williams(saxifrax @ pacbell * dot * net)
你是如何阻止用户提交空字段的?
蒂姆。
好问题。它只是一个简单的验证脚本,检查是否为
,看看是否有任何字段留空,如果是,则重新生成带有
错误消息的表单,请求该字段(s)填写。我不能在测试时打破它,但是我再也不认为这是一个黑客,而且我猜这是'b'的一部分问题< g>。
来自:仅我(on*****@hotmail.com)
只接受从您自己的服务器提交的表格IP add应该是
减少外部攻击的可能性
Just be sure you are not using session variables as if they expire. the usermay be entering empty values into your database or form.
Thanks for the tip, but I''m not using session variables.
From: Curt_C [MVP] (software_AT_darkfalz.com)
www.aspfaq.com has a bunch of good stuff on preventing SQL Injection attacks
Sorry, I should have mentioned, I am not using a database. This is
just a very simple html form with a script to email me the results
with CDONTS.
From: Tim Williams (saxifrax@pacbell*dot*net)
How are you preventing the user from submitting empty fields?
Tim.
Good question. It''s just a simple validation script that checks to
see if any field was left empty and if so, rebuilds the form with an
error message requesting that the field(s) be filled out. I can''t
seem to break it when testing, but then again I don''t think like a
hacker, and I guess that''s part of the problem <g>.
From: only me (on*****@hotmail.com)
only accept forms submitted from your own servers IP add should reducepossibility of external attack
我知道使用动态IP执行此操作的唯一方法是检查
Referer变量,但由于我的主机禁用了此变量对于一些不明原因,我不能那样做。还有另外一种方式吗?
我很欣赏到目前为止的所有提示和建议。我还需要什么?
寻找?
再次感谢。
Jim
吉姆 <请************ @ hotmail.com>在消息中写道
新闻:bd ************************** @ posting.google.c om ...
The only way I know to do this with a dynamic IP is to check the
Referer variable, but since my host disables this variable for some
unknown reason, I can''t do that. Is there another way?
I appreciate all the tips and suggestions so far. What else should I
look for?
Thanks again.
Jim
"Jim" <Do************@hotmail.com> wrote in message
news:bd**************************@posting.google.c om...
我一直通过电子邮件向我发送表格结果,表明我的网站上的表格已经提交,所有字段都是空白或空白,
但是如果他们将任何
字段留空,我的代码应阻止用户继续操作。我的猜测是有人试图破解网站
使用表格获取进入或运行命令 - 我真的不知道
因为我不是黑客。我只知道表格往往容易受到这类攻击的影响。
我希望有人可以了解可能发生的事情
以及我最好如何尝试防止这样的事情。我认为即使他们输入了各种命令或其他形式的东西,我可能会在结果中得到一些命令,但是
每个字段都会空回来。 />
任何想法?
谢谢!
Jim
Hi,
I keep getting form results emailed to me that would indicate a form
from my web site is getting submitted with all fields blank or empty,
but my code should preventing users from proceeding if they left any
field blank. My guess is that someone is trying to hack the site
using the form to gain entry or run commands -- I don''t really know
since I''m not a hacker. I just know that forms are often susceptible
to these kinds of attacks.
I was hoping someone could shed some light on what may be happening
and how I may best try to prevent such things. I would think that
even if they entered various commands or whatnot into the form that I
might get some of those commands back in the results, but instead
every field comes back empty.
Any ideas?
Thanks!
Jim
这篇关于可能黑客攻击我的ASP表格 - 需要建议的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
