网站是如何被黑客攻击的,你如何防范它? [英] How are websites hacked and how do you protect against it?
问题描述
我一直在阅读各种被黑客攻击的网站并且想知道,这是怎么回事?不是出于任何邪恶的原因,而是采取措施保护我的b
。显然,这已经在一些高调的网站上完成了,你认为这些网站会有很好的安全保障。事实上,如果内存服务,
是不是微软的网站被黑了?
因为你必须输入密码才能得到进入服务器,显然
还有其他一些方法可以做到这一点。怎么做?你如何确定你的托管服务如何安全?
5月4日下午2:16 ,Doc写道:
我一直在阅读各种被黑客入侵的网站并且想知道,这是怎么做到的?不是出于任何邪恶的原因,而是采取措施保护我的。显然,这已经在一些您认为具有良好安全性的高端网站上完成了。事实上,如果内存服务,那么微软的网站是不是被黑了?
因为你必须输入密码才能进入服务器,显然
还有其他一些方法可以做到这一点。怎么做?你如何确定如何保护你的托管服务?
主要取决于你的网络托管公司保留他们的服务器软件
最新。
所有你需要做的就是确保你的密码不容易被猜到(例如,如果可以找到你的话,请输入
)在字典中,它并不好,并且避免将
不安全的脚本上传到您的网页。这包括旧版本的电子邮件
脚本,如FormMail,垃圾邮件发送者经常劫持发送
垃圾邮件。
看来FrontPage网站本身可能不安全,所以不要使用FrontPage或者
。 (无论如何,这都是垃圾软件。)
我认为这就是它的全部内容。
Phil
-
Philip Ronan
ph *********** @ virgin.net
(如果通过电子邮件回复,请删除z)
Doc< do ********* @ removehotmail.com>这样说了:
(对于所有发布的组,可能都是OT,很抱歉。)
我一直在阅读被黑客入侵的各种网站并且想知道,这是怎么做到的?不是出于任何邪恶的原因,而是采取措施保护我的。显然,这已经在一些您认为具有良好安全性的高端网站上完成了。事实上,如果记忆服务,那么微软的网站是不是被黑了?
有不同种类的黑客。通常该网站的主页
页面被黑客选择的内容所取代 - 这是一个
污损。站点易受此类攻击的一种常见方式是b
攻击是程序设计不佳的动态脚本;您可以通过Google搜索找到有关详细信息的详细信息
。
安全网站AntiOnline由于其动态脚本之一的缺陷而被污损;您可以在 www.attrition.org <
档案中找到更多示例。 / a>,以前是
污损网站的主要镜像。
如果网络服务器正在运行其他服务(如telnet,SMTP,
FTP等),它可以被破坏的方式数量
增加。谷歌是你的朋友。
微软的妥协似乎是因为一个特洛伊木马通过电子邮件发送了
,这是他们的骨头员工之一轻快地打开了。
对于有线的用户和员工来说,没有什么可以替代的。
因为你必须输入密码才能进入服务器,显然
还有其他一些方法可以做到这一点。怎么做?你如何确定如何保护你的托管服务?
你个人能做的第一件事就是检查
$ b的完整性$ b你的动态CGI脚本,如果你使用它们。如果你没有运行
托管服务器,那么你知道的其他事情并不多。
-
Christopher Benson-Manica |我*应该*知道我在说什么 - 如果我
ataru(at)cyberspace.org |不,我需要知道。火焰欢迎。
Christopher Benson-Manica< at *** @ nospam.cyberspace.org>这样说:
你个人能做的第一件事就是检查动态CGI脚本的完整性(如果你使用它们)。如果你没有运行
托管服务器,那么你知道的其他事情并不多。
嗯,当然就像菲利普所说的那样,一定要确保你的
密码是合适的,至少不会对词典攻击造成影响。当然,如果您的
托管服务的其他任何用户都无能为力,那么无论如何都没关系。
-
Christopher Benson-Manica |我*应该*知道我在说什么 - 如果我
ataru(at)cyberspace.org |不,我需要知道。火焰欢迎。
I keep reading about various websites being hacked into and wonder, how is
this done? Not for any nefarious reasons, but to take measures to protect
mine. Apparently this has been done to some high profile sites that you
would think would have good security in place. In fact, if memory serves,
wasn''t one of Microsoft''s site hacked?
Since you have to put in a password to get into the server, obviously
there''s some other way to do it. How is it done? How do you determine how
secure your hosting service is?
On 5/10/04 2:16 pm, Doc wrote:
I keep reading about various websites being hacked into and wonder, how is
this done? Not for any nefarious reasons, but to take measures to protect
mine. Apparently this has been done to some high profile sites that you
would think would have good security in place. In fact, if memory serves,
wasn''t one of Microsoft''s site hacked?
Since you have to put in a password to get into the server, obviously
there''s some other way to do it. How is it done? How do you determine how
secure your hosting service is?
Mostly it depends on your web hosting company keeping their server software
up to date.
All you have to do is make sure your password can''t be guessed easily (i.e.,
if it can be found in a dictionary, it''s no good), and avoid uploading
insecure scripts to your web pages. That includes older versions of email
scripts like FormMail, which are routinely hijacked by spammers to send out
junk mail.
It also appears that FrontPage sites might be inherently insecure, so don''t
use FrontPage either. (It''s rubbish software anyway.)
I think that''s about all there is to it.
Phil
--
Philip Ronan
ph***********@virgin.net
(Please remove the "z"s if replying by email)
Doc <do*********@removehotmail.com> spoke thus:
(Probably OT for all the groups posted to, so sorry.)
I keep reading about various websites being hacked into and wonder, how is
this done? Not for any nefarious reasons, but to take measures to protect
mine. Apparently this has been done to some high profile sites that you
would think would have good security in place. In fact, if memory serves,
wasn''t one of Microsoft''s site hacked?
There are different varieties of "hacked". Usually the site''s home
page is replaced with something of the hacker''s choosing - that''s a
"defacement". A common way in which sites are vulnerable to this sort
of attack is poorly programmed dyanamic scripts; you can find detailed
information about the specifics with some Google searching. The
"security" web site AntiOnline was defaced as a result of a flaw in
one of its dynamic scripts; you can find many more examples in the
archives at www.attrition.org, which formerly was a major mirror of
defaced web sites.
If the web server is running other services (such as telnet, SMTP,
FTP, etc.), the number of ways in which it can be compromised
increases. Google is your friend.
The compromise at Microsoft seems to have resulted from a Trojan sent
via e-mail, that one of their bone-headed employees blithely opened.
There''s no substitute for clueful users and employees.
Since you have to put in a password to get into the server, obviously
there''s some other way to do it. How is it done? How do you determine how
secure your hosting service is?
The first thing you personally can do is to check the integrity of
your dynamic CGI scripts, if you use them. If you don''t run the
hosting server, there''s not much else you can do that I know of.
--
Christopher Benson-Manica | I *should* know what I''m talking about - if I
ataru(at)cyberspace.org | don''t, I need to know. Flames welcome.
Christopher Benson-Manica <at***@nospam.cyberspace.org> spoke thus:
The first thing you personally can do is to check the integrity of
your dynamic CGI scripts, if you use them. If you don''t run the
hosting server, there''s not much else you can do that I know of.
Well, of course, like Philip said, by all means make sure your
password is something appropriate, at the very least not susceptible
to a dictionary attack. Of course, if any of the other users of your
hosting service are clueless, it won''t matter anyway.
--
Christopher Benson-Manica | I *should* know what I''m talking about - if I
ataru(at)cyberspace.org | don''t, I need to know. Flames welcome.
这篇关于网站是如何被黑客攻击的,你如何防范它?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
