处理试图入侵网站的最佳方法 [英] Best approach to handle attempting to hack a website
问题描述
一点背景.我为一家非营利组织运营网站.在我注意到一个死链接后,我在网站上运行了一个链接检查器,并发现了更多.因此,我实现了一个自定义 404 页面来记录任何失败的链接.这使我能够修复我的损坏链接,并提醒其他人链接到我们的链接已损坏.
A little background. I run the website for a non-profit organization. I ran a link checker on the site after I noticed a dead link, and found a couple more. So, I implemented a custom 404 page to log any failed links. This allows me to fix my broken links and alert others that link to us their links are broken.
这很快就导致了一个有趣的发现:他们进行了大量令人惊讶的尝试,以规避安全性并利用标准软件包中的漏洞,这些软件包在网站(如 phpmyadmin、论坛等)上很常见.
It lead to an interesting finding quite fast: they are astonishingly lots of attempts to circumvent security and exploit vulnerabilities in standard software packages that are commonly found on sites, like phpmyadmin, forums, etc.
我记录了违法者的 IP 地址,几乎完全发现他们不是来自美国,而且我们的组织严格专注于美国的一个小地区,因此我想通过 PHP 以某种方式禁止他们as:在头文件中加载违规者列表,所有页面都使用该列表,如果它们属于该列表,则直接死亡.
I log the IP addresses of the offenders, and almost entirely find they are not from the US, and our organization strictly focuses on a small region in the US, thus I thought about just banning them, via PHP in a manner such as: loading a list of offenders in the header file, which is used by all pages, and simply die with a message if they belong to the list.
这是一个好方法吗?有什么更好的吗?我担心的是,他们会发现漏洞并获得访问权限.
Is this a good approach? Is there something better? What I am concerned with, is that they will find a vulnerability and gain access.
推荐答案
您将美国以外的 IP 列入黑名单的方法在短时间内会有点效果,但从长远来看,这确实是一场失败的战斗.如果您可以在不影响用户群的情况下排除美国以外的 IP,您可以使用像 Maxmind GeoIP 在 PHP 代码中识别国家并拒绝外部访问.
Your method of blacklisting IPs outside the US will be a little effective for a short time, but is really going to be a losing battle in the long run. If you can exclude IPs outside the US without affecting your user base, you can utilize a service like Maxmind GeoIP to identify the country in PHP code and refuse access for those outside.
将这些加载到头文件的列表或数组中一段时间后可能会变得笨拙并可能影响性能.您最好将禁止列表存储在数据库中,并在您的站点中建立会话时检查 IP.
Loading these in a list or array in the header file is likely to get unwieldy after a while and possibly affect performance. You would be better off to store the ban list in a database and check IPs when establishing a session in your site.
然而,最重要的行动方案是始终确保您的 3rd 方软件包(如论坛、博客、维基等)与安全补丁保持同步.常见 Web 应用程序的漏洞利用众所周知且广为宣传,因此对它们进行修补至关重要.
However, the most important course of action is to always make sure that your 3rd party software packages like forums, blogs, wikis, etc, are kept up to date with security patches. The exploits for common web applications are very well known and widely publicized so it's crucial to keep them patched.
附录 养成阅读 http://www.exploit-db 的习惯.com/ 偶尔了解新的漏洞利用.
Addendum Make a habit of perusing http://www.exploit-db.com/ occasionally to keep abreast of new exploits.
这篇关于处理试图入侵网站的最佳方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
