Joke Collection Website - Talk about mood - How to set up a Skynet firewall on the server to provide services?
How to set up a Skynet firewall on the server to provide services?
First, the firewall is just an auxiliary software, not intelligent. You can't tell whether it's a visitor or an attacker, so you can only refuse blindly. Unless some products can prevent DDOS attacks, it is not a good thing.
Second, there are two kinds of attacks. DDOS (Denial of Service Attack) is a script attack. If there is a loophole in the version of the website you installed, you can attack it from the script. Such as the most common SQL injection.
For example, the SQL statement for querying a database is as follows
" Select * From[User]Where[ID]= " & amp; Proof of identity
If the value of this ID variable is not processed and verified, and some illegal characters are filtered out, how can there be a so-called script attack?
Like abc.asp? ID=2
Let's switch to
abc.asp? ID=2 '
In this way, the ID becomes 2' and the' single quotation mark' in the SQL query is a string identifier. Now it is equal to 2 followed by a string, but it takes two single quotation marks to be a string. Now there is only one single quotation mark, so an unclosed single quotation mark error will be prompted.
Using it is.
abc.asp? ID = 2% 20 and% 201> =(Select % 20 top % 20 1 * % 20 from % 20 admin)
So the SQL statement becomes
Select * From [User] where [ID]=2 and1> =(Select Top 1 * From Admin)
In this way, the attacker can obtain the existence of the Admin table. If it exists, you can further guess the password.
Please search for detailed SQL injection yourself.
Upload vulnerability ~
Many uploading programs do not check the file name, and all types can be uploaded. The attacker uploaded an ASP Trojan to check the security of the server. If the security settings of the server are relatively simple, you can get the highest authority of the server, that is, the administrator authority.
Or some uploaded programs don't check the file name strictly, and it is equally dangerous to upload to ASP Trojan by cheating.
The solution is to add SQL anti-injection, and the uploaded file name should be strict, and it is not allowed to upload ASP, ASA, CER, CDX and other files. If the host supports ASP.NET, ASP.NET file names such as ASPX and ASAX should also be banned.
Add anti-DDOS firewall.
Set server security
Basically completed ~
- Related articles
- How do you say something to a classmate you haven’t seen for more than ten years?
- Did you stock diapers correctly?
- Which Hong Kong romance film is the best in your opinion? Why?
- What constellation is born on the third day of the fifth lunar month?
- What are the sentences describing graduation photo?
- How to eat pineapple is the best way to eat pineapple.
- See through the hypocritical sentences of relatives and the chilling sentences with weak affection (selected 42 sentences)
- Two tourism gains and feelings
- What are the life tips? Let me tell you something. Who can help me?
- What is the level of Yan Dahai's calligraphy?