Interpretation of common attacks on php
What is a CSRF attack
CSRF cross-site request forgery
A hacker set up a forged website or sends an email address with a normal URL link to allow normal users to access it, so that normal users can allow COOKIE permissions in their browser to perform some illegal requests, such as transfers, raising rights, etc.
The prevention methods include: verify the HTTP Referer field; add tokens to the request address and verify;
XSS Attack
The XSS code is mainly submitted and stored on the server side (database, memory, file system, etc.). The next time you request the target page, you don't have to submit the XSS code again. When the target user accesses the page to obtain data, the XSS code will be loaded from the server and then returned to the browser for normal HTML and JS parsing execution, and the XSS attack will occur.
Prevention method: filtering is aimed at illegal HTML code including single and double quotes, etc., and use the htmlspecialchars() function
Some common security vulnerabilities and defense methods on php websites
Common PHP website security vulnerabilities
For PHP vulnerabilities, there are currently five common vulnerabilities. These are Session file vulnerabilities, SQL injection vulnerabilities, script command execution vulnerabilities, global variable vulnerabilities and file vulnerabilities. Here are some brief introductions to these vulnerabilities.
1. Session file vulnerability
Session attacks are one of the most commonly used attack methods by hackers. When a user visits a certain website, in order to prevent the customer from entering the account and password for each page, PHP has set sessions and cookies to facilitate users' use and access.
2. SQL injection vulnerability
When developing the website, programmers lack comprehensive judgment on user input data or lack of strict filtering, resulting in the server performing some malicious information, such as user information query. Hackers can obtain corresponding information based on the results returned by malicious programs. This is called SQL injection vulnerability.
3. Script execution vulnerability
A common reason for script execution vulnerabilities is that programmers filter less URL parameters submitted by users when developing a website. The URLs submitted by users may contain malicious code to cause cross-site scripting attacks. Script execution vulnerabilities often existed in previous PHP websites, but with the upgrade of PHP versions, these problems have been reduced or no longer existed.
4. Global variable vulnerabilities
Variables in PHP do not need to be declared in advance like other development languages. Variables in PHP can be used directly without declaration. The system automatically creates them when used, and there is no need to explain the variable types. The system will automatically determine the variable types according to the context environment. This method can greatly reduce the probability of errors in programming and is very convenient to use.
5. File vulnerability
File vulnerabilities are usually caused by the lack of sufficient filtering of externally provided data by website developers when designing the website, which causes hackers to use the vulnerabilities to execute corresponding commands on the web process. If you include such a piece of code: include(, for hackers, remote attacks can be implemented through the variable b, which can be the hacker's own code to implement attacks on the website. You can submit include=http://lZ7.0.0. 1/ to the server and then execute instructions.
Prevention measures for common PHP vulnerabilities
1. Prevention of Session vulnerabilities
From the previous analysis, we can see that the most common session attack is session hijacking, which means that hackers obtain the user's Session ID through various attack methods, and then use the identity of the attacked user to log in to the corresponding website.
To do this, the following methods can be used to prevent it:
- It is to change the Session ID regularly. Replacing the Session ID can be achieved using PHP's own functions;
- It is to change the Session name. Usually, the default name of the Session is PHPSESSID. This variable is generally saved in the cookie. If its name is changed, it can block some hackers' attacks;
- It closes the transparent Session ID. The so-called transparent means that when the http request does not use cookies to formulate the Session ID, the Session ID is passed using a link. Close the transparent Session ID can be achieved by operating the file; fourth, pass hidden parameters through the URL, which ensures that even if the hacker obtains the session data, since the relevant parameters are hidden, it is difficult to obtain the Session ID variable value.
2. Prevention of SQL injection vulnerabilities
Hackers have many methods for SQL injection, and they are flexible and changeable, but the common point of SQL injection is to exploit input filtering vulnerabilities. Therefore, in order to fundamentally prevent SQL injection, the fundamental solution is to strengthen the filtering of request commands, especially query request commands.
Specifically, it includes the following points:
- It is to process filtering statements in parameterization, that is, to implement user information input through parameterized statements instead of directly embed user input into statements;
- It is to use as little interpretive programs as possible when developing a website. Hackers often use this method to execute illegal commands;
- It is to avoid bugs on the website as much as possible during website development, otherwise hackers may use this information to attack the website; it is not enough to just defend against SQL injection. In addition, professional vulnerability scanning tools must be used to scan the website frequently.
3. Prevent script execution vulnerabilities
Hackers have various means of attacking script execution vulnerabilities, and are flexible and changeable. In this regard, a variety of prevention methods must be used to effectively prevent hackers from attacking script execution vulnerabilities.
There are four common methods here:
- It is to preset the path of the executable file. It can be achieved through safe_moade_exec_dir;
- It is to process command parameters, generally implemented using escapeshellarg function;
- It uses the system's own function library to replace external commands;
- It is to minimize the use of external commands during operation.
4. Prevent global variable vulnerabilities
For the vulnerability of PHP global variables, the previous PHP version had such problems, but after the PHP version was upgraded to 5.5, it can be achieved through the correct settings and set ruquest_order to GPC. In addition, in the configuration file, you can set whether to add backslashes to overflow characters in externally attracted data by performing a boolean value on Magic_quotes_runtime. To ensure that the website program can run under any settings on the server. You can use get_magic_quotes_runtime to detect the setting status at the beginning of the entire program to decide whether to process manually, or use set_magic_quotes_runtime(0) to turn it off at the beginning (or when there is no need for automatic escape).
5. Prevent file vulnerabilities
For PHP file vulnerabilities, you can set and configure the server to prevent it.
The specific operations here are as follows:
- It is to turn off the error prompts in the PHP code, which can prevent hackers from obtaining database information and physical paths of web page files through error prompts;
- It is to set open_basedir with all your heart, that is, to prohibit file operations outside the directory; this can protect local or remote files and prevent them from being attacked. Here you should also pay attention to preventing attacks on Session files and upload files;
- It is to set safe-made to enable the standardization of the commands to be executed. By prohibiting file uploads, the security factor of the PHP website can be effectively improved.
The above is personal experience. I hope you can give you a reference and I hope you can support me more.