Home >Backend Development >PHP Tutorial >A brief discussion on the vulnerabilities and countermeasures of PHPWEB finished website_PHP Tutorial

A brief discussion on the vulnerabilities and countermeasures of PHPWEB finished website_PHP Tutorial

WBOY
WBOYOriginal
2016-07-13 10:31:571059browse

Aluminum cutting machine I made a finished PHP website some time ago. The source code is the kind of source code that cost 10 yuan to package and buy hundreds of sets. However, not long after, my website was hacked by others, and I just added a lot of black links, which made Baidu classify my website as a risky website. Later, I checked the loopholes of this website everywhere, and found out that this website has two major loopholes:
The first point: that is, after the website is uploaded, There is install, which is the database setting backend www.xxxx.com/base/install. If you do not delete the files in the root directory of the install file in time after uploading, hackers can start from this place to hack your website;
Second point: That is the problem of website backend permissions. This is the most common problem of this finished website. That is, the backend login address is www.xxxx.com/admin. Although you have set the login name and password, you only need to set the login name and password. Enter both username and password: admin 'or '1'='1. 80% of this website can be entered. If you don't believe it, you can try it. Then after others enter, they can change everything to their own. I suffered a loss in this regard, and the countermeasure (I am a novice) is to change the backend login address to be more complicated, so that others cannot guess what backend address you set.
Aluminum cutting machine

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/760152.htmlTechArticleAluminum cutting machine I made a PHP finished website some time ago. The source code was packaged and bought for 10 yuan. There are hundreds of source codes, but not long after, my website was hacked by others, and I added...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn