Back to Question Center
0

Isazi Semalt: Surefire Izindlela Ukuvikela A Site From Hackers

1 answers:

Iningi labantu bacabanga ukuthi i-website yabo ayikho into ebalulekile yokugonywa. Iwebhusayithi ingase ibekunqatshelwe yi-hacker ukusebenzisa iseva ukudlulisa ugaxekile noma ukuyisebenzisa njenge-server yesikhashana ukuze ubambe amafayela angemthetho. AbaHackers Hack bahlose iwebhusayithiamaseva emayini ama-bitcoins, enza njengama-botnets noma ukufunwa kwe-ransomware. Abaqaphi bangasebenzisa izikripthi ezenzakalelayo zokuphula i-intanethi ngomzamo wokuukuxhaphaza ubunzima besofthiwe.

Ngezansi kukhona amanye amathiphu alungiselelwe ngu-Igor Gamanenko, the i-Semalt Umphathi Wempumelelo Yekhasimende, ukukuvikela kanye newebhusayithi yakho.

Isofthiwe esesikhathini samanje

Isofthiwe yokusebenza yesiphakeli nanoma iyiphi isofthiwe yokusekela kufanele ivuselelwe njalo.Noma yikuphi ukuhlukunyezwa kwisofthiwe kunika abaduni kuba yinto elula yokusebenzisa futhi babonise izisusa zabo ezimbi. Uma inkampani yokusingatha ilawulaiwebhusayithi yakho, ngakho-ke awunakho ukukhathazeka njengoba i-firm host kufanele inakekele ukuphepha kwewebhu. Zonke izinhlelo zokusebenza zangaphandle kufanele zibeivuselelwe njalo ukusebenzisa izimpawu ezintsha zokuphepha.

umjovo we-SQL

Abahlaseli basebenzisa ama-injection ukuhlaselwa ukuze basebenzise imininingwane ye-website. Ukusebenzisa okujwayelekileI-Transact SQL yenza kube lula ngokungazi ukuthi ufake amakhodi angalungile kumbuzo ongasetshenziselwa ukuphatha amatafula noma ukususa idatha. Kuyagwema lokhu, sebenzisa njalo imibuzo ephakanyisiwe njengalezo ezitholakala ngezansi:

$ stmt = $ pdo-> lungisa ('Khetha * ITHEPHA elisuka KUYAphi ikholomu =: value');

$ stmt-> yenza (i-array ('value' => $ ipharamitha));

Isikripthi sendawo yesiphambano

Lezi zindlela zokuhlaselwa zijobezela amakhodi ama-JavaScript ahlukumezayo ekhasini lewebhu, okuyintoigijima kuziphequluli ze-intanethi ngokungaziwa, futhi ingashintsha okuqukethwe kwewebhu, noma yeba ulwazi olubucayi lokuthumela emuva ku-hacker..Iwebhusayithiumlawuli kufanele aqinisekise ukuthi abasebenzisi abakwazi ukufaka ngokuphumelelayo okuqukethwe kweJavaScript ekhasini lakho. Ukusebenzisa amathuluzi afana nokuqukethwe kokuqukethweInqubomgomo iqondisa isiphequluli sewebhu ukukhawulela ukuthi nokuthi i-JavaScript isebenza kanjani ekhasini.

Imilayezo yephutha

Umqondisi wewebhu kufanele aqaphele ulwazi oluboniswe kuweimilayezo yephutha. Vele unikeze amaphutha okulinganiselwe kubasebenzisi bakho, ukuqinisekisa ukuthi abanikeli idatha yokufihla kumaseva wakho njengaweamaphasiwedi noma okhiye be-API.

Amaphasiwedi

Kubaluleke kakhulu ukusebenzisa amaphasiwedi anzima ukuze ufinyelele amaseva wakho nomaamawebhusayithi wesigaba sokuphatha. Abasebenzisi kumele bakhuthazwe ukusebenzisa amaphasiwedi aqinile ukuze bavikele ama-akhawunti abo. Inhlanganisela ye-oppercase,ukwehlisa phansi, izinombolo kanye nezinhlamvu ezikhethekile zihlanganisa iphasiwedi ephephile. Amaphasiwedi kufanele agcinwe esebenzisa i-algorithm ye-hashing. Iwebhusayithiukuphepha kungathuthukiswa ngokusebenzisa usawoti omusha noyingqayizivele ngephasiwedi ngayinye.

Ukulayishwa kwamafayela

Ukuvimbela umzamo wokukhwabanisa, kunconywa ukugwema ukufinyelela okuqondile kokulayishwaamafayela. Noma yiliphi ifayela elilayishwe kuwebhusayithi yakho kufanele ligcinwe kufolda ehlukile ngaphandle kweWebroot. Isikripthi esihlukile kufanele sibeidalwe ukulanda amafayela kusuka kufolda eyimfihlo futhi ibasize kusiphequluli.

i-HTTPS

Yinkambiso, ehlinzeka ngokuphepha kuwebhu. Iqinisekisa abasebenzisi ukuthibafinyelela iseva abayilindele nokuthi akukho hacker ongayinqamula okuqukethwe abahambayo. Iwebhusayithi exhasa ukukhipha imaliamakhadi noma amanye amafomu okukhokha kufanele asebenzise amakhukhi angempela athunyelwe nganoma yisiphi isicelo somsebenzisi. Lokhu kusiza ukuqinisekisa izicelo ngaleyo ndlela uvaleukuhlaselwa kude.

Sebenzisa amathuluzi okuphepha webhusayithi

Uma usuwenzile zonke izinyathelo ezingenhla, ukuhlola ukuphepha kwewebhu kuwekubalulekile. Kungcono kakhulu kwenziwe ngokusebenzisa amathuluzi wokuhlola ukungena, afaka iNetsparker, OpenVAS, Security Headers.io ne-Xenotix XSSUhlaka lokuxhaphaza. Imiphumela yokusebenzisa amathuluzi iveza ububanzi obuningi bokukhathazeka kanye nezixazululo eziphambili.

November 28, 2017
Isazi Semalt: Surefire Izindlela Ukuvikela A Site From Hackers
Reply