Shulou(Shulou.com)06/01 Report--

Many companies' websites are attacked, causing websites to open and jump to other websites, website snapshots are also tampered with, including some illegal content snapshots, some website databases are tampered with, membership information is modified, databases are deleted, and other attack symptoms. Our SINE security is solving the problem of customer websites being attacked, which is found to be caused by vulnerabilities in the website. Attackers take advantage of the vulnerabilities of the website to attack the website, upload webshell files, and then tamper with the website.

So how to find the current loopholes in the site? And fix it to prevent the website from being attacked? Our SINE Security summarizes the following common website vulnerabilities when attacking other customer websites:

First of all, most websites use open source systems, such as Weaving Dream, discuz,wordpress systems are relatively common, some company websites use separate servers, such as linux centos systems, are currently used a lot, and use the pagoda panel to install the environment and database of the site. By default, some software has vulnerabilities. We summarize the ways to find and fix unauthorized remote access vulnerabilities caused by Redis and Memcached environments.

Redis is a widely used database at present, and it is also a kind of relational database. When installed by default, the port will be set to port 6379, and the public network access will be opened. As a result, the service port of the database will be exposed, and the default configuration file will not open security restrictions. As a result, any user can access the service port of redis and read the configuration data of redis. Attackers can use this vulnerability to write files to the system directory of the server, gain system permissions of the server directly, and log in through the private key of the SSH port. The security risk is extremely high, which can cause the website to be attacked and invaded.

Redis unauthorized access vulnerability repair method, modify the redis configuration file redis.conf, find the password value in the file code, the default is empty password, add a password, write a combination of letters and numbers plus lowercase, so that the redis remote connection needs password verification to access. You can also impose port security restrictions on the default port 6379, restrict IP remote connections, and only allow intranet connections, which largely prevent websites from being attacked.

There is also a search for Memcached vulnerabilities, which is also installed in the server by default. Memcached is a cached system that can write cached data to the server memory. Some frequently used data, such as querying and writing to the database, can be cached into memory using this cache system to speed up data reading and query. The search for vulnerabilities in the website is also in the form of a port. Port 11211 is installed by default. Scan the port of the website with nmap to see if port 11211 is open and connect to this port, which means that the loophole exists. You can use any account to access Memcached without a password, and directly write webshell to the root directory of the website to attack the website.

The Memcached vulnerability fix solution is to use Aliyun's port security group to intercept port 11211, prevent public network IP from accessing it, modify Memcached configuration files, and add password authentication access.

Most of the attacks on websites are caused by vulnerabilities. The above two vulnerabilities are found by our SINE security when dealing with attacks on customers' websites, and there are also some loopholes in website code, such as dedecms,phpcms, site Star and so on. We will continue to share with you in the next article. Only when the website is secure can we bring long-term and stable benefits to the website. It is also hoped that more website operators will pay attention to website security maintenance and protection.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.