Shulou(Shulou.com)06/02 Report--

This article mainly explains "how to deal with traffic hijacking by Web". Friends who are interested may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "Web how to deal with traffic hijacking"!

Restrict website permissions

Some websites are hijacked mainly because the illegal server obtains the read and write permissions of Web website files and folders. in view of this problem, we can make use of the security settings of the server to improve the security of the website program, so as to prevent Web hijacking.

Improve the anti-SQL injection function of the website

SQL injection makes use of the characteristics of SQL language to write content to the Web database and obtain permissions, so we need to establish a dedicated user who can only access the system database for the default user of sa with small permissions in the MS SQL Server database, and configure the minimum permissions for him.

Configure the Web site folder and its operation permissions

Configure permissions for Web site files and folders with Super Admin permissions on the Windows system. If the permissions of most people are configured as read-only permissions, it is difficult for hackers to implant Trojans without write permissions, thus reducing the possibility of domain name hijacking of websites.

Regularly clean up suspicious files in Web sites

No matter how the hacker obtains the permission, an exception will be displayed in the event manager. Through the analysis of the exception event and date, we can see if the executable code file has been injected or changed, and clean up the new executable code.

Use public 114DNS

Let users bypass the operator local DNS and use 114DNS (the largest neutral cache DNS in China), which is technically difficult and expensive. In the current situation, even if users use public DNS, it does not completely solve the problem. First of all, regardless of whether the public DNS is also hijacked or not, the most important thing is that the operator will specifically hijack the traffic to the public DNS. Operators will not relax their vigilance for the control of traffic entrances.

HttpDNS to prevent DNS hijacking

A domain name resolution module is added to the mobile client. The client requests IP from the traffic scheduling server of the website through HTTP. The traffic scheduling server will give the user an optimal IP according to the location of the user. After obtaining the IP, the client directly uses this IP to access the required site resources.

It is expensive for websites to use HttpDNS. We can choose domestic public cloud vendors, such as the HttpDNS scheduling feature of Tencent Cloud, to effectively prevent DNS hijacking.

△ HttpDNS access schematic

HTTPS anti-hijacking

Due to the high deployment cost of public DNS and HttpDNS, there are certain technical difficulties, and they will inevitably fail in the face of pervasive DNS hijacking. At this time, the website opens HTTPS as one of the means to prevent DNS hijacking can effectively solve these problems. At present, most websites have also enabled HTTPS to encrypt. HTTPS protocol is HTTP+SSL/TLS, which adds SSL/TLS layer on the basis of HTTP, and provides three functions: content encryption, identity authentication and data integrity. The ultimate goal is to encrypt data for secure data transmission.

△ HTTP request

△ HTTPS request

SSL protocol adds a handshake phase to the HTTP request and encrypts the plaintext HTTP request and reply. In the SSL handshake phase, the client browser will authenticate the server, confirm that the client certificate belongs to the target site and the certificate book is valid, and both sides of the communication will jointly use an encrypted and decrypted session key.

After the end of the SSL handshake phase, the server and the client encrypt / decrypt the interactive data through the session key, and the HTTP request and reply are encrypted before they are sent to the network.

Through the identity authentication of Web server through SSL protocol, the connection error server condition caused by DNS hijacking is found and terminated, which ensures that DNS hijacking can not be realized. At the same time, HTTPS encrypts the data in the data transmission to protect the data from being stolen and modified.

How to quickly enable HTTPS

In view of the fact that enabling HTTPS will lead to a lot of server resource consumption, the common choice of most companies is to directly use domestic CDN services, such as Zaipaiyun to provide one-stop HTTPS services, and the deployment of HTTPS can be completed in a few steps. These service providers generally provide free and a variety of paid SSL certificates for individuals and enterprises to choose from, such as Zaiyun, there are two free certificates alone, and the paid certificate can complete the purchase within 3-5 days.

On the other hand, we can deploy certificates and private keys directly on the Web server. There are tutorials available online, so I won't repeat them here. You can check the tutorials online.

Summary

In the face of Web traffic hijacking, first of all, we can restrict read and write permissions at the website level and restrict the writing of malicious code. Secondly, we can prevent malicious DNS hijacking through public DNS and HttpDNS. HTTPS is enabled in the whole station to encrypt data transmission, which can effectively prevent data leakage and solve the problem of DNS hijacking.

At this point, I believe you have a deeper understanding of "Web how to deal with traffic hijacking". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.