保护站点免受服务器/ cPanel渗透/注入
[英]Protect site from server / cPanel penetrations / injections
问题描述
A hacker penetrated my cPanel and modified files and code on my site. 
黑客入侵了我的cPanel并修改了我网站上的文件和代码。
I have a log report from hosting service provider. 我有来自托管服务提供商的日志报告。 It goes like this: 它是这样的:
.....frontend/paper_lantern/filemanager/upload-ajax.html?file=megla.txt&fileop=&dir=%2Fhome%2Fmyaccount%2Fmydomain.com&dirop=&charset=&file_charset=&baseurl=&basedir=" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.59 Safari/537.36" "s" "-" 2083
(I replaced only the account name and site name with generic ones) (我只用通用名称替换了帐户名称和站点名称)
My cPanel password is very strong (100%), it's long and beside letters and numbers it contains special many characters; 我的cPanel密码非常安全(100%),很长,而且在字母和数字旁边还包含很多特殊字符; I've changed it a few times. 我已经更改了几次。 It is not possible that one can hack it easily. 人们不可能轻易地对其进行破解。
It already happened 3 times and each time the system suspends my account automatically for a number of hours, before it's restored by the support staff. 它已经发生了3次,并且每次系统自动暂停我的帐户几个小时,然后由支持人员将其恢复。
I suspect that the attack is done by a former developer who I know was a hacker and we didn't part on exactly friendly terms. 我怀疑攻击是由一名前开发人员完成的,我知道他是一名黑客,并且我们并未完全友好地分手。 He knows the structure of my site and I have a static IP which he also knows. 他知道我网站的结构,而我也知道一个静态IP。
If possible, I would like to know some details about how to protect my site from further similar hacking, penetrations, injections, etc. 如果可能的话,我想知道一些有关如何保护我的网站免遭进一步的类似黑客攻击,渗透,注入等的详细信息。
Thanks. 谢谢。
1 个解决方案
解决方案1
2 2018-07-27 14:17:08
First of all, if your site is being hacked repeatedly and you don't know exactly how, you have a responsibility to shut down all access immediately, until you can figure out how the attack is being made. 首先,如果您的站点反复遭到黑客入侵,并且您不知道确切的方式,则您有责任立即关闭所有访问权限,直到您弄清楚如何进行攻击为止。 Especially if your site holds any sensitive data like personal data about your users, or credit card numbers. 尤其是在您的网站上保存了任何敏感数据(例如有关用户的个人数据或信用卡号)时。 Get help from your hosting company for this. 从您的托管公司那里获得帮助。
People on StackOverflow naturally don't know your site or your code, so I'm not sure how we can deduce from that sample log report how the hacker penetrated your site. StackOverflow上的人员自然不知道您的网站或您的代码,因此我不确定我们如何从该示例日志报告中推断出黑客如何渗透您的网站。 There's no reason to think they even penetrated using a web request. 没有理由认为他们甚至使用Web请求进行了渗透。 The log you show doesn't appear to contain any suspicious values that could affect an SQL query, so I doubt this is an example of SQL injection. 您显示的日志似乎没有包含任何可能影响SQL查询的可疑值,因此我怀疑这是SQL注入的示例。
For example, if your server has a static IP address, and the attacker previously had access, they could have left an ssh key on the server, giving them easy access. 例如,如果您的服务器具有静态IP地址,并且攻击者以前可以访问,则他们可能在服务器上留下了ssh密钥,从而使他们易于访问。 Or they could have access via FTP, so they can upload code to run on your host. 或者他们可以通过FTP进行访问,因此他们可以上传代码以在您的主机上运行。
There are too many potential ways an attacker can gain access to answer here on StackOverflow. 攻击者有太多潜在的方式可以访问StackOverflow上的答案。 It's all guesswork anyway. 无论如何,这都是猜测。 I recommend that you hire a reputable security expert to audit your site thoroughly. 我建议您聘请信誉良好的安全专家来彻底审核您的站点。
And it should go without saying that it's a bad idea to hire untrustworthy hackers to work on your site! 不用说,雇用不值得信任的黑客在您的网站上工作是一个坏主意! Ask for references when you hire the next one. 雇用下一个时,请提供参考。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.