PHP网站上的重定向问题
[英]Redirect problems on PHP Web site
问题描述
I created a simple PHP site for a friend last year. 
去年,我为一个朋友创建了一个简单的PHP网站。 I went to check out the site yesterday and when the main page loads up, my AV software (Avira Antivir) raises an alarm about a JS/Redirector.A malware infection. 我昨天去了该网站,当主页加载完毕时,我的AV软件(Avira Antivir)发出了有关JS /重定向器的警报。 The message seems to indicate that one of the CSS files is infected. 该消息似乎表明其中一个CSS文件已被感染。
I'm obviously going to go through all the code on the site--that CSS file in particular--to figure out what's going on. 显然,我将遍历网站上的所有代码(尤其是CSS文件),以了解发生了什么。 But I'm wondering if there is some obvious thing I should be doing to prevent these kinds of attacks. 但是我想知道是否应该做一些明显的事情来防止这类攻击。 I ask because we had a form injection attack on the same site last year (apparently, I don't know enough about PHP security), which I thought I fixed. 我问是因为去年我们在同一站点上进行了表单注入攻击(显然,我对PHP安全性了解不足),我认为自己已解决。
In addition to the main things I should check/fix, if there are any recommendations for software (ideally free or affordable) that will scan a site for these types of attacks and recommend fixes, I'd appreciate hearing your thoughts. 除了应该检查/修复的主要内容之外,如果还有针对软件的建议(最好是免费的或负担得起的),这些软件会扫描网站上的这些类型的攻击并提出建议的解决方法,我很高兴听到您的想法。 I've seen several products out there (parosproxy is one), but don't know which ones are better than others. 我已经看到了几种产品(parosproxy是其中一种),但不知道哪种产品比其他产品更好。 Thanks... 谢谢...
1 个解决方案
解决方案1
2 已采纳 2009-06-25 14:13:19
For a starter check these two pages 首先,请检查这两页
PHP and the OWASP Top Ten Security Vulnerabilities PHP和OWASP十大安全漏洞
PHP Top 5 Security Flaws PHP前5个安全缺陷
Check for every unsafe use of $_POST , $_GET , $_REQUEST variables. 检查$_POST , $_GET , $_REQUEST变量的每一次不安全使用。
Check if the eg FTP- or "management console" passwords for the site weren't compromised (try changing them to something safe/difficult) 检查网站的FTP或“管理控制台”密码是否未受到破坏(尝试将其更改为安全/困难的密码)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.