Magento安全问题
[英]Magento security issue
问题描述
I am using a magento for my site. 
我在网站上使用了magento。 I am facing the some problem with it. 我正面临一些问题。 After some time a code gets added in the header of the index files. 一段时间后,将代码添加到索引文件的标题中。 and my site stops working. 并且我的网站停止工作。 When I remove that error like (encrypted) code again site works well. 当我再次删除该错误(如加密的代码)时,站点运行良好。
Is there any way to avoid such code injections? 有什么办法可以避免这种代码注入? I searched on the net but have not got the proper solution. 我在网上搜索,但没有找到合适的解决方案。
1 个解决方案
解决方案1
0 已采纳 2012-10-02 09:47:32
Only the /var and /media directories need to be writeable during normal operation, remove write privileges for the PHP user for all other dirs and files. 在正常操作期间,只有/var和/media目录需要是可写的,请为所有其他目录和文件的PHP用户删除写特权。 This makes injection attacks much harder. 这使得注入攻击更加困难。
This will interfere with updates applied via the Connect Manager, but I don't like to use that on live sites anyway. 这将干扰通过Connect Manager应用的更新,但是我还是不喜欢在实时站点上使用该更新。 I prefer to apply updates on a local or staging copy, test, then upload via FTP or version control which does have write privileges. 我更喜欢在本地或暂存副本上应用更新,进行测试,然后通过具有写权限的FTP或版本控制上载。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.