如何保护我的PHP网站免受.htaccess URL重定向恶意软件脚本攻击?
[英]How to protect my PHP website from the .htaccess URL redirect malware script attack?
问题描述
How this .htaccess file was injected into the website with malware code? 
该.htaccess文件如何与恶意软件代码一起注入网站?
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} .*(msn|search|live|altavista|excite|ask|aol|google|mail|bing|yahoo).*$ [NC]
</IfModule>
How can I prevent my website from same attack? 如何防止我的网站受到同样的攻击?
This link was useful till some extent https://security.stackexchange.com/questions/16361/how-to-prevent-my-website-from-getting-malware-injection-attacks 该链接在一定程度上是有用的https://security.stackexchange.com/questions/16361/how-to-prevent-my-website-from-getting-malware-injection-attacks
but my team expects me to protect the website using coding. 但是我的团队希望我使用编码来保护网站。 Is this is possible? 这可能吗?
I also found that few other websites had a similar attack but they use a specific kind of code to prevent their website. 我还发现,很少有其他网站遭受类似的攻击,但是他们使用特定类型的代码来阻止其网站。 I cannot use those script because that's not suitable for me exactly. 我不能使用那些脚本,因为那完全不适合我。
The website is a core php website. 该网站是一个核心的php网站。 If moderators found this question to be a not real question or an exact duplicate then before closing or hitting minus, please provide help with a link. 如果主持人发现此问题不是真实问题或完全重复,请在关闭或减去负值之前提供帮助,并提供链接。 I trust this website. 我相信这个网站。
2 个解决方案
解决方案1
0 2012-11-05 13:04:09
How this .htaccess code was injected into the .htaccess file?
If it has been injected then either someone has got root on your machine (not going to conjecture why/how) or your permissions model is wrong. 如果已将其注入,则说明有人已经在您的计算机上扎根(不会猜测原因/方式)或您的权限模型错误。
If someone has root, then you are totally PWNed - brush up your CV and go looking for another job - you don't need to bother reading the rest of this post. 如果某人有根,那么您完全是PWNed了-刷简历并去寻找另一份工作-您无需费心阅读这篇文章的其余部分。
But it's much more likely that the permissions are wrong (but even this, on its own is not sufficient for the files to be modified - you have a vulnerability elsewhere). 但是更有可能是权限错误(但仅此而已,不足以修改文件-您在其他地方有漏洞)。
You should be able to identify the primary vulnerability. 您应该能够识别主要漏洞。 If you don't know how to do this then get some help. 如果您不知道该怎么做,请寻求帮助。 In addition to fixing this, you need to fix the permissions on your site. 除了解决此问题外,您还需要修复网站上的权限。 Only specifically designated locations should be writeable by the webserver uid - and if these are inside the document root then you should take appropriate measures to protect your system from code injection (disable PHP access, preferably all webserver access, although this is still a lot less secure than keeping it outside the document root altogether). 网络服务器uid应该只能写入专门指定的位置-如果这些位置在文档根目录中,则应该采取适当的措施来保护系统免受代码注入的影响(禁用PHP访问,最好是所有Web服务器访问,尽管这要少得多)安全性,而不是将其完全保留在文档根目录之外)。
解决方案2
0 已采纳 2012-11-05 13:29:48
Are you using timthumb.php or a similar upload / linking script? 您是否正在使用timthumb.php或类似的上载/链接脚本? Older versions are frought with XSS vulnerabilities. 较旧的版本带有XSS漏洞。 It's a very common vulnerability on Wordpress installations, especially those which use themes that come bundled with their own timthumb.php / thumb.php. 这是Wordpress安装上的一个非常常见的漏洞,尤其是那些使用与自己的timthumb.php / thumb.php捆绑在一起的主题的安装。
If that's the issue, lock that script down! 如果这是问题,请锁定该脚本! If it's a custom script, take a look at the latest timthumb.php source code & try to use some of their techniques. 如果是自定义脚本,请查看最新的timthumb.php源代码并尝试使用其中的一些技巧。
Also, make sure your file permissions are locked down for the apache / web users & groups. 另外,请确保针对Apache / Web用户和网上论坛的文件权限已被锁定。 EG, do NOT allow .htaccess to be writable by apache user/group! EG,不允许.htaccess由apache用户/组写!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.