At present, website development based on PHP has become the mainstream of current website development. The author of this article The focus is on PHP website attacks and security prevention, aiming to reduce website vulnerabilities. I hope it will be helpful to everyone!
1. Common PHP website security vulnerabilities
Regarding PHP vulnerabilities, there are currently five common vulnerabilities. They are Session file vulnerabilities, SQL injection vulnerabilities, script command execution vulnerabilities, global variable vulnerabilities and file vulnerabilities. Here is a brief introduction to each of these vulnerabilities.
1. Session file vulnerability
Session attack is one of the most commonly used attack methods by hackers. When a user visits a website, in order to prevent the customer from entering their account number and password every time they enter a page, PHP sets Session and Cookie to facilitate the user's use and access.
2. SQL injection vulnerability
When developing websites, programmers lack comprehensive judgment on user input data or do not filter it strictly, causing the server to execute some malicious information, such as user information queries. Hackers can obtain corresponding information based on the results returned by malicious programs. This is a SQL injection vulnerability.
3. Script execution vulnerability
A common cause of script execution vulnerabilities is that programmers do not filter the URL parameters submitted by users when developing websites. The URLs submitted by users may contain malicious code, leading to cross-site scripting attacks. Script execution vulnerabilities often existed in previous PHP websites, but with the upgrade of PHP versions, these problems have been reduced or no longer exist.
4. Global variable vulnerability
Variables in PHP do not need to be declared in advance like other development languages. Variables in PHP can be used directly without declaration. The system automatically creates them when used, and there is no need to specify the variable type. Description, the system will automatically determine the variable type based on the context. This method can greatly reduce the probability of programmers making errors in programming and is very convenient to use.
5. File vulnerability
File vulnerabilities are usually caused by website developers' lack of adequate filtering of externally provided data when designing websites, which allows hackers to exploit the vulnerabilities to execute corresponding commands on the web process. If lsm.php contains such a piece of code: include($b."/aaa.php".), for hackers, remote attacks can be achieved through the variable $b, which can be the hacker's own code. Implement attacks on websites. You can submit a.php include=http://lZ7.0.0. 1/b.php to the server, and then execute the instructions of b.php.
2. Preventive measures for common PHP vulnerabilities
1. Prevention of Session Vulnerabilities
From the previous analysis, we can know that the most common type of Session attack is session hijacking, that is, hackers obtain the user's Session ID through various attack methods, and then use the identity of the attacked user to log in to the corresponding website.
For this reason, you can use the following methods to prevent it:
First, change the Session ID regularly. Changing the Session ID can be achieved using PHP’s own functions;
The second is to change the Session name. Usually the default name of the Session is PHPSESSID. This variable is usually saved in a cookie. If you change its name, you can block some attacks by hackers;
The third is to turn off the transparent Session ID. The so-called transparency means that when the HTTP request does not use cookies to formulate the Session ID, the Session ID is passed through the link. Turning off the transparent Session ID can be done through Operate the PHP.ini file to achieve this; the fourth is to pass hidden parameters through the URL, which ensures that even if the hacker obtains the session data, since the relevant parameters are hidden, it is difficult for it to obtain the Session ID variable value.
2. Prevention of SQL injection vulnerabilities
There are many ways for hackers to perform SQL injection, and they are flexible and changeable. However, what SQL injection has in common is the use of input filtering vulnerabilities. Therefore, in order to fundamentally prevent SQL injection, the fundamental solution is to strengthen the filtering of request commands, especially query request commands.
Specifically, it includes the following points:
The first is to parameterize filtering statements, that is, to input user information through parameterized statements instead of directly embedding user input into statements;
The second is to use as few interpretive programs as possible when developing the website. Hackers often use this method to execute illegal commands;
The third is to avoid bugs on the website as much as possible during website development, otherwise hackers may use this information to attack the website; simply defending against SQL injection is not enough. In addition, professional vulnerability scanning tools must be frequently used to scan the website. Perform a vulnerability scan.
3. Prevention of script execution vulnerabilities
The means by which hackers use script execution vulnerabilities to attack are diverse and flexible. In this regard, a combination of prevention methods must be used to effectively prevent hackers from exploiting script execution vulnerabilities. to attack.
There are four commonly used methods here:
The first is to pre-set the path of the executable file. can be achieved through safe_moade_exec_dir;
The second is to process the command parameters, which is generally implemented using the escapeshellarg function;
The third is to use the system’s own function library to replace external commands;
Fourth, it is possible to reduce the use of external commands during operation.
4. Prevent global variable vulnerabilities
Regarding the vulnerability of PHP global variables, the previous PHP version had such a problem, but after the PHP version is upgraded to 5.5, it can be realized by setting php.ini and setting ruquest_order to GPC.
In addition, in the php.ini configuration file, you can set whether to add backslashes to overflow characters in external quoted data by setting a Boolean value to magic_quotes_runtime.
To ensure that the website program can run in any setting of the server. You can use get_magic_quotes_runtime to detect the setting status at the beginning of the entire program to decide whether to handle it manually, or use set_magic_quotes_runtime(0) to turn it off at the beginning (or when automatic escaping is not needed).
5. Prevention of file vulnerabilities
For PHP file leakage, you can prevent it by setting and configuring the server.
The specific operations here are as follows:
First, turn off the error prompts in the PHP code, so as to prevent hackers from obtaining database information and web page file physical paths through error prompts;
The second is to set open_basedir carefully, that is, to prohibit file operations outside the directory; This can protect local files or remote files and prevent them from being attacked, here Also pay attention to preventing attacks on Session files and uploaded files;
The third is to set safe-made to on to standardize the commands to be executed. By prohibiting file uploads, the security factor of the PHP website can be effectively improved.