5

Preventing injection attacks and securing your website

 2 years ago
source link: https://markshust.com/2009/09/21/preventing-injection-attacks-and-securing-your-website/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Preventing injection attacks and securing your website

September 21, 2009   ·   2 min read  ·   Edit on GitHub

Injection attacks and vulnerabilities are extremely common, and can be prevented in just about any case with proper coding and setting permissions correctly. There are a vast array of cross-site scripting (XSS) attacks and worms out there (I’m sure you’ve stumbled on a site with the words ‘viagra’ or ‘xanax’ in the page, and it looks very out-of-place and not consistent with the site’s content). These are usually caused by bots searching the web for securities vulnerabilities.

It is important to put the proper XSS checks in place, and fixing your website permissions by executing the following commands in the root folder of your website:

find ./ -type d -exec chmod 755 {} \;
find ./ -type f -exec chmod 644 {} \;

This resets all folders and files to their default permission sets and will help prevent these attacks from happening in the future.

If you fear your website has been attacked, you can do a global search on all the files for a certain keyword (ex. viagra, xanax, etc.). This will provide the filename and text of the infected file so that you can cleanup the code.

find . -type f -name *.php | xargs grep xanax

Are you a Magento geek?

Signup for my newsletter and I'll let you know about Magento-related blogs, courses & more.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK