Preventing injection attacks and securing your website
source link: https://markshust.com/2009/09/21/preventing-injection-attacks-and-securing-your-website/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Preventing injection attacks and securing your website
September 21, 2009 · 2 min read · Edit on GitHub
Injection attacks and vulnerabilities are extremely common, and can be prevented in just about any case with proper coding and setting permissions correctly. There are a vast array of cross-site scripting (XSS) attacks and worms out there (I’m sure you’ve stumbled on a site with the words ‘viagra’ or ‘xanax’ in the page, and it looks very out-of-place and not consistent with the site’s content). These are usually caused by bots searching the web for securities vulnerabilities.
It is important to put the proper XSS checks in place, and fixing your website permissions by executing the following commands in the root folder of your website:
find ./ -type d -exec chmod 755 {} \;
find ./ -type f -exec chmod 644 {} \;
This resets all folders and files to their default permission sets and will help prevent these attacks from happening in the future.
If you fear your website has been attacked, you can do a global search on all the files for a certain keyword (ex. viagra, xanax, etc.). This will provide the filename and text of the infected file so that you can cleanup the code.
find . -type f -name *.php | xargs grep xanax
Are you a Magento geek?
Signup for my newsletter and I'll let you know about Magento-related blogs, courses & more.
Recommend
-
6
The database is an essential part of a web application. It’s where you receive and store users’ data, which you can then use to provide personalized services. As such, database security is an important part of every web application to ensure...
-
5
Preventing malicious packages and supply chain attacks with Snyk Daniel Ber...
-
9
Preventing Timing Attacks on String Comparison with a Double HMAC Strategy November 7, 2015 5:49 pm by...
-
10
JavaScript January 10...
-
4
Unexplored Territory #009: Preventing Ransomware attacks with Kendra Kendall Duncan Epping · Feb 7, 2022 ·
-
7
yayabobi Posted on Feb 15...
-
3
Not FoundYou just hit a route that doesn't exist... the sadness.LoginRadius empowers businesses to deliver a delightful customer experience and win customer trust. Using the LoginRadius Identity...
-
4
October 21, 2022 • 4 min read Securing IoT devices against attacks that target critical infrastructure South Staffordshire PLC...
-
4
NPM security: preventing supply chain attacksLiran TalNovember 7, 2022NPM security has been a trending topic in the media in recent years, mostly in reference to npm packages available on the ecosystem rather than th...
-
2
...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK