***Several common*** methods used

SQL injection

• SQL injection is to insert SQL commands into the web form submission or enter the query string of the domain name or page request to finally deceive the server to execute malicious SQL commands.

• The SQL *** is when the user input data characteristics, inject some special instructions to destroy the original SQL queries functions, enabling some functions fail or are unable to locate the original query to heavy
  to data.

Cross-site scripting*** (XSS)

• Cross-site scripting*** (XSS, Cross-site scripting) is the most common and basic method of ***WEB website. The *** person publishes the data containing the *** code on the web page. When the viewer sees this webpage, the specific script will be executed with the identity and authority of the viewer user. Through XSS, you can easily modify user data, steal user information, and cause other types of *** such as CSRF***.
  Common solution: ensure that the data output to the HTML page is escaped in HTML

The vulnerabilities of the wrong page may also cause XSS***. For example, the page /gift/giftList.htm?page=2 cannot be found, and the wrong page directly outputs the url as it is. If the *** person adds ** after the url *If the code is sent to the victim, there may be XSS***

Cross-site request forgery*** (CSRF)

Cross-site request forgery (CSRF, Cross-site request forgery) is another common VPN. The *** person forges a request through various methods, imitating the behavior of the user submitting the form, thereby achieving the purpose of modifying the user's data or performing a specific task. In order to impersonate the user’s identity, CSRF*** often cooperates with XSS***, but it can also be done by other means, such as enticing users to click on a link containing ***

The solutions are:

POST request is used to increase the difficulty of ***. The user can initiate a GET type request by clicking a link. The POST request is relatively difficult. ***People often need to use JavaScript to
authenticate the request to ensure that the request is indeed filled out and submitted by the user, not a third party forged. Specifically, you can add a token to the session. , Make sure that the person who sees the information and submits the information is the same person.
Compared with XSS***, CSRF*** is often not pandemic (so the resources to prevent it are also quite scarce) and difficult to prevent, so it is considered more than XSS It is dangerous.

Web page***

Protection of web pages***

• Anti-virus software and firewalls for web pages are far from enough, because once the *** uses the personal version of the rebound port*** (some anti-virus software disassembled by the personal disassembly cannot be recognized***), then Anti-virus software and firewalls are helpless. Therefore, the prevention of web security must start from its principles and prevent it from the root.

• Install the patch, rename or uninstall (de-register) the most insecure ActiveXObject (IE plug-in)

• Some ActiveXObjects in the system will run EXE programs, such as the Shell.application control in the "automatically run program" code in this article. Once these controls have the execution permission on the web page, they will become a hotbed for *** operation. ", so renaming or uninstalling these controls can completely prevent web pages using these controls***. But ActiveXObject is for applications, not for ***. All controls have their uses, so before renaming or uninstalling a control, you must confirm that the control is not needed, or even if It doesn't matter if you uninstall it.
  Redirect***

• A commonly used method of pornography is "fishing." Phishers usually send a legitimate link to the victim. When the link is clicked, the user is directed to a plausible illegal website, thereby achieving the purpose of defrauding the user's trust and stealing user information. To prevent this behavior, we must review all redirect operations to avoid redirecting to a dangerous place. The common solution is to whitelist, add the legal URL to be redirected to the whitelist, not white The domain names on the list are rejected when redirecting. The second solution is to redirect the token, add the token to the legal URL, and verify when redirecting. The
  uninstallation (de-registration) ActiveXObject process is as follows:

• The first step: On the "Start" menu, click "Run", enter the "CMD" command to open the command prompt window.
• Step 2: Enter "regsvr32.exe shell32.dll at the command prompt
• /u/s" and press Enter to uninstall the Shell.application control. If we want to continue to use this control in the future, we can enter the "regsvr32.exe shell32.dll/i/s" command in the command prompt window. They are reinstalled (registered). In the above command: "regsvr32.exe" is the command to register or unregister OLE objects or controls, [/u] is the anti-registration parameter, [/s] is the silent mode parameter, [/I ] Is the installation parameter.
  Rename

It should be noted that when changing the name of a control, the name of the control and the CLSID (Class
ID) must be changed, and the change must be thorough. The following still takes Shell.application as an example to introduce the method.

• Step 1: Open the registry editor and search for "Shell.application". Two registry keys can be found in this way: "{13709620-C279-11CE-A49E-444553540000}" and "Shell.application".
• Step 2: Change {13709620-C279-11CE-A49E-444553540000} to {13709620-C279-11CE-A49E-444553540001}. Be careful not to duplicate other CLSIDs in the system.
• Step 3: Rename "Shell.application" to "Shell.application_xxx". You can use this name to call this control normally when you use this control in the future.
  Security Level

Some net horses only need to increase the security level of IE or disable scripts, and the webpage*** will not work. From the principle of ***, we can see that web pages *** are downloaded and run *** using some vulnerabilities in IE scripts and ActiveX controls. As long as we disable scripts and ActiveX controls, it can be prevented. **Download and run.

Tips: Disabling scripts and ActiveX controls will cause some webpage functions and effects to be ineffective, so whether to disable it, you have to decide according to your security needs.

• Step 1: Select "Tools→Internet Options" on the menu bar of the IE browser to open the "Internet Options" dialog box.

• Step 2: On the "Security" tab, in the Internet and local Internet zones, move the slider to the highest level, or click "Custom Level" to disable scripting and disable ActiveX controls on the opened dialog box.
  The difference between DOS*** and CC***

• Many friends know the barrel theory. The maximum capacity of a bucket of water is not determined by its highest place, but by its lowest place. The same is true for the server. The security of the server is also determined by its most vulnerable place. The most vulnerable places are as dangerous as the servers are. The same is true for DDOS. As long as your server has a resource-intensive place and the restrictions are not enough, it will immediately become the target of others' DDOS. For example, SYN-FLOOD, which uses the semi-connected state of the server to consume more resources than the fully-connected state, and the SYN initiator only needs to continuously send packets, and does not require much resources at all.

• A good DDOS*** must bring the other party's large resource consumption through its own minimal resource consumption, otherwise, for example, ICMP-FLOOD and UDP-FLOOD must have the same bandwidth as others, and the other party's server consumes much resources. How much resources have to be compensated, the efficiency is extremely low, and it is easy to be discovered, and now basically no one uses it.
  ***principle

• CC is mainly used to *** the page. Everyone has this experience. When visiting a forum, if the forum is relatively large and there are more people visiting, the page opening speed will be slower, right? ! Generally speaking, the more people who visit, the more forum pages, the larger the database, the higher the frequency of being accessed, and the considerable system resources occupied. Now I know why many space service providers say that everyone should not upload forums. , Chat room waiting for something.
• A static page does not require much server resources. It can even be read directly from the memory and sent to you, but the forum is different. When I read a post, the system needs to go to the database to determine whether I have the permission to read the post. If yes, read out the content in the post and display it-the database has been accessed at least 2 times here. If the database is 200MB in size, the system is likely to search the 200MB data space again. How much is this? CPU resources and time? If I search for a keyword, the time is even more impressive, because the previous search can be limited to a small range. For example, the user authority only checks the user table, and the post content only checks the post table, and you can stop the query immediately if you find it. , And the search will definitely make a judgment on all the data, which consumes a lot of time. CC makes full use of this feature, simulating multiple users (the number of threads is the number of users) non-stop access (accessing those pages that require a lot of data operations, that is, a lot of CPU time). Many friends have asked, why use an agent? Because the proxy can effectively hide its identity, it can also bypass all firewalls, because basically all firewalls will detect the number of concurrent TCP/IP connections, and more than a certain number and a certain frequency will be considered Connection-Flood.
• 　　Using a proxy*** can also keep the connection very good. We send the data here, and the proxy helps us forward it to the other party's server, we can immediately disconnect, and the agent will continue to maintain the connection with the other party (the record I know is someone 350,000 concurrent connections were generated using 2,000 agents).
  Deepen understanding:

We assume that the processing time of Server A for Search.asp needs 0.01S (multi-threading is only time division and has no effect on the conclusion), which means that it can guarantee 100 user Search requests per second, and the maximum connection time allowed by the server is 60s , Then we use CC to simulate 120 concurrent user connections, then after 1 minute, the server was requested 7,200 times and processed 6000 times, so there were 1200 concurrent connections left unprocessed.
Some friends will say: Lost connection! Lost connection! The problem is that the server is dropped in the order of first-come, first-come. These 1,200 were initiated in the last 10 seconds. Want to lose? ! It’s still early, after calculations, when the server is full and starts to lose connections, there should be 7,200 concurrent connections in the queue, and then the server starts to lose connections at 120 per second, and the connections we initiate are also 120 per second, and the server will always handle it. For endless connections, the server's CPU is
100% and maintained for a long time, and then the 60 seconds after the connection is lost, the server also judges that it cannot be processed, and the new connection cannot be processed, so the server has reached a super busy state.
　　We assume that the server only used 0.01S to process Search, which is 10 milliseconds (you can go to various forums with open time display for this speed), and the threads we use are only 120. Many servers have a connection loss time that is much longer than 60S. , Our use of threads is far more than 120, you can imagine it is terrible, and as long as the client sends a disconnect, the connection is maintained by the agent, and when the server receives the SQL request, it will definitely enter the queue, regardless of whether the connection is already Disconnected, and the server is concurrent, not sequential execution, so that more requests enter the memory request, and the burden on the server is greater.
　>Of course, CC can also use this method to *** FTP, and it can also implement TCP-FLOOD, which are all tested and effective.