Website Security...
Δημοσιεύτηκε: Τετ Νοέμ 08, 2006 6:33 pm
Kalispera se olous,
parakatw proo8w meros tou email pou esteila kai pros ton xrhsth "Agiooros" peri asfaleias kai epi8esewn pou dexetai o server pou filo3enei auto to site, mias kai pisteuw oti kalo 8a einai to 8ema auto na ginei eurutera gnwsto wste na voh8hsoun me tis gnwseis tous oso to dunaton perissoteroi xrhstes:
...oson afora to php-nuke to kako einai oti suxna pukna erxontai sthn epifaneia bugs kai 8ewreitai eukolos stoxos gia tous epiti8emenous. Opote prepei panta na einai up to date kai na apokleiontai kakovoules energeies apo tous users [registered or public]. Gia paradeigma klassikos "dromos" epi8esewn einai mesw ths selidas : /modules.php?name=Search tou site opou me diafora exploits sto pedio anazhthshs apospa kaneis mexri kai tous kwdikous twn admin (estw kai se kryptografhmenh morfh..) dinontas entoles ston server mesw SQL injections.
Gia paradeigma apo mia proxeirh dokimh auth th stigmh me thn entolh:
xXxXxXxXxXxXxXxXxXxXx (paraleipetai gia eunohtous logous..) sthn parapanw selida....vlepw oti o admin me to username "Athos" exei password to : 52XXXXXXXXXXXXXXXXXXXXXXXXc3 [encrypted]
8a sunistousa stous diaxeiristes na apagoreusete th sugkekrimenh anazhthsh h sthn kaluterh periptwsh gia na eiste sigouroi na apenergopoihsete genika to Search Module. Epishs na xrhsimopoieite kwdikous me perissotera twn 8 toulaxiston pshfiwn kai alfari8mhtikous ths morfhs password123!@#.
Epishs einai shmantiko o server na einai enhmerwmenos kai na uposthrizei (prostateuei) apo epi8eseis opws DoS (Denial Of Service). Auto einai 8ema epiloghs tou server h tou antistoixou paroxea tou webspace....
Filika,
chaodis
parakatw proo8w meros tou email pou esteila kai pros ton xrhsth "Agiooros" peri asfaleias kai epi8esewn pou dexetai o server pou filo3enei auto to site, mias kai pisteuw oti kalo 8a einai to 8ema auto na ginei eurutera gnwsto wste na voh8hsoun me tis gnwseis tous oso to dunaton perissoteroi xrhstes:
...oson afora to php-nuke to kako einai oti suxna pukna erxontai sthn epifaneia bugs kai 8ewreitai eukolos stoxos gia tous epiti8emenous. Opote prepei panta na einai up to date kai na apokleiontai kakovoules energeies apo tous users [registered or public]. Gia paradeigma klassikos "dromos" epi8esewn einai mesw ths selidas : /modules.php?name=Search tou site opou me diafora exploits sto pedio anazhthshs apospa kaneis mexri kai tous kwdikous twn admin (estw kai se kryptografhmenh morfh..) dinontas entoles ston server mesw SQL injections.
Gia paradeigma apo mia proxeirh dokimh auth th stigmh me thn entolh:
xXxXxXxXxXxXxXxXxXxXx (paraleipetai gia eunohtous logous..) sthn parapanw selida....vlepw oti o admin me to username "Athos" exei password to : 52XXXXXXXXXXXXXXXXXXXXXXXXc3 [encrypted]
8a sunistousa stous diaxeiristes na apagoreusete th sugkekrimenh anazhthsh h sthn kaluterh periptwsh gia na eiste sigouroi na apenergopoihsete genika to Search Module. Epishs na xrhsimopoieite kwdikous me perissotera twn 8 toulaxiston pshfiwn kai alfari8mhtikous ths morfhs password123!@#.
Epishs einai shmantiko o server na einai enhmerwmenos kai na uposthrizei (prostateuei) apo epi8eseis opws DoS (Denial Of Service). Auto einai 8ema epiloghs tou server h tou antistoixou paroxea tou webspace....
Filika,
chaodis
... *