douzhan2027 2012-11-05 11:27
浏览 62
已采纳

如何保护我的PHP网站免受.htaccess URL重定向恶意软件脚本攻击?

How this .htaccess file was injected into the website with malware code?

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} .*(msn|search|live|altavista|excite|ask|aol|google|mail|bing|yahoo).*$ [NC]
</IfModule>

How can I prevent my website from same attack?

This link was useful till some extent https://security.stackexchange.com/questions/16361/how-to-prevent-my-website-from-getting-malware-injection-attacks

but my team expects me to protect the website using coding. Is this is possible?

I also found that few other websites had a similar attack but they use a specific kind of code to prevent their website. I cannot use those script because that's not suitable for me exactly.

The website is a core php website. If moderators found this question to be a not real question or an exact duplicate then before closing or hitting minus, please provide help with a link. I trust this website.

  • 写回答

2条回答 默认 最新

  • dravpuso44681 2012-11-05 13:29
    关注

    Are you using timthumb.php or a similar upload / linking script? Older versions are frought with XSS vulnerabilities. It's a very common vulnerability on Wordpress installations, especially those which use themes that come bundled with their own timthumb.php / thumb.php.

    If that's the issue, lock that script down! If it's a custom script, take a look at the latest timthumb.php source code & try to use some of their techniques.

    Also, make sure your file permissions are locked down for the apache / web users & groups. E.G., do NOT allow .htaccess to be writable by apache user/group!

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 对于相关问题的求解与代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 信号傅里叶变换在matlab上遇到的小问题请求帮助
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料
  • ¥15 使用R语言marginaleffects包进行边际效应图绘制
  • ¥20 usb设备兼容性问题
  • ¥15 错误(10048): “调用exui内部功能”库命令的参数“参数4”不能接受空数据。怎么解决啊
  • ¥15 安装svn网络有问题怎么办