I made a php/mysql project where 40+ employee's work on it in office and from home. they have a specific level permission. I store login data with IP, location, browser, OS of client. recently someone login using my credential(admin Ac). The IP im getting is ISP real ip not client IP. 3/4 employee resident same area with same ISP. So i am not able to find which one of them 4 employee got my access. any script or any Idea???? so i can catch him?
1条回答 默认 最新
dongyan1808 2016-05-29 13:22关注You have a few options.
You could dig through your data to compare which web browser and operating system is commonly used by each employee. You can then compare this to the data of the unauthorised person. While it may not be concrete, it might point you in the right direction.
The next option is to introduce another layer of security. In addition to a password, ask all users to enter additional information. For example - you might know their National Insurance (Social Security, if you're in the US) numbers, so ask them to enter something like the 1st, 5th and 7th characters of that information [to be extra secure, change which characters are requested after each login attempt].
If you have the users mobile phone numbers - you could have your system send a text message (or, potentially use email instead), with a code that the user will have to enter. So long as the code was automatically generated - this should also help.
The second and third methods may not help you catch the person who has been logging into your account - but will hopefully prevent them from doing so in future (just make sure you keep whatever information you are verifying with a secret).
I will finalise by saying that - one of the things you should be investigating is - how did one of your users get access to your account in the first place? Do you have a vulnerability in your application allowing users to view passwords? Did you share your login credentials with anyone? Was your password secure enough?
Ultimately - finding and penalizing the culprit is probably going to be difficult without substantial evidence. Focus on fixing the security hole.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报
分享
- 2016-05-29 13:00回答 1 已采纳 You have a few options. You could dig through your data to compare which web browser and operati
- 2023-03-11 00:33回答 2 已采纳 重装系统就行了
- 2016-10-06 20:16回答 1 已采纳 ok, i figured this out. i was confused as the documentation on this is quite confusing at least to
- 2021-04-24 15:12weixin_39608680的博客 PHP网站安全性浅谈一、web应用服务安全性设置1、服务器各应用服务尽可能以独立用户运行,如:WEB服务运行帐户为wwwMySQL服务运行帐户为mysqlMemcached用户为memcacheRedis运行帐户为redis2、应用服务目录的读写权限...
- 2015-03-26 05:12回答 1 已采纳 One solution is that you can delete all your tables from database(if you don't have critical data
- 2017-02-24 14:02回答 1 已采纳 First of all, make sure to grab refresh token by settings access type to offline. Then Create a se
- 2015-11-23 13:17回答 2 已采纳 Service accounts work when you have access to the account in question, or if the owner of the acco
- 2024-04-25 05:00新华的博客 在动态的 Web 开发环境中,安全性仍然是一个最重要的问题。跨站点脚本(XSS) 和跨站点请求伪造(CSRF) 是 PHP 开发人员必须解决的两个普遍安全漏洞,以保护其应用程序。本文深入探讨了 XSS 攻击的复杂性,探讨了 ...
- 2013-07-04 12:29回答 1 已采纳 I recommend the HWIOAuthBundle - it supports authenication via lots of OAuth providers, including
- 回答 2 已采纳 create a master_passowrd column in user table than do a query like that. select * from user where
- 2017-07-16 18:04回答 1 已采纳 The error is self explanatory. You should name an alias for the table you created. After the subqu
- 2023-11-06 10:37越来越不懂!的博客 网络安全管理员高级工理论题库,持续更新中……
- 2014-04-09 21:38回答 1 已采纳 You can use a service account. For these types of server-to-server interactions you need a ser
- 2022-05-11 10:55落寞的魚丶的博客 假定你是某企业的网络安全工程师,对于企业的服务器系统,根据任务要求确保各服务正常运行,并通过综合运用登录安全加固、数据库安全策略、流量完整性策略、事件监控策略、防火墙策略、IP协议安全配置等多种安全策略...
- 2019-10-03 11:22daxun5508的博客 收集IIS配置错误--您未被授权查看该页 HTTP错误401 - 您未被授权查看该页 在配置IIS的时候,如果安全稍微做的好一些。就会出现各式各样的问题。比如,常见的访问网页会弹出用户名...
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 WPF 大屏看板表格背景图片设置
- ¥15 这个主板怎么能扩出一两个sata口
- ¥15 不是,这到底错哪儿了😭
- ¥15 2020长安杯与连接网探
- ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
- ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
- ¥16 mybatis的代理对象无法通过@Autowired装填
- ¥15 可见光定位matlab仿真
- ¥15 arduino 四自由度机械臂
- ¥15 wordpress 产品图片 GIF 没法显示