douwo8140
2016-03-21 06:22
浏览 59

为什么我在我的网站上获得这些超链接? 安全漏洞?

In the image below is where I recently found these malicious hyperlinks.

I tried to log into my web-host and I couldn't find any hyperlinks attached to the elements in my files.

enter image description here

My Questions:

  1. How do I avoid these?
  2. How can I remove them?
  3. Despite these hyperlinks, Is my website vulnerable to any XSS attacks? If yes, please specify the holes i should fill.

I am using Ajax to send an instant response if the email already exists or not; Would this influence the attacker to easily send XMLHTTPRequests to the server?

I just want to make my website 100% safe as in a matter of none would ever get into the database ( confidentiality, integrity, and availability ) considering I have SSL certificate over HTTPS. Even if it's only login system website without many complicated input stuff.

I heard using SQL stored procedures help, also HTML encoding.

Please visit the website and take a look over the code www.tarsh.tk

Any Help/Hints/Tips/Links would be appreciated.

图片转代码服务由CSDN问答提供 功能建议

在下面的图片中,我最近发现了这些恶意超链接。

我试图登录我的网络主机,我找不到附加到我文件中元素的超链接。

我的问题:

  1. 我该如何避免这些?
  2. 如何删除它们?
  3. 尽管有这些超链接,我的网站是否容易受到任何XSS攻击? 如果是,请指定我应该填写的漏洞。

    如果电子邮件已经存在,我正在使用Ajax发送即时回复; 这会影响攻击者轻松地将XMLHTTPRequests发送到服务器吗?

    我只想让我的网站100%安全,因为无论如何都不会进入数据库( 机密性,完整性和可用性 )考虑到我通过HTTPS获得SSL证书。 即使它只是登录系统网站没有很多复杂的输入内容。

    我听说过使用SQL存储过程帮助,也是HTML编码。

    请访问 网站并查看代码 www.tarsh.tk

    任何帮助/提示/提示/链接都将不胜感激。

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongwen6743 2016-03-21 06:31
    已采纳

    The site at www.tarsh.tk does not have any hyperlinks for me see http://picpaste.com/Screen_Shot_2016-03-20_at_11.29.02_PM-F7OsKLUZ.png.

    Maybe it isn't the site and it is your browser. Have you tried a different browser?

    I used Chrome 49 and Safari 9, both are rendering the site without hyperlinks.

    打赏 评论

相关推荐 更多相似问题