我有一台被黑客入侵了几次的服务器。删除几乎所有内容后,现在我只有一些静态文件(html,js,jpg(一个只返回JSON数组(甚至不返回<?php ?>
(的单个php。它可以完美地.json
。
某些黑客是否有可能注入代码?我的托管支持坚持认为是这样。我真的有我的怀疑,但他们不想承担任何责任。知道吗?
(对不起,如果这篇文章不遵循任何规则(
这里是聊天:
Chat ID: 41409607 Initial Question: Injections keep coming even I only have a single php file.. can you scan, please? Maybe there is a cron or something hidden?
10:18:49 PM Chuck R Hello Mario, this is Chuck with Sitelock. usually this can happen with URL injection.
10:19:15 PM Mario Morales againt what?
10:19:26 PM Mario Morales I have only static pages
10:19:41 PM Mario Morales and a php that returns a string. No code on it
10:20:04 PM Mario Morales :(
10:21:24 PM Chuck R There is a page, meaning it can be injected.
10:23:46 PM Mario Morales even it has only a JSON on it?
10:24:02 PM Chuck R Yes, unfortunately.
10:24:18 PM Chuck R The only way for a site not be hacked is to not have it, or for it to be parked.
10:26:17 PM Mario Morales Really?
10:26:26 PM Mario Morales First time I heard that
10:27:42 PM Chuck R Yes. Definitely is unfortunate but it's the way it is.
10:29:01 PM Mario Morales I can't find an example of how a php file containing only "[{key:value},{key:value}]" can be injected.
10:29:05 PM Mario Morales but ok
10:29:39 PM Mario Morales Let me copy the chat and ask on some forum
10:29:45 PM Chuck R Well it's happening.
没有什么是100%安全的;动态内容-PHP或其他任何东西就更少了。
如果您的服务器多次被黑客入侵:
- 更改虚拟主机。
- 移植您的数据 - 之前寻找可能的注入,例如持久 XSS,- 而不是您的代码。
- 重写代码。老实说,如果他们多次入侵您的网站,这意味着现有代码的质量不是最佳的。
- 不要试图编写所有代码;一开始你会出错。至少使用框架或众所周知的库进行用户管理和数据库抽象。