Talking about the threats encountered by the paid website

I, Foreword

After years of baptism in the Internet bubble, major websites have slowly grown up. People have gradually learned the truth, there is no free lunch in the world, so there are fewer and fewer free things on the Internet. Various services such as paid mailboxes, toll space, and toll domain names are also clearly priced, even watching a movie, downloading a software, and becoming a paid member can enjoy the right. Although many people are very uncomfortable, the trend is unstoppable and the network is gradually standardized.

However, because there are always attractive things in the paid website, some people don’t want to accept this reality (such as me, huh, huh), and always want to use other abnormal means, such as using the website or administrator configuration. Vulnerabilities to get services that are not available for free.

II, an intrusion instance

Some time ago, the reason for the work, need to get some information, Google for a long time, finally found a website to provide download. However, I was depressed and found that the information was placed in the member area, I wanted to download it, and I paid the money first. Hey, looking for a morning, I can't go empty-handed, so I decided to give it a try, can I get a password and get the information I need.

First do the previous stepping work, from the 80's banner, it seems to be the windows2000 machine, using IIS5, there is no other information, guessing should be a firewall or router, it is forbidden to launch from outside Connected, so, except for port 80, nothing else can be obtained. No way, I can only get started from the web.

Revisit the web page, the member area needs to enter a password to enter, and also provides a forum to communicate. Going into the forum and turning around, it is a forum for the mobile network, and there are quite a lot of online members. Oh, it seems that I have to start from the forum. People waiting for innocent people are fooled, Amen.

First, I posted a post in the map area, stuck a photo of 5 beautiful women, and then used the upload statement to do some tricks,

Oh, look out, I want to use The session hijacked HASH. Then, open the sniffer and get ready to catch HASH. Haha, it really is fooled, there are many friends of color and color behind, but I don’t know that his system password has arrived in my hand, hehe. Import LC4 and run out a few simple passwords. However, these passwords are not the same as the login passwords in the member area, and they have to continue to do the work, hehe.

Suddenly, I think of their mailbox, will the mailbox be the same as the system password. They got their emails from the forum materials and tested them one by one. Sure enough, haha, luck can’t stop it, and one’s Sina’s mailbox has been successfully obtained. Now there is progress, but I still haven't got what I want. Continue to stroll around the site to see what else is available. Slowly, I put my eyes on the connection in the member area to forget the password. Oh, you can use the mailbox I control to retrieve the password. Haha, how can I be so smart, .^_^. I successfully obtained the password of the member area, and then clearly trace the information I got.

The previous process is barely a successful infiltration. First, use the dynamic network forum to allow the mapping method, obtain the member's system password, use the same password as the system password, and successfully use the function of retrieving the password to obtain membership.

III. Current threats

I think I have managed a paid website for my friends, and I have obtained free services through intrusion. Here's a little bit of my experience to talk about the threats that current paid sites face.

First from the intruder's point of view:

1. The endless stream of system vulnerabilities gives innumerable opportunities for intruders, especially hackers who have the ability to discover new vulnerabilities and have the opportunity to exploit unknown vulnerabilities. success.
For example, the webdav overflow vulnerability announced only a while ago is the case. Webdav is a component of IIS. There are overflow vulnerabilities in the case of default installation. Microsoft announced the vulnerability in March 2003, and the vulnerability level was rated as severe. As far as I know, as early as the second half of last year, domestic hackers have written an overflow exploit program that can kill IIS5 and get a shell with system privileges. Don't say that domestic, that is, a large number of WEB servers in the United States have this vulnerability. Microsoft also discovered this vulnerability because of a server in the US military, and urgently gave a patch. Therefore, this threat is very large, especially for paid websites. I have seen friends use this vulnerability to enter a homepage space provider's machine, obtain superuser privileges, and replace the target homepage. This thing should be impressed by friends who have mixed in the network security version of CSDN. At this time, the loophole was only open for two days. However, in the end, the threat of using unknown vulnerabilities is the biggest, but because such a master is few and far between, and the master does not bother to do this, and everyone knows the exploit method, Microsoft has also introduced patches.

Threat 1: Unknown Vulnerability Invasion Threat: Extremely high probability: Very low

2. More and more * melon-type hacking tools have emerged, making the entry threshold more and more Low is also the most common threat to paid websites.
The emergence of scanning tools such as streamer and X-scan, although it is the embodiment of Chinese hackers, has greatly reduced the threshold for entry. Anyone who doesn't have any knowledge of the Internet can claim to be a hacker if they get the tools to clean them. Recently, I suddenly found a tool with a melon type. It seems to be called an Windows automatic attack machine. After sweeping into a vulnerable machine, I can do nothing with you. I can automatically upgrade the permissions and add the user's functions. I am faint. The webmaster saw that the piles of log records left by the scanner were really dumbfounding.
And the overflow tool only needs you to fill in the ip address, you can wait for the system shell, such as printer overflow, ida overflow, webdav overflow, overflow program has been done by the master, as long as it can be used It is.
The threat posed by the tool is really real for the website. This is the most common website administrators encounter every day. However, because the intruders use the vulnerabilities that have been published for a long time, or the network management is very careless. Mistakes, so as long as you do basic prevention and patch, you can easily prevent intrusions.

Threat 2: *Guatype Tools Threat Level: Low Occurrence Chance: High

3. Retaliation attacks such as denial of service attacks by intruders, such as denial of service attacks, etc.
Some attackers fail to invade, and there is a revenge mentality, or peers, because of the competitive relationship, leading to denial of service attacks. This type of attack is also very common and is the most headache for webmasters. The website is unable to provide normal service, causing great losses, and it is very difficult to find intruders.

Threat 3: Denial of Service Attack Threat Level: Medium Occurrence: Medium

Now from the webmaster's point of view:

As a webmaster, of course I want to protect myself Websites work, but intruders from time to time always threaten themselves.

1. The threat of paying user passwords.
Before the paying user enjoys the service, the administrator will assign him a password, which is the most wanted by the intruder, so the strength of the password is the first consideration. In order to facilitate the user, some have also opened the function of changing the password. Although this is beneficial to the user, it also gives the intruder a chance. If the paying user's confidentiality is poor, set a simple password that is easily obtained by the intruder. Intruders will enjoy the services that only paying users have.

Threat 4: User Password Management Threat Level: Medium Occurrence: Medium

2. Threat of user authentication.
I didn't think of this when I was writing an article. It was a reminder when I was chatting with a friend. If the administrator uses Windows integrated authentication to verify the identity of the charging user, then there will be constantly added users in the system, and these newly generated new accounts create a lot of threats. Because the user is the system user, once the intruder has a user's password, he will find ways to increase the permissions until he gains administrator privileges.

Threat 5: User Authentication Threat Level: High probability of occurrence: Medium

3. Administrator's security awareness
In fact, all the previous threats are inferior to administrator security awareness. The threat is big. An excellent administrator can prevent unknown attacks from happening, detect vulnerabilities in time, and make reasonable judgments about any abnormalities in the server. An administrator with a weak security awareness will not pay attention to the possible intrusions, and even after being successfully invaded, he is still indifferent.

Threat 6: Administrator Security Awareness Threat: Extremely high probability: Low

IV, Ending

Because the services provided by the paid website are costly, and Very attractive, so there are so many people who want to play these websites. I hope this article can help a friend, protect his website, and provide better services to real paying members.