Back to Question Center
0

Semalt Expert: Inonyanya Kuwanzo Nzira dzeHackers Dzinoshandisa Kuedza A Site

1 answers:

Kutengesa chinhu chinotyisa chinosangana nemabhizimisi maduku uye makuru. Ichokwadi, makambani makuru akaitaMicrosoft, NBC, Twitter, Facebook, Drupal, uye ZenDesk vave vachangotora mawebsite avo kupinda. Zvingangodaro vanoita zvemhosva yepyrove vanodabvisa data yepachivande, chengetedza PC yako kana kutora kutonga kwewebsite yako, chimwe chinhu chinoramba chiri pachena; vanovhiringidza nebhizimisi - it services and consulting companies.

Unonzi Abgarian, the Semalt Mutevedzeri Mukuru weVatengi Mutevedzeri, anopa kuongorora tsananguro inotevera iyo hacker ingashandisa kupinda mukati mawebsite / system yako.

1. An Injection Attack

Kurwisa uku kunoitika kana pane chikanganiso muSQL yako Library, SQL Database kana kunyange OSivo pachavo. Bhodhi rako revashandi rinozarura izvo zvinopfuura sefaira rakarurama asi zvisingazivikanwi kwavari, mafaira akavanza mirairo (injections). Nokuitasaka, vanobvumira pangozi kuwana ruzivo rwusina mvumo yezvinyorwa zvakavanzika zvakadai sedhadhi yekwereti, mabhengi eaka, nhamba yechengetedzwa kwevanhu,nezvimwewo.

2. A Cross Site Scripting Attack

XSS kurwisa kunowanikwa apo faira pakapetwa, kushanda kana URL kuti 'bvunze' inotumirwa kuwindow ye browser. Cherechedza kuti panguva yekurwisana, zvombo (zvinogona kuva chero chetatu zvakataurwa) zvinopfurikidza nekugadzirisa. Semagumo,mutengi anonyengedzwa pakufunga kuti vari kushanda pawebhu yepamutemo.

3. Kuvhiringidzwa Kwekuvimbika & Session Management Kusangana

Muchiitiko ichi, mutengesi anoedza kuisa simba pamusana pehutachiona hwehutano hwekushandisa.Iri sangano rinosanganisira mashandisi emafaira ekushandisa, svondo ids, key management and browser cookies. Kana pane imwe nzvimbo pane imwe nzvimbo, vatengesi vanogona kusvikakero yako yevashandi kubva kune imwe nzvimbo yakatarisa ipapo vanopinda mavo vachishandisa zviyeuchidzo zvenyu.

4. The Clickjack Attack

Kushandura (kana kuti UI-Kuderedzwa Kurwisa) kunoitika apo vashandisi vanoshandisa mazana, opaquezvikamu zvekunyengedza mushandisi mukukanda kumusoro kwepamusoro pasina kunyunyuta chinhu. Muchiitiko ichi, hacker 'hijacks' inonyorera iyo yairehwanokuda kwewebhu yako peji. Somuenzaniso, nekunyatsobatanidza iframes, mabhokisi mabhokisi uye micheti yepepaiti, mutengesi inotungamirira musikana kufunga kutiivo vari kugadzira matanda mumabhuku avo, asi mupfungwa chaiyo, iyo chimiro chisingaoneki chinotungamirirwa nemumwe munhu ane chinangwa chepfungwa.

5. DNS Spoofing

Waiziva here kuti deta yekare yawakakanganwa inogona kuuya uye inokurudziraiwe? Zvakanaka, mutengesi anogona kuratidza kushungurudzika muzita rezita renyika iro rinovabvumira kushandura magwagwa kubva kunzvimbo yakachengetwa kusvika kune dummywebsite kana seva. Izvi zvinorwisa zvinopararira uye zvinopararira pachavo kubva kune imwe DNS server kune imwe, kuvhara chero chinhu munzira yayo.

6. Kunyanzvi Hwokugara Kwevanhu

Zvechokwadi, izvi hazvisi kuvharidzira kwega. Munyaya iyi, iwe unopa chakavanzikaruzivo mukutenda kwakanaka unotaura pamusoro pekukurukura kwewebhu, email, social media kana kuburikidza nekubatana kupi neipi paIndaneti. Zvisinei, iyi ndiyo iyo dambudziko rinouyain; izvo zvawaifunga kuti mutemo wevashandi vanoita kuti uve sangano. Muenzaniso wakanaka waizova "Microsoft Support Technical" chirwere.

7. SYMlinking (kurwisa mukati)

Symlinks mapepa akasiyana-siyana ayo "anongedzera" "hard link" inoenderana nefaira rakachengetwasystem. Pano, mutengesi anonyanya kuisa iyo symlink kuitira kuti kushandiswa kana kushandiswa kwevashandi kupedzisira kugumakusvika kune faira yakakodzera. Izvi zvinoshandiswa kuipa, kunyora, kushandura kana kuchinja mvumo yefaira.

8. Cross-Site Request Attack

Kurwisana uku kunoitika apo munhu anoshandiswa kupinda muakaunti yavo. Muchengeti kubva kunenzvimbo iri kure ingatora mukana uyu kukutumira chikumbiro cheHTTP chakavakwa. Izvi zvinoreva kuti uunganidze rako recookie info. Iyi data yekiokieinoramba ichishanda kana iwe ukagara uri mukati. Kuti ugare wakachengeteka, nguva dzose rega kubva panhoroondo dzako kana waita navo.

9. Iro Remote Code Execution Attack

Izvi zvinoshandisa kushaya simba pane server yako. Zvinokonzerwa nezvinhu zvakadai sedare kure kure,zvigadziriswa, mabhuku ekuraibhurari pamwe chete nedzimwe mapurogiramu ehurumende anoshandiswa pamushandisi-kuvimbiswa hwaro zvinotarirwa ne malware, zvinyorwa uye murairomitsara.

10. DDOS Attack

Kuparadzirwa kwekupararira kwebasa rinoshandiswa (rakapfupiswa seDDOS), rinoitika kana makina achokana mashizha evharesi anoregererwa kwauri. Iye zvino kana iwe usina kubvumirana, vatengesi vanononoka newebsite kana rimwe basa. Chinangwa chekurwisa uku ndeizvi: kukanganisa kana kutora mamiriro ezvinhu.

November 28, 2017