Back to Question Center
0

I-Semalt Expert: Iindlela ezininzi eziqhelekileyo zokuHlola ziSebenzisa Ukuhlaselwa kwiSayithi

1 answers:

Ukuqhaqhayisa isongelo ibhekane namashishini amancinane kunye namashishini amakhulu. Enyanisweni, iinkampani ezinkulu zifanaI-Microsoft, i-NBC, i-Twitter, i-Facebook, i-Drupal kunye ne-ZenDesk sele isanduliwe kwiwebhsayithi. Ingaba aba baphuli be-cyber banqwenelauthathe idatha yangasese, vala iPC yakho okanye uthathe ulawulo lwewebhusayithi yakho, into enye ihlala icacile; baphazamisana namashishini.

I-Artem Abgarian, i Semalt Umphathi wabaPhumelele abaPhezulu abaPhezulu, unikezela ukuqwalasela ezi zinto zilandelayo i-hack ingasebenzisa ukungena kwiiwebhusayithi / inkqubo yakho.

1. I-Attack Attack

Olu hlaselo lwenzeka xa kukho iphoso kwiLibrari yakho ye-SQL, iDatabase yeSQL okanye i-OSngokwayo. Iqela lakho labasebenzi livule oko kudlula njengeifayile ezithembekileyo kodwa ezingaziwa kubo, iifayile zifihlile imiyalelo (injections). Ngokwenzakunjalo, avumele ukuba i-hick ifumane ukufikelela okungagunyazisiweyo kwiinkcukacha eziyimfihlo ezifana neenkcukacha zekhadi lesikweletu, iibhanki zebhanki, inombolo yokhuseleko loluntu,njl njl

2. Isihlaselo seSpanish Site Attack

Ukuhlaselwa kwe-XSS kwenzeka xa iipakethi yefayile, isicelo okanye i-URL 'ifumane isicelo' ithunyelwe kuyoiwindow. Qaphela ukuba ngexesha lokuhlaselwa, isikhali (sinokuba sisiphi na sesithathu esichazwe) sithatha inkqubo yokuqinisekisa. Nje ngeziphumo,umsebenzisi uyakhohliswa ekucingeni ukuba asebenza kwiphepha lewebhu elisemthethweni.

3. Ubungqina Bokuqinisekiswa kunye nokuLawula iSetyathi

Kule meko, i-hacker izama ukuxhaswa kwinkqubo yokungqiniswanga yomsebenzisi obuthathaka.Le nkqubo iquka iiphasiwedi zomsebenzisi, i-ids yeseshoni, ulawulo oluphambili kunye ne-cookies. Ukuba kukho indawo ethile, abahlaseli banokufikelelai-akhawunti yakho yomsebenzisi ukusuka kwindawo ekude apho bangena ngemvume usebenzisa iziqinisekiso zakho.

4. I-Clickjack Attack

Ukuqhafaza (okanye ukuhlaselwa kwe-UI-Redress Attack) kwenzeka xa abahlaseli bebenzisa amaninzi, opaqueiziqendu zokukhohlisa umsebenzisi ekunqakrazeni ungqimba ophezulu ngaphandle kokusola into. Kule meko, ukuchotshozwa kwe-hijacks 'ekhethiweyo ebekuthethwe kuyokwiphepha lakho lewebhu. Ngokomzekelo, ngokudibanisa ngokucophelela ii-iframes, iibhokisi zeetekisi kunye neetekethi, i-hacker iya kubangela ukuba umsebenzisi acinge ukubabangena ngemvume kwi-akhawunti yabo, kodwa ngo kwenene, eso siqalo esingabonakali silawulwa ngumntu onesisusa esiphezulu.

5. I-DNS Spoofing

Ngaba wayesazi ukuba idatha endala ye-cache oyilibeleyo ingaza kwaye iyabhaqakuwe? Ewe, i-hacker ingabonakalisa ubunzima kwi-system yegama le-domain evumela ukuba batshintshe umzila kwi-server esemthethweni ukuya kwi-dummyiwebhusayithi okanye iseva. Ezi zihlaselo ziphindaphinda kwaye zizisasaza kwi-server eyodwa kwi-DNS, zikhupha nantoni na endleleni yayo.

6. Ukuhlaselwa koBunjineli beNtlalo

Ngokwenene, oku akukratshi nge-se. Kule meko, unika imfihloulwazi ngolwazi olungileyo lithetha ngentetho ye-intanethi, i-imeyile, imidiya yoluntu okanye nayiphi na intsebenziswano kwi-Intanethi. Nangona kunjalo, le yilapho ingxaki ivela khonangaphakathi; oko wacinga ukuba ngumniki-nkonzo wenkundla ulungele ukuba yinto. Umzekelo omhle uza kuba yi "Microsoft Technical Support".

7. I-SYMlinking (ukuhlaselwa ngaphakathi)

I-Symlink iifayile ezikhethekileyo "zikhomba" inxinxu eqinile kwifayile efakweinkqubo. Apha, umcwangcisi ubeka i-symlink efana nenjongo yokuba isicelo okanye umsebenzisi afumane ukuphela kokugqibelaukufumana ifayile echanekileyo. Ezi zilungiso ezikhohlakeleyo, zibhalwe, zifake okanye zitshintshe iimvume zefayili.

8. I-Attest Request Site

Ezi zihlaselo zenzeka xa umsebenzisi engena kwi-akhawunti yakhe. I-hacker evela kwiIndawo ekude ingathatha eli thuba ukukuthumela isicelo se-HTTP esibanjwe. Oku kuthetha ukuqokelela ulwazi lwakho lwekhukhi. Le doksi yedathaihlala isebenzayo xa uhlala ungene ngemvume. Ukuze ukhuselekile, soloko uphuma kwiakhawunti zakho xa usenziwa nabo.

9. Ukuhlaselwa kweKhowudi yokuLawulwa kude

Oku kusebenzisa ubuthathaka kumncedisi wakho. Izixhobo ezinokutsha ezinjengeenkcukacha ezikude,izikhokelo, iilayibrari kunye nezinye iimodyuli zeekhompyutheni ezisebenzayo kwisiseko sokuqinisekiswa komsebenzisi zijoliswe yi-malware, iempendulo kunye nomyaleloimigca.

10. Ukuhlaselwa kweDDOS

Ukuchaswa kokuhlaselwa kwenkonzo (okufingqiweyo njengeDDOS), kwenzeka xa umatshiniokanye iinkonzo zeseva ziphikisiwe kuwe. Ngoku xa ungaxhunyiwe kwi-intanethi, abahlaseli baxhamla ngewebhusayithi okanye umsebenzi othile. Injongo yeoku kuhlaselwa kuku: ukuphazamisa okanye ukuthatha inkqubo eqhubayo.

November 28, 2017
I-Semalt Expert: Iindlela ezininzi eziqhelekileyo zokuHlola ziSebenzisa Ukuhlaselwa kwiSayithi
Reply