This is the 9th day of my participation in the August More Text Challenge
After the eighth dayCopy the code
What is a file upload vulnerability
File upload vulnerability refers to a situation where a user uploads an executable script file and gains the ability to execute server commands through the script file.
Many third-party frameworks and services have been exposed to file upload vulnerabilities, such as Struts2 long ago, as well as the rich text editor and so on. Attackers can upload malicious code, and the server may be hacked. How to prevent file upload vulnerability
The directory for uploading files is set to unexecutable.
1) Determine the file type. When determining the file Type, you can use MIME Type, suffix check, and so on.
For uploaded files, the file type cannot be determined simply by the suffix name, because an attacker can change the suffix name of executable files to pictures or other suffix types to induce users to execute.
2) Whitelist verification is performed on uploaded file types, and only reliable file types are allowed to be uploaded.
3) The uploaded file needs to be renamed so that the attacker cannot guess the access path of the uploaded file, which will greatly increase the attack cost. Meanwhile, the attack cannot be successfully carried out on the file like shell.php.rar.ara because of the rename.
4) Limit the size of uploaded files. 5) Set a separate domain name for the file server.
DDos attack
The client sends the request link packet to the server, the server sends the acknowledgement packet to the client, and the client does not send the request link packet to the service
The end sends a confirmation packet, and the server waits for confirmation from the client
There is no cure, except not using TCP
DDos prevention:
1) Limit the number of SYN half-links that can be opened simultaneously
2) Shorten the Time out Time for SYN half-links
3) Shut down unnecessary services
Distribution of important protocols