php suhosin 警报
我用的是舒荷辛。我收到以下警报。
ALERT-SIMULATION - 尝试通过 GET 变量注册禁止的变量“_REQUEST”(攻击者
警报模拟 - 尝试通过 GET 变量注册禁止的变量“_REQUEST[option]”(攻击者
警报模拟 - 尝试通过 GET 变量注册禁止的变量“_REQUEST[Itemid]”(攻击者
警报模拟 - 尝试通过 GET 变量注册禁止的变量“GLOBALS”(攻击者
他们是真正的攻击者吗?如果不是,如何设置 suhosin 配置以忽略这些警报?
I use suhosin. I get the following alerts.
ALERT-SIMULATION - tried to register forbidden variable '_REQUEST' through GET variables (attacker
ALERT-SIMULATION - tried to register forbidden variable '_REQUEST[option]' through GET variables (attacker
ALERT-SIMULATION - tried to register forbidden variable '_REQUEST[Itemid]' through GET variables (attacker
ALERT-SIMULATION - tried to register forbidden variable 'GLOBALS' through GET variables (attacker
Are they real attackers? If not, how to set suhosin configuration to ignore these alert?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这些不一定是“攻击”,而是对您的站点进行测试/刺激,以确定他们(潜在的攻击者)是否可以通过启用 register_globals 来注入代码。
用于产生这些错误的 uri 如下所示。
您是否将
register_globals设置为on?该 IP 可追踪到 ATL:http://www.ip-adress.com/ip_tracer/
Those are not necessarily "attacks," but rather tests/prodding of your site to determine if they (the potential attacker) can inject code though register_globals being enabled.
The uri's used to produce those errors are as follows
Do you have
register_globalsset toon?That IP traces to ATL: http://www.ip-adress.com/ip_tracer/
反复出现此错误...向我的系统日志发送垃圾邮件
...但是 register_globals 肯定是关闭的...那么问题是什么?
Getting this error repeatedly ... spamming my syslog
... but register_globals are definitely off ... so what's the issue?