我个人不懂编程,找了一群小伙伴做一个网站,做到支付系统时,小伙伴们说不知道如何防止被黑,大神们支支招跪谢了~~
我个人不懂编程,找了一群小伙伴做一个网站,做到支付系统时,小伙伴们说不知道如何防止被黑,大神们支支招跪谢了~~
如果您能帮忙也好,但是没有太多钱付,最好就是指点指点,我付个好处感激费。谢谢啦~~~
这个问题已被关闭,原因:非开发直接相关的问题
回复内容:
我个人不懂编程,找了一群小伙伴做一个网站,做到支付系统时,小伙伴们说不知道如何防止被黑,大神们支支招跪谢了~~
如果您能帮忙也好,但是没有太多钱付,最好就是指点指点,我付个好处感激费。谢谢啦~~~
关系到钱的问题,一般人不懂的黑,牛B点的不屑于黑,实在有人干了这种事情记得用法律来解决。
防止被黑注意做好日志,别被人弄了还找不到是谁弄的。
简单点的问题可以找一个安全测试工具测试一下一些简单的问题还是可以避免掉的,测试工具比如AppScan
楼上也说了,用https协议传输可以避免数据被劫持后篡改。
1、sql注入,很多初学者会认为这个是安全的:
sql="select * from members where id='".$id."'";
因为这个代码,我就被人注入过,注入了webshell,还被人盗钱了。
2、不要跟第三方代码放一个服务器上,比如你要用论坛,discuz,绝对不要放一起,搞个单独的服务器,并且这个服务器对数据库的访问权限要控制,就是说这个服务器被黑了也不能操作核心数据库(支付系统)
3、如果可以,代码里面不要出现数据库密码。我目前是在启动nginx的时候提供密码,启动完成就删除密码。那么源码泄露(比如被安装了webshell)也不会泄露数据库密码。但是不泄露数据库密码就不等于不能操作数据库。如果被注入了webshell,他可以调用你写好的程序,比如一般对数据库操作你会封装一下。你正常的业务代码能调用,被注入的代码也能调用。那么如何防止被恶意调用呢?可以加密码验证。要有个前提,所有操作数据库的源码都要加密,如果是php,用类似zendguard加密,然后在每个php头部,设置密码,如dbtoken=md5($_PHPSELF."xxxkkk");然后在db的封装里面验证这个密码是否正确,不对就终止执行。这样被注入webshell之后,他要么在你原来的文件上修改,但是你加密过了,他就没法修改。要么就是另外生成文件,另外的文件phpself不一样,密码也不一样,你就可以判断这个是攻击代码了。
4、经常检查总金额,做个检查程序,看看总金额是否0.总金额就是所有收入-支出-用户存款。这个应该永远是0.如果数据库被黑了,用户修改了他的存款,那么总金额就会是负数。就可以知道被黑了。
预防csrf攻击
协议用https
可以外包出去,乌云网之类的有专业的人
支付系统一般都是直接使用第三方的 alipay unionpay qq-wx pay ....一般不会被黑把,资金都是从第三方账户直接到企业账户,网站最多也就是维护一个account关系和支付数额而已??
使用第三方支付sdk或者类似stripe的整合方案:https://pingxx.com/
自己做支付功能代价搞到小公司无法承担,你要拿到银联和信用卡的认证。。。使用三方sdk来完成支付功能,安全由它们替你保障吧。
现在有不少做安全测试的网站,可以去给自己的网站做一下安全测试,低端的黑客能利用的漏洞基本都能被发现
可以搜一下nginx+lua可以简单的做一个waf,或者借助第三方云平台吧,好多都有防护功能
个人觉得外包出去借助第三方平台
一般都是使用已有api或者外包出去吧
做好验证、鉴权,留好日志;找第三方平台,比如:支付宝、微信、易宝等,但是这只能解决一部分问题,最关键的还是自己的业务处理,
一般来说,做好以下两点就可以了:
<code>1. 参数过滤,token验证。 2. 支付成功后,验证支付金额</code>
首先声明,并不是打广告,既然你一点头绪都没有,那么自己做安全这块肯定是行不通的,建议你可以去看看这个网址,里面说到的牛盾云安全,newdefend产品主要就是网站的安全加速,亮点就是安全这一块,而且目前是有免费使用的,你可以咨询一下客服试试看,或许可以解决你的问题
https://www.newdefend.com/
建议用已有的支付API
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian
Dec 24, 2024 pm 04:42 PM
PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati
How To Set Up Visual Studio Code (VS Code) for PHP Development
Dec 20, 2024 am 11:31 AM
Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c
How do you parse and process HTML/XML in PHP?
Feb 07, 2025 am 11:57 AM
This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an
PHP Program to Count Vowels in a String
Feb 07, 2025 pm 12:12 PM
A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total
Sesame Open Door Login Registration Entrance gate.io Exchange Registration Official Website Entrance
Mar 04, 2025 pm 04:51 PM
Gate.io (Sesame Open Door) is the world's leading cryptocurrency trading platform. This article provides a complete tutorial on spot trading of Gate.io. The tutorial covers steps such as account registration and login, KYC certification, fiat currency and digital currency recharge, trading pair selection, limit/market transaction orders, and orders and transaction records viewing, helping you quickly get started on the Gate.io platform for cryptocurrency trading. Whether a beginner or a veteran, you can benefit from this tutorial and easily master the Gate.io trading skills.
How to get started with buying virtual coins? 2025 Ethereum Virtual Currency Newcomers' Guide
Feb 21, 2025 pm 06:54 PM
For investors new to the cryptocurrency world, it is crucial to understand how to buy virtual coins. This article is designed to provide a comprehensive guide to beginners covering detailed steps on how to choose the right exchange, register an account, deposit funds, and purchase Ethereum (ETH). By following this guide, beginners can safely and conveniently embark on their virtual currency investment journey and seize potential investment opportunities in 2025 and beyond.
Ouyi Exchange app domestic download tutorial
Mar 21, 2025 pm 05:42 PM
This article provides a detailed guide to safe download of Ouyi OKX App in China. Due to restrictions on domestic app stores, users are advised to download the App through the official website of Ouyi OKX, or use the QR code provided by the official website to scan and download. During the download process, be sure to verify the official website address, check the application permissions, perform a security scan after installation, and enable two-factor verification. During use, please abide by local laws and regulations, use a safe network environment, protect account security, be vigilant against fraud, and invest rationally. This article is for reference only and does not constitute investment advice. Digital asset transactions are at your own risk.
How to buy Bitcoin on Alipay? Alipay Buy BTC Complete Tutorial
Mar 05, 2025 pm 06:03 PM
Alipay and Bitcoin Transactions: A safe and convenient purchasing guide Alipay is a widely used payment tool in China. Although it does not support direct purchase of cryptocurrencies such as Bitcoin, you can complete transactions indirectly through some channels. This article will guide you on how to use Alipay to purchase Bitcoin safely and conveniently, and explain the risks that need to be paid attention to. The most common way to purchase Bitcoin indirectly through cryptocurrency exchanges is to trade through cryptocurrency exchanges that support Alipay. This method usually requires you to buy USDT (stablecoin) first and then exchange USDT for Bitcoin. The following is an example of Ouyi OKX Exchange, explain the operation steps in detail: Register Ouyi OKX account: Visit Ouyi OKX official website (click to register), register an account using email address, and complete
