可怕的服务器安全性错误-CSDN博客

Various methods of server hacking, cracking, malwares, spamming, virus infections etc. still exists in our highly advanced online industry. Though, there are various steps that the server administrators take to avoid unethical activities on their servers, yet attackers and individuals find some or the other ways to carry out their destructive tasks. But its not always true that every attacker and hacker possess the necessary skills and take away the credit for fooling the server security measures taken by the administrators. There are occasions when due to some sort of human error, the server administrator have left a loop hole during the process of server hardening and have left-out some section on the server,weak. The attackers are always in search of such weaknesses to barge into the server and the network. Even a newbie server administrator is expected to know about these weaknesses and work on it accordingly.

在我们高度先进的在线行业中，仍然存在各种服务器黑客，破解，恶意软件，垃圾邮件，病毒感染等方法。虽然，服务器管理员采取了各种步骤来避免服务器上的不道德行为，但是攻击者和个人发现了执行破坏性任务的某些或其他方式。但是并非总是如此，每个攻击者和黑客都拥有必要的技能，并且因愚弄管理员采取的服务器安全措施而失去信誉。有时，由于某种人为错误，服务器管理员在服务器加固过程中留下了漏洞，并在服务器上留下了一些薄弱环节。攻击者总是在寻找这样的弱点，以闯入服务器和网络。即使是新手服务器管理员，也应了解这些弱点并进行相应的处理。

Below listed are few common areas where admins usually lack or might miss out :

以下列出了管理员通常缺少或可能会错过的一些常见领域：

A. Simple passwords

A.简单密码

Most web server administrators set simple to guess passwords to their servers, foolishly assuming that no-one has the time to guess it or attack their servers. They may be partially correct, though the hackers of the new generation waste no time in trying to guess the passwords, rather they are equipped with better software’s that run few permutations and combination’s. If such a software is able to guess the password of your server, the result is a heavy loss and destruction of your data, which you might never ever be able to retrieve.

大多数Web服务器管理员设置简单的方式来猜测其服务器的密码，愚蠢地假设没有人有时间猜测或攻击其服务器。它们可能是部分正确的，尽管新一代黑客不花时间尝试猜测密码，而是配备了运行较少排列和组合的更好的软件。如果这样的软件能够猜出服务器的密码，那么结果将是数据的严重丢失和破坏，您可能永远无法检索到。

Hence it is highly suggested to choose a password that is tough to be guessed. Password encryption can be one of the methods to avoid anybody from guessing your password.

因此，强烈建议选择难以猜测的密码。密码加密可以是避免任何人猜密码的方法之一。

B. Exposed Root account

B.暴露的根帐户

As most of you must be aware, the root account allows the complete control over the server, it is utmost important to keep if safe and away from anyone’s reach.

正如您中大多数人都知道的那样，root帐户允许对服务器进行完全控制，因此，确保安全并远离任何人都至关重要。

C. Test or Guest accounts

C.测试或访客帐户

If you wish to offer a test account to someone whom you wish to make the performance of the server known, then offering it for a limited period of time is advisory. But, if you have offered such an account created on a dedicated hosting server with all the rights, then you are inviting trouble for yourself as there are an estimated six million hackers active in the online world today. Though if you do have a guest account, you better have it strengthened with a strong password as well.

如果您希望向想要使服务器性能公开的人员提供测试帐户，则建议在有限的时间内提供该帐户。但是，如果您提供了在专用托管服务器上创建的具有所有权利的帐户，那么您将为自己带来麻烦，因为当今在线世界中活跃着大约600万黑客。尽管如果您确实有一个来宾帐户，最好也用一个强密码来加强它。

D. Sacrificial lamb scripts

D.牺牲羔羊文字

Previously, when online security was still in its phase of evolution, almost all the out-of-box server installation used to come with a form mail script that was considered to be secure (ofcourse now we know that it was just an assumption). Surprisingly, such scripts are still being used till today. Hence, one must get assured that such scripts are detected, neutralized and deleted forever from the server.

以前，当在线安全仍处于发展阶段时，几乎所有现成的服务器安装都曾经带有被认为是安全的表单邮件脚本(当然，现在我们知道这只是一个假设)。令人惊讶的是，直到今天，此类脚本仍在使用。因此，必须确保从服务器上永远检测，消除和删除此类脚本。