Programmer, a “poor working man” in the Internet age. In addition to having to endure the product manager riding on the neck and shitting, they also have to face all kinds of unpredictable bad things. Including but not limited to server crashes, bug fixes, comments, taking over mountains of junk code left by colleagues, etc.
But fortunately, this is still the hottest profession at the moment. There will always be new people full of enthusiasm to join, and there will always be bigwigs willing to share their code technology.
For example, at station B, you may have seen this UP master named “Programmer Fish Skin”. He often posts some coding teaching videos to lead newcomers into the pit.
The UP master seems to have a good temper, and he is polite and non-aggressive in his gestures, which is true. However, it is precisely because the persimmons have to be softly squeezed, and in recent months, the fish skin has not been very smooth.
Called a suffering, struggling. From his series of videos of “Shame on Programmers”, we can get a glimpse of some clues.
Things, but also from the video on January 10th. Yupi established a website for interview questions, called “Test Duck”, with a pure original intention – to help the majority of programmers interview. There are various questions on the website, similar to the driving test collection, and everyone can simulate interviews according to their own positions.
However, if the tree is not repaired, it will not go straight, and without some vulnerability attacks, the security system of the website will not grow. So, a few enthusiastic netizens came to help the website “grow up” instead of writing questions on the website.
For example, in a web page, the whole section of xss of <fish skin is a dog> is ruthlessly injected. Programming knowledge: xss, the Chinese name is cross-site scripting attack, the attacker obtains more website operation permissions by injecting malicious command code into the website.
Or, directly crawled more than 500 pages of test content on the website with a crawler. The fish skin’s question bank is only more than 400 pages in total, which is 100 pages of content predicted in advance. Programming knowledge: crawler, a technical means of crawling the content data of public websites.
Some people even swiped 200,000 irrigation content in one go.
The website just crashed.
The most irritating thing is that he didn’t forget to ridicule before he left.
There are also some people who frantically advertise on the website, maliciously brush comments, brush likes, and so on. But compared with the big brothers above, it has been considered polite.
After this incident, Yupi realized that his website had many loopholes that needed to be fixed urgently. So I worked hard, went back and changed the bug, and made a version update. It was quite common for the new website to be attacked, and the whole thing looked like a spoof by netizens.
But no one thought of it, this time it actually aroused everyone’s desire to win. Even if many newcomers leave harsh words, they are bound to bring down the website, and they have no intention of showing mercy.
Then within two days, someone destroyed the answer section of the site. The reason is that this person replied to a comment with a size of up to 6M in the answering area, and his nickname alone has more than 3M. Then I replied to myself again, the amount of data was too large, and the comment area exploded.
Later, I came forward and said that there was no malicious intent, just playing, um, playing.
Another person cloned the ID and avatar of a webmaster Yupi, making the system mistakenly believe that this person was Yupi himself. In this way, he can act recklessly in the community, and even the fish skin himself cannot delete the contents of the watering.
What’s more, want to have a wave of DDoS on the website. The good news is that the IP address of the attack target is wrong, and Yuskin’s test duck website is fine.
The bad news is that another innocent feedback platform was accidentally hurt. . . Programming knowledge: DDoS, Chinese name Distributed Denial of Service, can block the opponent’s server while hiding the attacker’s IP, so that the attack target cannot be used normally. s method.
At this point, the UP master has been targeted, and he is simply a walking AKA target brother. For example, in a live broadcast one day, he wanted to teach netizens how to build their own website. But before it started, because of exposing its IP address, within a few minutes, it was attacked by a large-traffic DDoS. There was a live performance of what is called a live broadcast accident, and the barrage also praised the attacker’s superb skills.
After being hammered for several months, the fish skin couldn’t sit on the stool. As the saying goes, if life knocks me down, I won’t get up. Therefore, he simply lay down and accepted his target character, without saying a word—
A website specially created to be attacked. I have never heard such an outrageous request in my life.jpg ▼
In order to make it easy for everyone to attack his new website, he even included a thoughtful tutorial for beginners. Like the one below, clicking the favorite button continuously and quickly according to the prompts can cause the website to fail to reflect and display errors.
For super novice, you can also use the “toolkit” in the lower right corner of the website to attack. The toolkit contains various shortcut options, and many behaviors can be generated with one click. Like generating watered content, marketing ads, fake content, etc., copy content to clipboard with one click. It can be said that it is quite convenient to “attack”.
In the “professional tools” in the next column, you need to master a certain programming foundation. For example, if you click “View Web Page Source Code”, a login password prompt left by Fish Skin will pop up.
If you don’t even know how to open the source code of the web page, then Yuskin also teaches you how to right-click to view it. By the way, after entering the source code page, Shichao first searched “Password” globally, but found nothing, and then searched for “Password” in Chinese, and the login password came out. . .
All I can say is that he was really afraid that I could not find him, and I cried to death.
After successfully obtaining the password, in the user login interface, you can log in directly with the password of the webmaster.
Every time a bug is found, a small reminder to unlock the achievement will pop up. On the website, the blood pressure value of the UP main fish skin has increased. To put it bluntly, it is like an achievement system similar to in-game.
It doesn’t matter if you can’t find the bug, because there is also an attack prompt directory in the website. Under each attack method, there will also be a piece of popular science knowledge on how to prevent it, or a link to Baidu Encyclopedia.
By the way, it was only 3 minutes after the video about the website was posted, and this “begging for beating” website was beaten down.
Seeing this, I have to admire the speed of the brothers.
I believe that programmers who know how to do it have already noticed that something is wrong. Because in many places, it doesn’t really count as a hack. But I have to admit that this is undoubtedly a novice teaching to prevent website attacks for beginners who are new to programming.
The purpose of the fish skin is also to remind everyone that when you build your own website, you can have a long memory and take safety measures.
After all, website hacking is a common occurrence. As the saying goes, there is no absolutely secure website in the world, no matter how well the security measures are done, there are still hackers who are one foot high and find loopholes.
These pretentious hackers, sometimes not even for the money, just want to prove their technical skills, and cause various important website servers to be paralyzed.
Just like a small website, on some large websites, a crash for a few hours at a time may cause tens of millions of property losses. Such as attacking Alipay, but it was finally punished by the law ▼
If you want to defeat your opponent, you must become an opponent and understand the opponent’s routine. So if you want to learn website protection, you must first know what the common attack methods are.
And Yupi, the UP master, provides such a platform. Those who want to build their own websites, what are they thinking about if they don’t attack now? However, this is also a tactical exchange, so don’t get me wrong. If you really want to get into the website again and can’t get in, it would be too inauthentic.
This article is reprinted from https://www.techug.com/post/the-website-made-by-the-worst-programmer-in-station-b-can-crash-even-my-milk.html
This site is for inclusion only, and the copyright belongs to the original author.