</noscript> <script> function stop(){ return false; } document.oncontextmenu=stop; </script> <!-- nav --> <nav class="navbar navbar-default navbar-fixed-top"> <div class="container"> <div class="navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> <span class="sr-only">Tomato Studio</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <!-- logo --> <a href="/" class="navbar-brand"><img src="/images/logo.png" class="img-responsive" alt="Tomato Studio" width="260" /></a> <!-- logo end --> </div> <div id="navbar" class="navbar-collapse collapse"> <ul class="nav navbar-nav"> <li class="oen"><a href="/">网站首页</a></li> <li class="oen dropdown"> <a href="/html/News" data-toggle="dropdown" data-submenu="">最新消息<span class="caret"></span></a> <ul class="dropdown-menu"> <li> <a title="作品动态" href="/html/Dynamics">作品动态</a> </li> <li> <a title="好文推荐" href="/html/Article">好文推荐</a> </li> </ul> </li> <li class="oen dropdown"> <a href="/html/Products" data-toggle="dropdown" data-submenu="">作品介绍<span class="caret"></span></a> <ul class="dropdown-menu"> <li> <a title="易学C++" href="/html/ecpp">易学C++</a> </li> </ul> </li> <li class="oen dropdown"> <a href="/html/Download" data-toggle="dropdown" data-submenu="">下载中心<span class="caret"></span></a> <ul class="dropdown-menu"> <li> <a title="易学C++相关" href="/html/ecpp_download">易学C++相关</a> </li> </ul> </li> <li class="oen dropdown"> <a href="/html/About" data-toggle="dropdown" data-submenu="">关于我们<span class="caret"></span></a> <ul class="dropdown-menu"> <li> <a title="成员招募" href="http://www.easy-cpp.com/index.php?case=form&act=add&form=my_yingpin">成员招募</a> </li> <li> <a title="发展愿景" href="/html/Vision">发展愿景</a> </li> </ul> </li> <li class="oen"> <a href="http://www.easy-cpp.com/index.php?case=guestbook">读者反馈</a> </li> </ul> <div class="navbar-right user-panel"> </div> </div><!--/.nav-collapse --> <div class="top-nav-right"> <ul class="navbar-right"> <li id="fat-menu" class="dropdown"> <a class="dropdown-toggleglyphicon glyphicon glyphicon-globe" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"></a> <ul class="dropdown-menu" aria-labelledby="drop3"> <li><a id="StranLink" name="StranLink">繁體</a></li> </ul> </li> <li class="glyphicon glyphicon-search" data-toggle="modal" data-target=".bs-example-modal-lg-search" aria-hidden="true"></li> </ul> </div> </div> </nav> <div class="clearall"></div> <script type="text/javascript"> //<!CDATA[ var bodyBgs = []; bodyBgs[0] = "/images/banner/s1.jpg"; bodyBgs[1] = "/images/banner/s2.jpg"; bodyBgs[2] = "/images/banner/s3.jpg"; bodyBgs[3] = "/images/banner/s4.jpg"; bodyBgs[4] = "/images/banner/s5.jpg"; var randomBgIndex = Math.round( Math.random() * 4 ); //输出随机的背景图 document.write('<style>.banner{background:url(' + bodyBgs[randomBgIndex] + ') no-repeat 50% bottom}</style>'); //]]> </script> <section> <div class="banner" style="height:160px;"> </div> </section><div class="clearall"></div><!-- 面包屑导航开始 --> <nav class="sub_menu"> <div class="container"> <h3>好文推荐</h3> </div> </nav> <!--/sub_menu--><!-- 面包屑导航结束 --> <!-- 页面标题开始 --> <div class="title"> <div class="container"> <h3>三分钟说清“撞库攻击”</h3> <p class="t_tools1">作者:<a>Tomato</a> 添加时间:2017-01-12 07:43:04 来源:本站原创</p> <script src="/template/default/skin/js/c_tool.js" type="text/javascript" ></script><!--用于打印和文字放大--> </div> </div> <!-- 页面标题结束 --> <!-- 中部开始 --> <div class="container"> <!--用于打印和文字放大--> <div class="content_tools_box"> <p class="content_tools"> <a href="javascript:CallPrint('print');">打印本文</a> <a href="javascript:doZoom(14)">小</a> <a href="javascript:doZoom(18)">中</a> <a href="javascript:doZoom(20)">大</a> </p> <div class="clearfix"></div> <script src="/template/default/skin/js/c_tool.js" type="text/javascript" ></script> </div> <!--/用于打印和文字放大--> <div class="content" id="print"> <!-- 正文 --> <div id="content_text"> <p>近日有多起金融“诈骗”案、铁路购票黄牛案涉及“撞库攻击”这个名词。虽然名字很炫,但实际上它的原理并不复杂。在此想简单介绍一下它的原理,以便于大家对这种攻击方式进行防范。</p><p><img style="WIDTH: 327px; HEIGHT: 216px" alt="14841809445139.jpg" src="/upload/images/201701/14841809445139.jpg" width="638" height="426"/></p><p> </p><h1 style="BORDER-BOTTOM: rgb(204,204,204) 2px solid; TEXT-ALIGN: left; PADDING-BOTTOM: 0px; MARGIN: 0px 0px 10px; PADDING-LEFT: 0px; PADDING-RIGHT: 4px; FONT-SIZE: 32px; FONT-WEIGHT: bold; PADDING-TOP: 0px" label="标题居左">什么是撞库攻击</h1><p>由于现在需要注册的网站众多,为了避免忘记用户名和密码(当然也可能是因为懒惰<img src="http://img.baidu.com/hi/face/i_f08.gif"/>),人们倾向于在不同的网站使用同一套邮箱地址、用户名和密码。如果密码的强度足够,这本身没有什么问题。</p><p>然而,用户的密码强度足够并不表示黑客没有办法知道。在不同的网站,其防范攻击的能力是不同的。例如一些开源的网店系统、论坛等,多多少少会被爆出一些漏洞来,黑客可以利用这些漏洞来获取这些站点里的用户信息,包括邮箱地址、用户名和密码。尽管正常设计的网站密码都是MD5加密的,但在MD5字典面前,稍微简单一些的密码和有含义的密码(例如英文单词)几乎就是秒破。在黑客获取到一批用户的登录信息后,他们会去找一些有经济价值的网站,例如购物网站、支付宝、电信运营商、网络银行等。然后将这些用户登录信息挨个儿去验证,总有一些“不幸”的用户会中招。</p><p>如果再配合以电信运营商的漏洞,例如在网上办理换卡业务或短信拦截等,就能够搞出更大的事儿来了。近期一些网银被盗,钱被莫名转走基本都是利用这种方式。<br/></p><p> </p><h1 style="BORDER-BOTTOM: rgb(204,204,204) 2px solid; TEXT-ALIGN: left; PADDING-BOTTOM: 0px; MARGIN: 0px 0px 10px; PADDING-LEFT: 0px; PADDING-RIGHT: 4px; FONT-SIZE: 32px; FONT-WEIGHT: bold; PADDING-TOP: 0px" label="标题居左">撞库攻击成功的三要素</h1><p>1. 受害者在不同的网站使用了相同的用户名(或邮箱)、密码。</p><p>2. 黑客通过攻击方式在安全性较差的网站上获得了大量的用户登录信息。</p><p>3. 验证(攻击)用户登录信息的目标站点不需要通过另一种手段验证(例如手机动态密码),或另一种手段存在漏洞(手机卡或短信被劫持)。</p><p> </p><h1 style="BORDER-BOTTOM: rgb(204,204,204) 2px solid; TEXT-ALIGN: left; PADDING-BOTTOM: 0px; MARGIN: 0px 0px 10px; PADDING-LEFT: 0px; PADDING-RIGHT: 4px; FONT-SIZE: 32px; FONT-WEIGHT: bold; PADDING-TOP: 0px" label="标题居左">如何防范撞库攻击</h1><p>1. 在不同的网站上使用不同的用户名、密码。</p><p>2. 如果做不到第1条,可以折衷为以下两种方案:</p><p> a) 备有3-4套不同的安全等级的用户名密码,根据网站的安全系数和风险评估使用不同的组合。(例如论坛的用户名和密码别和网银的用户名密码一样)</p><p> b) 所有用户名都加上网站后缀,例如tomato123_jdcom。因为撞库的时候是进行大量穷举式验证的,黑客不太可能会也没空关注到后缀规则,因此实现了在不同网站使用不同的用户名。</p><p>3. 在任何情况下遇到手机无法正常使用,或来短信提示说手机账号、网银被登录,请立即致电银行关停所有银行卡。</p><p> </p><p>本文为“番茄工作室”原创文章,如需转载请注明原始链接。<br/></p></div> </div> <div class="blank30"></div> <!-- tag --> <div class="blank10"></div> 标签: <a href='/tags/wangluoanquan_3_1.html' target='_blank'>网络安全</a> <div class="blank30"></div> <!--自动调用自定义字段--> <div class="blank20"></div> <div class="blank30"></div> </div> <!-- 投票 --> <script src="/index.php?case=vote&act=view&aid=59"></script> <div class="container"> <!-- 自定义表单开始 --> <!-- 自定义表单结束 --> <div class="blank60"></div> <!-- 上下页开始 --> <div id="page"> <strong>上一篇</strong><a href="/html/Article/show_55.html">都是5岁学习编程,为啥人家的孩子会不一样?</a> <div class="blank10"></div> <strong>下一篇</strong><a href="/html/Article/show_61.html">Visual Studio 2017安装和使用方法</a> </div> <!-- 上下页结束 --> </div> <div class="blank30"></div> <!-- 评论框开始 --> <style type="text/css"> /****************评论*/ #comment { margin-top:20px; } .comm input[type=text]{border:none; background:#F6F6F6;} .comm input:hover { -moz-box-shadow:0px 0px 10px #A5C7FE; -webkit-box-shadow:0px 0px 10px #A5C7FE; box-shadow:0px 0px 10px #A5C7FE;} .comment_list {padding:10px 0px;} .comm_head { min-width:90px; min-height:90px; background: url(/template/default/skin/images/comm/comm_m.png) left top no-repeat;background-size:70% auto;} #comm_content {width:15px; height:15px; position: relative; top:10px; left:-28px; background: url(../images/comm/comm_content.gif) left top no-repeat;} .comm_content { padding:0px 10px 0px 20px; background:#F5F5F5; border:1px solid #ccc;border-radius: 3px 3px 3px 3px;} .comm_content p span {color:#999; font-size:12px; padding-left:15px;} .comm_content p strong {color:#666;} .commentnumber {padding:0px 5px;color:#CC0000;} .comment_info {height:30px; line-height:30px; padding-left:30px;background:url(/template/default/skin/images/comm/comment.gif) left center no-repeat;} .comment_list dt strong {color: #70AADA;} .comment_list dd.admin_reply {margin:10px; padding:10px;border:1px dotted #ccc; background:#FFFFEE;} .comm_name,.comm_code {float:left; height:32px; line-height:32px; padding:0px 10px; border:1px solid #ccc; color:#666; border-radius: 3px 0px 0px 3px;} .comm_name:hover,.comm_code:hover { background-color:#FFC;} .comm_name {width:206px;border-radius: 3px 3px 3px 3px;} #mobilenum { float:left; width:150px; height:32px; line-height:32px; padding:0px 10px; } #btm_sendMobileCode {float:left; height:32px; line-height:32px; margin-right:10px; padding:0px 15px; border:1px solid #ccc; border-radius: 5px 5px 5px 5px; font-size:12px; color:#555; background:#eee;} #textarea { width:300px; border:none; padding:10px; background:#F6F6F6;} #textarea:hover {background-color:#FFC; -moz-box-shadow:0px 0px 10px #A5C7FE; -webkit-box-shadow:0px 0px 10px #A5C7FE; box-shadow:0px 0px 10px #A5C7FE;} </style> <div class="blank30"></div> <!-- 页面标题开始 --> <div class="title"> <div class="container"> <h3>评论</h3> <p>Comment</p> </div> </div> <!-- 页面标题结束 --> <div class="blank30"></div> <div class="container"> <form action="/index.php?case=comment&act=add" method="POST" name="comment_form" id="comment" class="wow fadeIn" data-wow-delay="0.6s"> <div class="comm"> <div class="blank10"></div> <input type="hidden" name="aid" value="59"/> 用户名 Name <div class="blank10"></div> <input type="text" name="username" class="comm_name" value="p1s" /> <div class="blank10"></div> <div class="blank10"></div> 评论 Comment <div class="blank10"></div> <textarea name="content" id="textarea" ></textarea> <div class="balnk10"></div> <input type='text' id="verify" tabindex="3" name="verify" /> <img src="/index.php?case=tool&act=verify" id="checkcode" onclick="this.src='/index.php?case=tool&act=verify&id='+Math.random()*5;" style="cursor:pointer;" alt="点击刷新验证码" align="absmiddle"/> <div class="balnk10"></div> <div class="blank30"></div> <input name="submit" class="btn btn-primary" value=" 提交 " type="submit" /> <div class="blank30"></div> <div class="comment_info"> <a rel="nofollow" href="/index.php?case=comment&act=list&aid=59">已有<span class="commentnumber">(0)</span>位网友发表评论 <strong>点击查看</strong></a> </div> </form> </div> </div> <div class="blank60"></div><!-- 评论框结束 --> <div class="clear"></div> </div> </div> <!-- 页底推荐图文产品开始 --> <!-- 页底推荐图文产品结束 --> <script defer> var obj = document.getElementById("content_text").getElementsByTagName("img"); for(i=0;i<obj.length;i++){ if(obj[i].width>1000){ obj[i].width = 1000; } } </script> <!-- 页底 --> <div class="foot"> <div class="container"> <div class="row"> <div class="col-sm-5"> <dl class="foot_left"> <dd> <form name='search' action="/index.php?case=archive&act=search" onsubmit="search_check();" method="post"> <input type="text" name="keyword" value="请输入查询信息!" onfocus="if(this.value=='请输入查询信息!') {this.value=''}" onblur="if(this.value=='') this.value='请输入查询信息!'" class="s_text" /> <input name='submit' type="submit" value="" align="middle" class="s_btn" /> </form> </dd> <dd class="blank20"></dd> <form name="listform" id="listform" action="/index.php?case=archive&act=email" method="post"> <dd> <input type="text" name="email" id="email" value=" 邮件订阅 " onfocus="if(this.value==' 邮件订阅 ') {this.value=''}" onblur="checkEmail(this)" class="s_text" /> <input type="submit" align="absmiple" name='submit' value=" " class="s_btn" /> </dd> </form> </dl> </div> <div class="col-sm-2"> <dl class="foot_qr_codes"> <dd><img width="150" src="/index.php?case=tool&act=qrcode" /></dd> <dd>扫描访问手机版</dd> </dl> </div> <div class="col-sm-5"> <dl class="copyrights"> <dd>Copyright © 2005-2018 <a title="Tomato Studio" href="/">Tomato Studio</a></dd> <dd><script src='http://pw.cnzz.com/c.php?id=1260950944&l=2' language='JavaScript' charset='utf-8'></script> Powered by <a href="http://www.cmseasy.cn" title="CmsEasy企业网站系统" target="_blank">CmsEasy</a></dd> <dd><a rel="nofollow" href="http://www.miibeian.gov.cn/" rel="nofollow" target="_blank">沪ICP备14043018号-2</a></dd> <dd></dd> </dl> </div> </div> <div class="row"> <div class="col-md-5"> 热门关键词: </div> </div> </div> </div> <!--/footer--> <!-- search --> <div class="container-fluid"> <div class="modal fade bs-example-modal-lg-search" tabindex="-1" role="dialog" aria-labelledby="myLargeModalLabel"> <div class="modal-dialog modal-lg"> <div class="modal-content"> <div class="row"> <form name='search' action="/index.php?case=archive&act=search" onsubmit="search_check();" method="post"> <div class="col-lg-1"></div> <div class="col-lg-10"> <div class="input-group"> <input type="text" name="keyword" class="form-control" placeholder="请输入查询信息!"> <span class="input-group-btn"> <button class="btn btn-default" name='submit' type="submit">Go!</button> </span> </div> </div> <div class="col-lg-1"></div> </form> </div> </div> </div> </div> <!-- search end --> <div class="servers"> <!--[if (gte IE 7)|!(IE)]><!--> <!-- 在线客服 --> <![endif]--> <!-- 短信 --> </div> <div class="servers-wap"> <style type="text/css"> #plug-wrap { position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0, 0, 0, 0); z-index:800; } .top_bar { position:fixed; bottom:0; right:0px; z-index:900; -webkit-tap-highlight-color: rgba(0, 0, 0, 0); font-family: Helvetica, Tahoma, Arial, Microsoft YaHei, sans-serif; } .plug-menu { -webkit-appearance:button; display:inline-block; width:36px; height:36px; border-radius:36px; position: absolute; bottom:17px; right: 17px; z-index:999; box-shadow: 0 0 0 4px #FFFFFF, 0 2px 5px 4px rgba(0, 0, 0, 0.25); -webkit-transition: -webkit-transform 200ms; -webkit-transform:rotate(1deg); color:#fff; background-image:url('/template/default/skin/images/wao/plug.png'); background-repeat: no-repeat; -webkit-background-size: 80% auto; background-size: 80% auto; background-position: center center; } .plug-menu:before { font-size:20px; margin:9px 0 0 9px; } .plug-menu:checked { -webkit-transform:rotate(135deg); } .top_menu>li { width: 32px; height:32px; border-radius:32px; box-shadow: 0 0 0 3px #FFFFFF, 0 2px 5px 3px rgba(0, 0, 0, 0.25); position:absolute; bottom:0; right:0; margin-bottom: 20px; margin-right:20px; z-index:900; -webkit-transition: -webkit-transform 200ms; } .top_menu>li a { color:#fff; font-size:20px; display: block; height: 100%; line-height: 33px; text-align: center; } .top_menu>li>a label{ display:none; } .top_menu>li a img { display: block; width: 22px; height: 22px; text-indent: -999px; position: absolute; top: 50%; left: 50%; margin-top: -11px; margin-left: -11px; } .top_menu>li.on:nth-of-type(1) { -webkit-transform: translate(-0, -100px) rotate(720deg); } .top_menu>li.on:nth-of-type(2) { -webkit-transform: translate(-47px, -81px) rotate(720deg); } .top_menu>li.on:nth-of-type(3) { -webkit-transform: translate(-81px, -45px) rotate(720deg); } .top_menu>li.on:nth-of-type(4) { -webkit-transform: translate(-100px, 0) rotate(720deg); } #sharemcover { position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0, 0, 0, 0.7); display: none; z-index: 20000; } #sharemcover img { position: fixed; right: 18px; top: 5px; width: 260px; height: 180px; z-index: 20001; border:0; } /*分享*/ #fenxiang_box{color:white; position:fixed; top:0px;width:100%;background: rgba(0, 0, 0, 0.7); padding:30px 10%; } #fenxiang_box .bdsharebuttonbox{ padding:10px 0;} #btn_fenxiang{ } #btn_fenxiang span{ display:none;} #fenxiang_box{ display:none; } </style> <div class="top_bar" style="-webkit-transform:translate3d(0,0,0)"> <nav> <ul id="top_menu" class="top_menu"> <input type="checkbox" id="plug-btn" class="plug-menu themeStyle" style="background-image:url('/template/default/skin/images/wap/plug.png');border:0px;"> <li class="themeStyle out" style="background:"> <a href="tel:"><img src="/template/default/skin/images/wap/plugmenu1.png"><label>电 话</label></a> </li> <li class="themeStyle out" style="background:"> <a href="sms:"><img src="/template/default/skin/images/wap/plugmenu3.png"><label>短信</label></a> </li> <li class="themeStyle out" style="background:"> <a href="javascript:;" id="btn_fenxiang"><img src="/template/default/skin/images/wap/plugmenu5.png"><label>分享</label></a> </li> <li class="themeStyle out" style="background:"> <a href="/index.php?case=guestbook&act=index"><img src="/template/default/skin/images/wap/plugmenu6.png"><label>留言</label></a> </li> </ul> </nav> </div> <div id="fenxiang_box"> <h3>分享到:</h3> <div class="bdsharebuttonbox"><a href="#" class="bds_more" data-cmd="more"></a><a href="#" class="bds_qzone" data-cmd="qzone" title="分享到QQ空间"></a><a href="#" class="bds_tsina" data-cmd="tsina" title="分享到新浪微博"></a><a href="#" class="bds_tqq" data-cmd="tqq" title="分享到腾讯微博"></a><a href="#" class="bds_renren" data-cmd="renren" title="分享到人人网"></a><a href="#" class="bds_weixin" data-cmd="weixin" title="分享到微信"></a></div> <script src="/template/default/skin/js/fenxiang.js" type="text/javascript" ></script><!--用于分享按钮--><script>window._bd_share_config={"common":{"bdSnsKey":{},"bdText":"","bdMini":"2","bdMiniList":["qzone","bdysc","renren","tieba","sqq","thx","copy"],"bdPic":"","bdStyle":"1","bdSize":"32"},"share":{}};with(document)0[(getElementsByTagName('head')[0]||body).appendChild(createElement('script')).src='http://bdimg.share.baidu.com/static/api/js/share.js?v=89860593.js?cdnversion='+~(-new Date()/36e5)];</script> </div> <div id="plug-wrap" style="display: none;" ></div> <script> $(function(){ $(".plug-menu").click(function(){ var li = $(this).parents('ul').find('li'); if(li.attr("class") == "themeStyle on"){ li.removeClass("themeStyle on"); li.addClass("themeStyle out"); }else{ li.removeClass("themeStyle out"); li.addClass("themeStyle on"); } }); }); </script> </div> <script type="text/javascript" src="/js/common.js"></script> <script> (function(){ var bp = document.createElement('script'); var curProtocol = window.location.protocol.split(':')[0]; if (curProtocol === 'https') { bp.src = 'https://zz.bdstatic.com/linksubmit/push.js'; } else { bp.src = 'http://push.zhanzhang.baidu.com/push.js'; } var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(bp, s); })(); </script> <!-- Bootstrap core JavaScript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="/template/default/skin/js/bootstrap.min.js"></script> <!-- Just to make our placeholder images work. Don't actually copy the next line! --> <script src="/template/default/skin/js/holder.min.js"></script> <!-- IE10 viewport hack for Surface/desktop Windows 8 bug --> <script src="/template/default/skin/js/ie10-viewport-bug-workaround.js"></script> <script src="/template/default/skin/js/bootstrap-submenu.js"></script> <script src="/template/default/skin/js/docs.js"></script> </body> </html>