Super detailed defense against cron attack scheme

A few days ago, a friend said that his station consumes a lot of clouds, and then the log found that most of the access is cron.php. Then it is not the intranet IP access, nor has it been monitored. It is estimated that it has been maliciously accessed by others. However, it seems that the modification of the name is also somewhat unsafe, and the IP blacklist effect will not be very strong. Because IP can be changed at any time, I added a piece of code to solve this problem. Is to add a get to cron.php parameters, and then modify the cron in config.yaml, the problem of malicious access is resolved, the consumption in these days must be reduced. This example tells us that if you are using an open source program, when someone finds your open source program, you can look at the code and try to consume your cloud beans. Therefore, we have to eat a long and a wise, although the technical content is not so high, but it will still be much safer. After all, he doesn't know if your cloud beans are consumed, and he just tries to attack your program. . But I set the more cumbersome, because at the beginning, cron is output ok, now he does not have GET to pass data, but also returns ok, but the actual implementation is successful, the return is yes. Let's get to the point below, first add the following sentence to cron.php. If (empty($_GET['password']) | |  $_GET['password'] != 'user@test') exit('ok'); //password and user@test can be modified arbitrarily. //The access method is the domain name/program name.php?password=user @test then modify the config.yaml file, add the simple cron.php followed by "program name.php?password=user@test” here" program name.php?password=user@test” not absolute . If you modified the password and user@test in the if area, then this also needs to be modified. As the example below. - description: Task url: cron.php?password=user@test schedule: */1 * * * *This article is from [System Home] www.xp85.com