流水

【产品缺陷】控制台里安全组漏洞,请重视

[问题描述]:

我在另外一个账号上新购了一台阿里云的ecs,centos7.4,因为要安装宝塔的面板工具(本人技术水平有限,想简单快速安装nginx-tengine,我也不会手动改各种配置和配置ssl这样的操作)。

所以我就需要放行端口,所以我就要修改安全组规则。默认要把8888打开,8888/8888,授权0.0.0.0/0。这个我经常搞,可以熟练操作。

但是在我新建规则的时候遇到了验证码(这个保护虽然让我很不方便,但是很安全),我另外的那个手机号实在是不方便接收。

于是,我想到了一个办法,把我这个账户上的安全组规则进行导出,然后去另外一个号上去导入。真的是没想到,竟然成了。导出的是json格式的。

我格式化了一下,请查看附件的图片吧,用的arial字体,你们可以orc识别一下,就是正常的配置。(粘贴在这里影响篇幅,ps简单做了一张图)

这个我认为存在隐患吧,但是说不清楚。但是用户的这个操作,应该要想到的。

对了,我的环境是

Chrome 67.0.3396.99 (正式版本) (32 位)

Windows 10 专业版 版本1803 (OS 内部版本 17134.228)

是在Chrome下导出的,在Chrome隐身模式下登陆的另外一个账号进行导入的。

[建议方案]:

建议重视,我和公司一直都是用的阿里云服务器,曾在工单中回复“买的不是服务器,是服务”!希望越做越好!
##############第一次修改##############
#######更换了附件,忘了给自己端口打码了######

###########提交2018-08-22-05-17###########

json.png

326 thoughts on “【产品缺陷】控制台里安全组漏洞,请重视

  1. Hello there! Do you know if they make any plugins to help with Search Engine Optimization?
    I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good success.
    If you know of any please share. Thanks!

  2. I was wondering if you ever considered changing the page layout of your website?
    Its very well written; I love what youve got to say. But maybe
    you could a little more in the way of content so people could connect with it better.

    Youve got an awful lot of text for only having 1 or two
    images. Maybe you could space it out better?

  3. Hey just wanted to give you a quick heads up and let you know a few of
    the images aren’t loading properly. I’m not sure why but I think its a linking issue.
    I’ve tried it in two different web browsers and both show the same outcome.

  4. I got this website from my pal who told me about this web page and at the moment this time I am browsing this web site
    and reading very informative articles or reviews at this time.

  5. I’m extremely impressed along with your writing talents and also with the format on your weblog.
    Is this a paid subject matter or did you customize it yourself?
    Either way keep up the nice quality writing, it is uncommon to peer a
    nice blog like this one today..

  6. I like the helpful information you provide in your articles.
    I’ll bookmark your blog and check again here frequently.
    I’m quite sure I’ll learn plenty of new stuff right here!

    Best of luck for the next!

  7. Thanks for every other informative website. Where else may I get that type of information written in such a perfect approach?
    I have a project that I’m simply now operating on, and I have been on the look out for such information.

  8. You really make it seem so easy with your presentation however I in finding this matter to be actually something which I believe I would never
    understand. It seems too complicated and very vast for me.
    I am looking forward for your subsequent submit, I will attempt to get the cling
    of it!

  9. Today, while I was at work, my cousin stole my iphone and tested to
    see if it can survive a thirty foot drop, just so she can be a youtube sensation.
    My iPad is now destroyed and she has 83 views. I know this is
    entirely off topic but I had to share it with someone!

  10. Amazing blog! Do you have any tips and hints for aspiring
    writers? I’m hoping to start my own website soon but I’m a
    little lost on everything. Would you propose
    starting with a free platform like WordPress or go for a paid option? There are so many options out there that I’m completely overwhelmed ..

    Any ideas? Bless you!

  11. You actually make it seem so easy with your presentation but I
    find this topic to be actually something that I think I would
    never understand. It seems too complicated and extremely broad for me.
    I’m looking forward for your next post, I’ll try
    to get the hang of it!

发表评论

电子邮件地址不会被公开。 必填项已用*标注

答案 : *
17 − 5 =


返回顶部