inotgo.com

Step 1 : First, let's talk about http   
Step 2 : http Hijack   
Step 3 : ssl   
Step 4 : ssl Certificate   

When you visit a web page , All are accessed by default http agreement , For example http://inotgo.com. Even if it's not clearly written in the address bar http, Only one inotgo.com, In fact, the browser will automatically add http:// of .

http Is the name of the agreement . What is the concept of agreement ? That is, the rules agreed in advance between the browser and the server , According to the predetermined rules , The server and browser can understand each other .

http Defects in the agreement , Here we mainly talk about the defects in security . http The protocol is transmitted in clear text , Regardless of the data , account number , Passwords are transmitted in clear text on the network , So there are huge security risks . One is that it is easy to disclose passwords , Another easy to hijack .

Some time ago inotgo.com Was hijacked , The effect is to visit http://inotgo.com When I was , Will jump to an indescribable website . Next, let's explain how hijacking happened .
how2j The data is on Alibaba cloud , If the user wants to get how2j Your data , Not directly from From the server . I'll find the operator first , Then the operator takes out the data , After taking it out , Then send it to the user .

As shown in the figure , This is 3 A major operator , They act as intermediaries .

Generally speaking , This agency can't do anything , Take the data obtained from Alibaba cloud , Just return to the user .

But , If there are hackers , Or indescribable reasons within the operator , The data obtained is passive , Then the data sent to the user , It's not the original data .

how2j Hijacked , It should have returned to normal html, But it was roughly modified to :

<html><body><script>location.href=" Indescribable .com"</script></body></html>

The user experience is after the visit , Jump directly to other pages .
http  Hijack
Because http Is transmitted in clear text , So it's easy to edit , So there was the phenomenon of being hijacked .

To solve this problem , We need to be in http Make an enhancement to the protocol , This enhancement is conduct ssl authentication . After certification , http The agreement becomes https The agreement .

https In theory, the agreement will also be with http Will also be edited , But the difficulty and cost is the rise of the index level , So in terms of probability , The phenomenon of being hijacked again will be much smaller
ssl
Be able to drive on the road relatively safely , You have to have a driver's license , This certificate should preferably be issued by a widely recognized authority , So that people can trust it .

In the same way :

To do ssl authentication , You need to ssl Certificate . This certificate should preferably be issued by a widely recognized authority , So that people can trust it .

ssl That's what a certificate means ~

The next chapter will explain how to apply for this certificate .


The official account of programming , Follow and get the latest tutorials and promotions in real time , thank you .


Q & A area    
2019-10-31 What about indescribable website links , I want to complain , It is everyone's responsibility to purify the network environment .( Funny )
Dingshuangwu

That makes sense, brothers ?




5 One answer

ecolee
Answer time :2021-07-20
Support webmaster , I am willing to undertake this indescribable evil website alone , Just let me go

Carl_
Answer time :2021-01-04
Don't drive this way , Send it to me separately and let me study it well

sc058918
Answer time :2020-07-20
I'm Huang Jianshi , The webmaster can send it to me privately , Such a website can't be soft , Must report .

ljhhuahua
Answer time :2020-03-31
must not , We should pay attention to evidence , Please send out , We'll test it together before we make a decision

It's cold in the evening
Answer time :2020-03-12
This must be reported , Please send it out . Let's report



The answer has been submitted successfully , Auditing . Please My answer Check the answer record at , thank you
answer Or code please Fill in at least one , If you have a problem , Please ask again , Otherwise, the webmaster may not see




2019-10-30 very good
Smoke with the range hood on

very good







The answer has been submitted successfully , Auditing . Please My answer Check the answer record at , thank you
answer Or code please Fill in at least one , If you have a problem , Please ask again , Otherwise, the webmaster may not see




2019-10-30 It's not the first time that advertising can't be put on the Internet




Please... Before asking questions land
The question has been submitted successfully , Auditing . Please My question Check the question record at , thank you
about Third party development -ssl- Concept introduction Your questions

Try to provide Screenshot code and Abnormal information , Help to analyze and solve problems . You can also enter this station QQ Group communication : 496725845
Ask questions and try to provide complete code , Environment description , The more conducive to the recurrence of the problem , The faster your question can be answered .
Have questions about the code in the tutorial , Please provide which step , Which line is in doubt , This makes it easy to quickly locate the problem , Improve the speed at which questions are answered
In the thousands of questions that already exist , A considerable proportion , Because of the use of and webmaster Different versions of the development environment Resulting in , For example jdk, eclpise, idea, mysql,tomcat Wait, the version of the software is inconsistent .
Please use the same version as the webmaster , You can save yourself a lot of learning time . The webmaster sorted out the software versions used in teaching , It's all here , Convenient for everyone to download : /k/helloworld/helloworld-version/1718.html

Upload screenshot