핸드폰인증 우회하여 자유게시판 스팸 관련
YoungCart Version 5.4.5.5.1
사용중입니다.
주말간에 아래 정보로 회원가입 후 자유게시판에 스팸 광고글을 3307건을 등록한 것을 오늘 아침 출근하자마자 발견했습니다.
근데 저희 사이트는 KCP 핸드폰 인증을 받아야지만 회원가입이 되도록 처리하였는데 아래 서버로그 보니 다른인증 방법으로 회원가입해서 들어온것 같더라구요.
(KCP 핸드폰 인증)
[07/Apr/2025:11:56:38 +0900] "GET /plugin/kcpcert/kcpcert_form.php HTTP/1.1" 200 1410
[07/Apr/2025:11:57:01 +0900] "POST /plugin/kcpcert/kcpcert_result.php
혹시 관련해서 어떤식으로 접근한건지 아는분 계실까요?
(가입정보)
ID: k118d7zgs5
이름: 4ub9e6
메일: x4lt6z@gmail.com
전화번호: 01012345678
IP: 149.28.180.148
국가: Australia Sydney
벌처 호스팅
(서버로그)
149.28.180.148 - - [05/Apr/2025:01:52:05 +0900] "GET /bbs/register_form.php HTTP/1.1" 200 2409 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:2223194 pid:20058
149.28.180.148 - - [05/Apr/2025:01:52:08 +0900] "POST /bbs/register_form.php HTTP/1.1" 200 14512 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:48159 pid:20063
149.28.180.148 - - [05/Apr/2025:01:52:09 +0900] "GET /bbs/register_form.php HTTP/1.1" 200 2409 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:30268 pid:20065
149.28.180.148 - - [05/Apr/2025:01:52:10 +0900] "POST /plugin/kcaptcha/kcaptcha_session.php HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:24204 pid:20066
149.28.180.148 - - [05/Apr/2025:01:52:11 +0900] "GET /plugin/kcaptcha/kcaptcha_image.php?t=1743785530229 HTTP/1.1" 200 5392
149.28.180.148 - - [05/Apr/2025:01:52:17 +0900] "POST /bbs/ajax.mb_id.php HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:28672 pid:20074
149.28.180.148 - - [05/Apr/2025:01:52:18 +0900] "POST /bbs/ajax.mb_nick.php HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:30115 pid:20076
149.28.180.148 - - [05/Apr/2025:01:52:19 +0900] "POST /bbs/ajax.mb_email.php HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:27554 pid:20077
149.28.180.148 - - [05/Apr/2025:01:52:19 +0900] "POST /plugin/kcaptcha/kcaptcha_result.php HTTP/1.1" 200 1 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:22980 pid:20079
149.28.180.148 - - [05/Apr/2025:01:52:20 +0900] "POST /bbs/register_form_update.php
149.28.180.148 - - [05/Apr/2025:01:52:26 +0900] "POST /bbs/login_check.php HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:143684 pid:20089
149.28.180.148 - - [05/Apr/2025:01:53:21 +0900] "GET /bbs/register_form.php HTTP/1.1" 200 2409 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:37049 pid:20139
149.28.180.148 - - [05/Apr/2025:01:53:22 +0900] "POST /bbs/login_check.php HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:131206 pid:20141
149.28.180.148 - - [05/Apr/2025:01:53:24 +0900] "GET / HTTP/1.1" 200 9713 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:58178 pid:20143
149.28.180.148 - - [05/Apr/2025:01:53:25 +0900] "GET /bbs/write.php?bo_table=free HTTP/1.1" 200 8226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:65867 pid:20145
149.28.180.148 - - [05/Apr/2025:01:53:26 +0900] "POST /bbs/write_token.php HTTP/1.1" 200 64 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:32604 pid:20147
149.28.180.148 - - [05/Apr/2025:01:53:26 +0900] "POST /bbs/ajax.filter.php HTTP/1.1" 200 27 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:25927 pid:20149
149.28.180.148 - - [05/Apr/2025:01:53:27 +0900] "POST /bbs/write_update.php HTTP/1.1"
149.28.180.148 - - [05/Apr/2025:01:53:28 +0900] "GET /bbs/board.php?bo_table=free&wr_id=2 HTTP/1.1" 200
149.28.180.148 - - [05/Apr/2025:01:53:53 +0900] "GET /bbs/register_form.php HTTP/1.1" 200 2409 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:37733 pid:20173
149.28.180.148 - - [05/Apr/2025:01:53:55 +0900] "POST /bbs/login_check.php HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:154299 pid:20175
149.28.180.148 - - [05/Apr/2025:01:53:57 +0900] "GET / HTTP/1.1" 200 9713 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:49013 pid:20178
149.28.180.148 - - [05/Apr/2025:01:53:58 +0900] "GET /bbs/write.php?bo_table=free HTTP/1.1" 200 8228 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:62227 pid:20180
149.28.180.148 - - [05/Apr/2025:01:53:59 +0900] "POST /bbs/write_token.php HTTP/1.1" 200 64 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:26118 pid:20182
149.28.180.148 - - [05/Apr/2025:01:54:00 +0900] "POST /bbs/ajax.filter.php HTTP/1.1" 200 27 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:25462 pid:20183
149.28.180.148 - - [05/Apr/2025:01:54:00 +0900] "POST /bbs/write_update.php HTTP/1.1" 302
149.28.180.148 - - [05/Apr/2025:01:54:01 +0900] "GET /bbs/board.php?bo_table=free&wr_id=3 HTTP/1.1" 200
149.28.180.148 - - [05/Apr/2025:01:54:20 +0900] "GET /bbs/register_form.php HTTP/1.1" 200 2409 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:32124 pid:20203
149.28.180.148 - - [05/Apr/2025:01:54:22 +0900] "POST /bbs/login_check.php HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:179373 pid:20205
149.28.180.148 - - [05/Apr/2025:01:54:24 +0900] "GET / HTTP/1.1" 200 9713 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" microseconds:44399 pid:20207
답변 2개
혹시 누군가에게는 도움이 될까 싶어 자문자답 남겨요~
저는 아래 방법으로 처리하였습니다.
client-side 에서는 KCP 본인인증 여부를 체크해서 차단하지만
server-side 에서는 KCP 본인인증 여부를 $config['cf_cert_req']를 사용하고 있어서 $config['cf_cert_hp']로 반영하여 클라측과 서버측 둘다 체크되도록 수정했습니다.
( register_from_update.php 파일 내용 중 )
// 본인확인 체크
if($config['cf_cert_use'] && $config['cf_cert_hp']) { //이 부분 수정
$post_cert_no = isset($_POST['cert_no']) ? trim($_POST['cert_no']) : '';
if($post_cert_no !== get_session('ss_cert_no') || ! get_session('ss_cert_no')) {
alert("회원가입을 위해서는 본인확인을 해주셔야 합니다..");
}
}
댓글을 작성하려면 로그인이 필요합니다.
답변을 작성하려면 로그인이 필요합니다.
로그인