diff --git a/README.md b/README.md
index 8f8a075..155b27e 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,8 @@ test/test
 
 ## 快速安装
 
+> 本项目未进行严格的安全性测试，不建议部署安装在公网环境。
+
 - [使用docker安装](docs/install-docker.md)
 - [原生安装](docs/install-naive.md)
 - [FAQ](docs/faq.md)
diff --git a/pkg/api/account.go b/pkg/api/account.go
index 551ff84..05c7b27 100644
--- a/pkg/api/account.go
+++ b/pkg/api/account.go
@@ -177,7 +177,10 @@ func LogoutEndpoint(c echo.Context) error {
 	token := GetToken(c)
 	cacheKey := BuildCacheKeyByToken(token)
 	global.Cache.Delete(cacheKey)
-	model.Logout(token)
+	err := model.Logout(token)
+	if err != nil {
+		return err
+	}
 	return Success(c, nil)
 }
 
diff --git a/pkg/api/session.go b/pkg/api/session.go
index 9bf6ecc..89d857a 100644
--- a/pkg/api/session.go
+++ b/pkg/api/session.go
@@ -271,6 +271,12 @@ func SessionUploadEndpoint(c echo.Context) error {
 		}
 		return Success(c, nil)
 	} else if "rdp" == session.Protocol {
+
+		if strings.Contains(remoteFile, "../") {
+			logrus.Warnf("IP %v 尝试进行攻击，请ban掉此IP", c.RealIP())
+			return Fail(c, -1, ":) 您的IP已被记录，请去向管理员自首。")
+		}
+
 		drivePath, err := model.GetDrivePath()
 		if err != nil {
 			return err
@@ -324,11 +330,14 @@ func SessionDownloadEndpoint(c echo.Context) error {
 
 		return c.Stream(http.StatusOK, echo.MIMEOctetStream, bytes.NewReader(buff.Bytes()))
 	} else if "rdp" == session.Protocol {
+		if strings.Contains(remoteFile, "../") {
+			logrus.Warnf("IP %v 尝试进行攻击，请ban掉此IP", c.RealIP())
+			return Fail(c, -1, ":) 您的IP已被记录，请去向管理员自首。")
+		}
 		drivePath, err := model.GetDrivePath()
 		if err != nil {
 			return err
 		}
-
 		return c.Attachment(path.Join(drivePath, remoteFile), filenameWithSuffix)
 	}
 
@@ -403,6 +412,10 @@ func SessionLsEndpoint(c echo.Context) error {
 
 		return Success(c, files)
 	} else if "rdp" == session.Protocol {
+		if strings.Contains(remoteDir, "../") {
+			logrus.Warnf("IP %v 尝试进行攻击，请ban掉此IP", c.RealIP())
+			return Fail(c, -1, ":) 您的IP已被记录，请去向管理员自首。")
+		}
 		drivePath, err := model.GetDrivePath()
 		if err != nil {
 			return err
@@ -450,6 +463,10 @@ func SessionMkDirEndpoint(c echo.Context) error {
 		}
 		return Success(c, nil)
 	} else if "rdp" == session.Protocol {
+		if strings.Contains(remoteDir, "../") {
+			logrus.Warnf("IP %v 尝试进行攻击，请ban掉此IP", c.RealIP())
+			return Fail(c, -1, ":) 您的IP已被记录，请去向管理员自首。")
+		}
 		drivePath, err := model.GetDrivePath()
 		if err != nil {
 			return err
@@ -507,6 +524,10 @@ func SessionRmEndpoint(c echo.Context) error {
 
 		return Success(c, nil)
 	} else if "rdp" == session.Protocol {
+		if strings.Contains(key, "../") {
+			logrus.Warnf("IP %v 尝试进行攻击，请ban掉此IP", c.RealIP())
+			return Fail(c, -1, ":) 您的IP已被记录，请去向管理员自首。")
+		}
 		drivePath, err := model.GetDrivePath()
 		if err != nil {
 			return err
@@ -544,6 +565,10 @@ func SessionRenameEndpoint(c echo.Context) error {
 
 		return Success(c, nil)
 	} else if "rdp" == session.Protocol {
+		if strings.Contains(oldName, "../") {
+			logrus.Warnf("IP %v 尝试进行攻击，请ban掉此IP", c.RealIP())
+			return Fail(c, -1, ":) 您的IP已被记录，请去向管理员自首。")
+		}
 		drivePath, err := model.GetDrivePath()
 		if err != nil {
 			return err