Current location - Recipe Complete Network - Dietary recipes - Has Huaibei Forum been hacked? Why can't I get on? ...
Has Huaibei Forum been hacked? Why can't I get on? ...
It seems to have been hacked. It is suggested that the webmaster be informed immediately to take measures to prevent the website from being hacked. Here are some suggestions on website security and anti-hacking!

After building a website for a period of time, I can always hear what websites have been hanged, hacked and attacked. It seems that it is a very simple thing to invade a horse. In fact, intrusion is not simple, but the necessary security measures of your website are not done well.

Conditional advice to find a professional website security sine security to do security maintenance.

1. Precautions for hanging horses:

1, users are advised to upload and maintain the webpage through ftp, and try not to install the uploading program of asp.

2. Check the security of the website regularly. You can use some online tools, such as the sinesafe website hanging horse detection tool!

Orders, as long as they are files that asp can upload, must be authenticated!

The user name and password of 3.asp program administrator should be complicated, not too simple, and should be changed regularly.

4. Download asp program from regular website. After downloading, the database name and storage path should be modified, and the database file name should be complicated.

5. Try to keep the program up to date.

6. Don't add a link to the background manager login page on the webpage.

7. In order to prevent unknown vulnerabilities in the program, you can delete the login page of the background management program after maintenance, and then upload it through ftp during the next maintenance.

8. Always back up important files, such as databases.

9, daily maintenance, and pay attention to whether there are unknown asp files in the space. Remember: a sweater is in a safe!

10, once it is found to be hacked, you should delete all the Trojan files unless you can identify them.

1 1. The call to the asp uploader must be authenticated, and only trusted people are allowed to use the uploader. This includes various press releases, shopping malls and forums.

Second, the recovery measures of hanging horse:

1. Modify the account password

Whether it is business or not, the initial password is mostly admin. So the first thing you do when you receive the website program is to "change your account password". account number

Don't use a password until you get used to it. Change it to something special. Try to put letters, numbers and symbols together. In addition, the password is preferably 15 digits. Shang Ruo, you use it.

SQL should use a special account password, not admin, or it will be easily invaded.

2. Create a robots.txt.

Robots can effectively prevent hackers from using search engines to steal information.

3. Modify the background document

Step 1: Modify the name of the verification file in the background.

Step 2: Modify conn.asp to prevent illegal downloading, or modify conn.asp after encrypting the database.

Step 3: Modify the name of the ACESS database. The more complicated the better. If possible, change the directory where the data is located.

4. Restrict login background IP

This method is the most effective, and every virtual host user should have a function. If your IP is not fixed, please change it every time. Safety comes first.

5. Customize 404 pages and send ASP error messages.

404 allows hackers to find some important files in your background in batches and check whether there are injection holes in the webpage.

ASP is wrong, it may send the information that the other party wants to someone he doesn't know.

6. Choose the website program carefully

Pay attention to whether there are loopholes in the website program itself. You and I must have a steelyard in our hearts.

7. Be careful about uploading vulnerabilities

It is reported that uploading vulnerabilities are often the simplest and most serious, which can make hackers or hackers easily control your website.

You can prohibit uploading or limit the types of uploaded files. If you don't know, you can find sinesafe, who specializes in website security.

8.cookie protection

Try not to visit other websites when logging in to prevent cookie from being leaked. Remember to quit when you quit. Exit when all browsers are closed.

9. Directory permissions

Ask the administrator to set some important directory permissions to prevent abnormal access. If you don't give the upload directory permission to execute scripts, you don't give the non-upload directory permission to write.

10. Self-test

There are many hacking tools on the Internet now, so it is necessary to find some to test whether your website is OK.

1 1. Daily maintenance

A. back up data regularly. It is best to back it up once a day. After downloading the backup file, delete the backup file on the host computer in time.

B. Change the database name and the administrator's account password regularly.

C through WEB or FTP management, check the volume number, last modification time and file number of all directories, check whether the files are abnormal, and check whether there are abnormal accounts.

Websites are usually hung up because there are loopholes in the website program or the security performance of the server is not up to standard and hacked by illegal hackers.

It is a common phenomenon that websites are hung up, but it is also the trouble of every website operator.

Have you ever had the idea of giving up because of the daily intrusion of websites and servers? Have you delayed the operation of the website because you don't know much about the website technology? Are you also at a loss for some boring hackers to invade the website again and again? Conditional advice to find a professional website security sine security to do security maintenance.