After building a website for a period of time, you can always hear what what website is mounted, what website is mounted black chain. As if the invasion of horse seems to be a very simple thing. In fact, the invasion is not simple, simple is the necessary security measures of your site did not do.
It is recommended to find a professional to do site security sine security to do security maintenance.
One: Horses preventive measures:
1, it is recommended that the user to upload through the ftp, maintenance of web pages, try not to install asp upload program.
2, the asp upload program call must be authenticated, and only allow trusted people to use the upload program. This includes a variety of news releases, shopping malls and forum programs
Procedure, as long as you can upload files of asp should be authenticated!
3, asp program administrator username and password to have a certain complexity, not too simple, but also pay attention to regular replacement.
4, to the regular site to download asp program, download its database name and storage path to modify the database file name should also have a certain complexity.
5, to try to keep the program is the latest version.
6, do not add a link to the landing page of the background management program on the web page.
7, in order to prevent unknown vulnerabilities in the program, you can delete the landing page of the background management program after maintenance, and then upload it via ftp when you maintain it next time.
8, to backup database and other important files from time to time.
9, daily maintenance, and pay attention to the space whether there is an asp file of unknown origin. Remember: a point of sweat, for a point of security!
10, once found to be invaded, unless they can identify all the Trojan horse files, or to delete all the files.
11, regularly on the website for the security of the test, specifically can be utilized online some tools, such as sinesafe website horse detection tool!
Two: Horses recovery measures:
1. modify the account password
Whether it is commercial or not, the initial password is most likely admin. so you received the site program the first thing is to "modify the account password". Account
The password should not be what you are used to, but something special. Try to combine alphanumeric characters and symbols. In addition, it is best to have a password of more than 15 digits. If you're using
SQL, you should use a special password for your account, not admin or anything like that, otherwise it's easy to get hacked.
2. Create a robots.txt
Robots can effectively prevent the use of search engines to steal information hackers.
3. Modify the background file
Step 1: Change the name of the authentication file in the background.
The second step: modify conn.asp to prevent illegal downloads, you can also encrypt the database after modifying conn.asp.
The third step: modify the name of the ACESS database, the more complex the better, if you can change the data where the directory.
4. Restrictions on logging into the background IP
This method is the most effective, each web hosting users should have a function. If your IP is not fixed, it will be a bit of trouble to change it every time, safety first.
5. Customized 404 pages and custom transmission of ASP error messages
404 allows hackers to batch find some important files in your background and check the web page for injection vulnerabilities.
ASP errors, it may be possible to send information to the unknown person who wants it.
6. Choose your website program carefully
Pay attention to whether the website program itself has vulnerabilities, good or bad, you should have a scale in my heart.
7. Be careful about uploading vulnerabilities
It has been reported that uploading vulnerabilities are often the simplest and most serious, allowing hackers or hackers to easily take control of your website.
It is possible to disable uploads or limit the types of files that can be uploaded. If you don't know how to do this, you can ask your web program provider.
8. Cookie protection
Try not to visit other sites while logged in to prevent cookie leakage. Remember to click exit when logging out and close all browsers.
9. Directory permissions
Please ask the administrator to set up some important directory permissions to prevent abnormal access. For example, don't give script permission to upload directories and don't give write permission to non-upload directories.
10. Self-testing
Nowadays, there are a lot of hacking tools on the Internet, so don't hesitate to look for some to test whether your website is OK.
11. Routine maintenance
a. Regularly back up your data. It's best to back up once a day, and you should delete the backup files on your host in a timely manner after downloading them.
b. Regularly change the database name and administrator account password.
c. Borrow WEB or FTP management, view all directory volume, the last modification time and the number of files, check whether the file is anomalous, as well as to see whether there is anomalous account.
The website is usually mounted by the website program loopholes or the server security performance is not up to the standard by the illegal hackers invasion attack and mounted.
It is a common phenomenon for websites to be mounted, but it is also a problem for every website operator.
Whether you because the site and the server every day by the invasion of the horse and other issues have had to give up the idea of it, you do not understand the technical problems of the site and delayed the operation of the site, you are also because of the careful operation of the site over and over again by some of the no