It seems to have been hacked. It is recommended to inform the administrator of the website to take anti-hacking measures. The following are suggestions on website anti-hacking!
After building a website for a period of time, you can always hear about which websites have been hacked, hacked, or attacked. It seems that hacking a horse seems to be a very simple matter. In fact, intrusion is not simple. What is simple is that the necessary security measures for your website have not been taken.
If possible, it is recommended that you find a company that specializes in website security to solve the problem for you. Domestic website security companies such as Sinesafe and NSFOCUS are relatively well-known, and they are more professional!
1: Preventive measures for horse-hanging:
1. It is recommended that users upload and maintain web pages through ftp and try not to install asp upload programs.
2. Regularly check the security of the website. Specifically, you can use some online tools, such as the sinesafe website horse detection tool!
Procedure, as long as the ASP can upload files, it must be authenticated!
3. The user name and password of the ASP program administrator must have a certain degree of complexity, not too simple, and must be Pay attention to regular replacement.
4. Download the ASP program from a regular website. After downloading, you need to modify the database name and storage path. The database file name must also be complex.
5. Try to keep the program up to date.
6. Do not add a link to the background management program login page on the web page.
7. To prevent unknown vulnerabilities in the program, you can delete the login page of the background management program after maintenance, and then upload it via ftp during the next maintenance.
8. Always back up important files such as databases.
9. Do more daily maintenance and pay attention to whether there are asp files of unknown origin in the space. Remember: every sweat equals safety!
10. Once you find that you have been invaded, delete all files unless you can identify all Trojan files.
11. The call to the asp upload program must be authenticated, and only trusted people are allowed to use the upload program. This includes various news releases, shopping malls and forum programs
Two: Trojan recovery measures:
1. Change account password
Whether it is commercial or not , the initial password is mostly admin. Therefore, the first thing you do after receiving the website program is to "change the account password". For account number
Don’t use the one you are accustomed to before, but change it to something special. Try to combine letters, numbers and symbols together. In addition, the password should be more than 15 characters. If you use
SQL, you should use a special account and password, and don't use admin or the like, otherwise it will be easy to be hacked.
2. Create a robots.txt
Robots can effectively prevent hackers who use search engines to steal information.
3. Modify the background file
Step one: Modify the name of the verification file in the background.
Step 2: Modify conn.asp to prevent illegal downloads. You can also encrypt the database and then modify conn.asp.
Step 3: Modify the ACESS database name. The more complex the better, if possible, change the directory where the data is located.
4. Restrict login backend IP
This method is the most effective, and every virtual host user should have this function. If your IP is not fixed, please change it every time. Safety comes first.
5. Customize the 404 page and customize the transmission of ASP error messages
404 allows hackers to batch search for some important files in your background and check whether there are injection vulnerabilities in the web page.
ASP is wrong, it may send the information that the other party wants to the unknown person.
6. Choose the website program carefully
Pay attention to whether the website program itself has loopholes. You and I should have a weighing scale in our minds.
7. Be careful when uploading vulnerabilities
It is reported that uploading vulnerabilities are often the simplest and most serious, allowing hackers or hackers to easily control your website.
You can prohibit uploading or limit uploaded file types. If you don’t understand, you can find Sinesafe, a company that specializes in website security.
8. Cookie protection
Try not to visit other sites when logging in to prevent cookie leaks. Remember to click Exit and close all browsers when exiting.
9. Directory permissions
Ask the administrator to set some important directory permissions to prevent abnormal access. For example, do not give script execution permission to the upload directory and do not give write permission to non-upload directories.
10. Self-test
Nowadays, there are a lot of hacking tools on the Internet, so why not find some to test whether your website is OK.
11. Routine maintenance
a. Back up data regularly. It is best to back up once a day. After downloading the backup file, you should promptly delete the backup file on the host.
b. Change the database name and administrator account regularly.
c. Use WEB or FTP management to check the volume of all directories, the last modification time and the number of files, check whether there are any abnormalities in the files, and check whether there are any abnormal accounts.
A website that gets hacked is usually caused by loopholes in the website program or because the server's security performance is not up to standard and is hacked by illegal hackers.
It is a common phenomenon for websites to be hacked, but it is also a common problem for every website operator.
Have you ever wanted to give up because your website and server are hacked and mounted every day? Have you also delayed the operation of your website because you don’t know much about website technology? I also feel impatient and impatient because my carefully operated website is repeatedly hacked and hacked by some boring hackers. If possible, it is recommended to find Sine Security, which specializes in website security, for security maintenance.