Job Recruitment Website - Job information - Has Huaibei Forum been hacked? Why can't I get on? ...
Has Huaibei Forum been hacked? Why can't I get on? ...
After building a website for a period of time, I can always hear what websites have been hanged, hacked and attacked. It seems that it is a very simple thing to invade a horse. In fact, intrusion is not simple, but the necessary security measures of your website are not done well.
Conditional advice to find a professional website security sine security to do security maintenance.
1. Precautions for hanging horses:
1, users are advised to upload and maintain the webpage through ftp, and try not to install the uploading program of asp.
2. Check the security of the website regularly. You can use some online tools, such as the sinesafe website hanging horse detection tool!
Orders, as long as they are files that asp can upload, must be authenticated!
The user name and password of 3.asp program administrator should be complicated, not too simple, and should be changed regularly.
4. Download asp program from regular website. After downloading, the database name and storage path should be modified, and the database file name should be complicated.
5. Try to keep the program up to date.
6. Don't add a link to the background manager login page on the webpage.
7. In order to prevent unknown vulnerabilities in the program, you can delete the login page of the background management program after maintenance, and then upload it through ftp during the next maintenance.
8. Always back up important files, such as databases.
9, daily maintenance, and pay attention to whether there are unknown asp files in the space. Remember: a sweater is in a safe!
10, once it is found to be hacked, you should delete all the Trojan files unless you can identify them.
1 1. The call to the asp uploader must be authenticated, and only trusted people are allowed to use the uploader. This includes various press releases, shopping malls and forums.
Second, the recovery measures of hanging horse:
1. Modify the account password
Whether it is business or not, the initial password is mostly admin. So the first thing you do when you receive the website program is to "change your account password". account number
Don't use a password until you get used to it. Change it to something special. Try to put letters, numbers and symbols together. In addition, the password is preferably 15 digits. Shang Ruo, you use it.
SQL should use a special account password, not admin, or it will be easily invaded.
2. Create a robots.txt.
Robots can effectively prevent hackers from using search engines to steal information.
3. Modify the background document
Step 1: Modify the name of the verification file in the background.
Step 2: Modify conn.asp to prevent illegal downloading, or modify conn.asp after encrypting the database.
Step 3: Modify the name of the ACESS database. The more complicated the better. If possible, change the directory where the data is located.
4. Restrict login background IP
This method is the most effective, and every virtual host user should have a function. If your IP is not fixed, please change it every time. Safety comes first.
5. Customize 404 pages and send ASP error messages.
404 allows hackers to find some important files in your background in batches and check whether there are injection holes in the webpage.
ASP is wrong, it may send the information that the other party wants to someone he doesn't know.
6. Choose the website program carefully
Pay attention to whether there are loopholes in the website program itself. You and I must have a steelyard in our hearts.
7. Be careful about uploading vulnerabilities
It is reported that uploading vulnerabilities are often the simplest and most serious, which can make hackers or hackers easily control your website.
You can prohibit uploading or limit the types of uploaded files. If you don't know, you can find sinesafe, who specializes in website security.
8.cookie protection
Try not to visit other websites when logging in to prevent cookie from being leaked. Remember to quit when you quit. Exit when all browsers are closed.
9. Directory permissions
Ask the administrator to set some important directory permissions to prevent abnormal access. If you don't give the upload directory permission to execute scripts, you don't give the non-upload directory permission to write.
10. Self-test
There are many hacking tools on the Internet now, so it is necessary to find some to test whether your website is OK.
1 1. Daily maintenance
A. back up data regularly. It is best to back it up once a day. After downloading the backup file, delete the backup file on the host computer in time.
B. Change the database name and the administrator's account password regularly.
C through WEB or FTP management, check the volume number, last modification time and file number of all directories, check whether the files are abnormal, and check whether there are abnormal accounts.
Websites are usually hung up because there are loopholes in the website program or the security performance of the server is not up to standard and hacked by illegal hackers.
It is a common phenomenon that websites are hung up, but it is also the trouble of every website operator.
Have you ever had the idea of giving up because of the daily intrusion of websites and servers? Have you delayed the operation of the website because you don't know much about the website technology? Are you also at a loss for some boring hackers to invade the website again and again? Conditional advice to find a professional website security sine security to do security maintenance.
- Previous article:Taian high-tech zone
- Next article:The Core Industry of Xiamen Electromechanical Group Co., Ltd.
- Related articles
- 20 19 how many people are recruited for teacher positions in Gaocheng institutions?
- Shandong gaotang recruitment
- Working hours of Liuzhou China Merchants Bank
- Brief introduction of Yancheng First People's Hospital
- Can junior college students take the national examination?
- Who do you think is a person with high education and no work experience, or a person with low education and no work experience?
- Why are there few promotion opportunities for Japanese companies and it is difficult for them to enter the management?
- Find the train route from Urumqi to Baicheng, Jilin. And related information, such as the amount of sleeper money, travel time, departure time and so on.
- Which good professional Wuxi office decoration company does Wuxi office decoration company recommend?
- How about an art gallery lecturer?