MENU service case
Website construction website design Beijing website construction high-end website production company Shangpin China
We create by embracing change
360 ° brand value__
simplified Chinese character
Simplified Chinese English

Shangpin China Joins Hands with Beisheng Internet to Create a New Chapter in Website Construction

Type: Shangpin Dynamic Learn more

What should I do if the website is infected with a WebShell Trojan? Use these methods to solve the problem quickly.

Source: Shangpin China | Type: website encyclopedia | Time: September 19, 2019

    1、 How to prevent the system from being implanted into WebShell?

1. For the web server, open the firewall and anti-virus software, turn off the remote desktop functions, and update the server patches and anti-virus software regularly.

2. Strengthen the security awareness of the administrator. Do not browse unsafe websites on the server, and change the password regularly. At the same time, strengthen the security management of ftp on the server to prevent being infected by the system trojans.

3. Strengthen permission management, set permissions for sensitive directories, restrict script execution permissions of uploaded directories, and do not allow script execution. It is recommended to use IIS 6.0 or above, and do not use the default port 80.

4. The program fixes the vulnerability. The program should be optimized to upload x.asp Such files as png.

2、 How does WebShell invade the system?

1. Upload the WebShell script by using the upload business on the system front end. The uploaded directory often has executable permissions. In places where images and data files are uploaded on the web, the complete URL information of the uploaded files is usually returned to the client after uploading. Sometimes there is no feedback. We can also guess that under the common image, upload and other directories, if the web does not strictly control the access permissions of the website or folder directory, it may be used for webshell attacks, Attackers can use the upload function to upload a script file, then access the script through the url, and the script will be executed. Then the hacker can upload the webshell to any directory of the website, thus obtaining the administrator control permission of the website.

(Shangpin China website construction)

2. The customer obtains the administrator's background password, logs in to the background system, uses the background management tool to write the WebShell Trojan to the configuration file, or the hacker adds the upload type privately, allowing the script program to upload files in the format of asp and php.

3. Use the database backup and recovery function to obtain the webshell. For example, change the suffix of the backup file to asp during backup. Or there is MySQL data query function in the background, and hackers can execute select In To outfile queries the output php file, and then inserts the code into mysql, resulting in the generation of a webshell trojan.

4. Other sites of the system are attacked, or the ftp server is also installed on the server. The ftp server is attacked, and then it is injected into the webshell trojan, and then the website system is also infected.

5. The hacker directly attacks the web server system, and the web server may also have loopholes at the system level. If the hacker attacks the server system by using its loopholes, the hacker can upload webshell files in the web server directory after obtaining its permissions.

  3、 What is a WebShell Trojan?

WebShell is usually a command execution environment in the form of asp, php, jsp, asa, cgi and other web files, which can also be called a web backdoor. After a hacker invades a website, he will usually mix the WebShell backdoor file with the normal web page file in the WEB directory of the website server. Then he can use a browser to access these backdoors and get the command execution environment to control the website or the WEB system server. In this way, you can upload and download files, view databases, and execute arbitrary program commands.

4、 What are the important reasons why WebShell can be rampant?

1. WebShell can be injected to a large extent because of the win2003 IIS 6.0 environment. In the IIS 6.0 environment, we upload a test. asp It is found that the jpg shell file can be uploaded successfully when it is uploaded, because the image file monitored as jpg is executed as a dynamic web page file of asp when it is parsed by iis6.0. So we know the common features of webshell trojans: x.asp png,x.php;. txt...

2. The malicious script of the WebShell is mixed with the normal web page file. At the same time, the server controlled by the hacker and the remote host transmit data through port 80, which will not be intercepted by the firewall, and generally will not leave a record in the system log. It has strong concealment and is generally not easy to be killed.

Source Statement: This article is original or edited by Shangpin China's editors. If it needs to be reproduced, please indicate that it is from Shangpin China. The above contents (including pictures and words) are from the Internet. If there is any infringement, please contact us in time (010-60259772).
TAG label:

What if your website can increase the number of conversions and improve customer satisfaction?

Make an appointment with a professional consultant to communicate!

* Shangpin professional consultant will contact you as soon as possible

Disclaimer

Thank you very much for visiting our website. Please read all the terms of this statement carefully before you use this website.

1. Part of the content of this site comes from the network, and the copyright of some articles and pictures involved belongs to the original author. The reprint of this site is for everyone to learn and exchange, and should not be used for any commercial activities.

2. This website does not assume any form of loss or injury caused by users to themselves and others due to the use of these resources.

3. For issues not covered in this statement, please refer to relevant national laws and regulations. In case of conflict between this statement and national laws and regulations, the national laws and regulations shall prevail.

4. If it infringes your legitimate rights and interests, please contact us in time, and we will delete the relevant content at the first time!

Contact: 010-60259772
E-mail: [email protected]

Communicate with professional consultants now!

  • National Service Hotline

    400-700-4979

  • Beijing Service Hotline

    010-60259772

Please be assured to fill in the information protection
Online consultation

Disclaimer

Thank you very much for visiting our website. Please read all the terms of this statement carefully before you use this website.

1. Part of the content of this site comes from the network, and the copyright of some articles and pictures involved belongs to the original author. The reprint of this site is for everyone to learn and exchange, and should not be used for any commercial activities.

2. This website does not assume any form of loss or injury caused by users to themselves and others due to the use of these resources.

3. For issues not covered in this statement, please refer to relevant national laws and regulations. In case of conflict between this statement and national laws and regulations, the national laws and regulations shall prevail.

4. If it infringes your legitimate rights and interests, please contact us in time, and we will delete the relevant content at the first time!

Contact: 010-60259772
E-mail: [email protected]