How does a webmaster judge whether a website is hacked and how to deal with defense
Source: Shangpin China |
Type: website encyclopedia |
Date: June 14, 2012
Whether the website service is stable or not, website safety has always been the top priority of website construction. It is very important for users, websites and search engines. At present, the security problem of domestic websites is very serious, and many websites are owned by third parties Beijing website production Agent construction and maintenance personnel lack sufficient knowledge, and a large number of websites have different levels of security and management vulnerabilities.
The operated websites have also been hacked. For my webmaster, website safety has always been one of the six natural enemies of webmasters. I also deeply realized the seriousness of the consequences caused by the blackout of the website. Although the blackout of a small website would not cause too much loss, it should not be underestimated for a large website, such as the leakage of user data, or even the use of personal information for trading. Therefore, the safety of the website is absolutely an important part of the website operation.
From judging that the website was hacked to dealing with and preventing it, Baidu webmaster platform information area has this comprehensive analysis. So let's share it with you. The following is the text.
Tens of thousands of websites are hacked every day, which is found in the websites included by Baidu. The means of hackers attacking websites are becoming more and more covert. When the webmaster finds out, the problem has often happened for a long time. Once the vulnerability of the website is exploited by hackers, the website will be completely under the control of hackers: the website content may be tampered with beyond recognition, or implanted with malicious code to endanger the safety of users, or a large number of spam pages will be added. This has a certain level of negative impact on the website's normal service, reputation, and representation in the search engine. It may even bring you unnecessary regulatory risks due to suspected illegal acts of tampering with content.
How to judge whether a website is hacked
Then your website may have been hacked: if the following problems exist.
It shows that the search engine has collected a large number of pages that are not due to the site. 1 Query the site through the site command.
Jump to another site. Click the page of the site from Baidu search results.
The site content is prompted in the search results that there are risks.
The traffic brought by the search engine has exploded in a short time.
It can help the webmaster find the abnormal page more quickly. Note: site query combines some common porn, games, and overseas gambling keywords. For example, "site: www. * * *. com gambling"
It is recommended that you check the website immediately. Including: once the above abnormalities are found.
Check whether there are abnormal fluctuations in the number of pages and user access traffic on your site 1 Analyze system and server logs. Whether there is abnormal access or operation log; Especially the home page and other key pages;
2 Check whether the website file is modified abnormally.
3. Whether the website page references the resources (pictures, JS, etc.) of the unknown site or whether the abnormal link is placed;
4. Check whether the website has abnormally added files or directories;
5 Check whether there are non administrator packaged website source code, unknown txt files, etc. in the website directory.
However, Baidu's search results show abnormal snapshot content, which is a warm reminder: if you visit the website directly, everything is normal. It may be that the hacker has made a special disposal, only allowing Baidu spiders to crawl abnormal pages, so as to increase the concealment and make it difficult for the webmaster to find; Similarly, if direct access to the website is normal, but when accessing from the Baidu search results page, an abnormal page appears, which is the hacker's special handling of Baidu source (refer).
How to deal with website blackout
At this time, you need to deal with it immediately. If you check and confirm that your website is abnormal. include:
Prevent users from continuing to be affected
1 Stop the website service immediately. Prevent further impact on other sites (503 return code is recommended)
You can contact the host provider
2. If multiple sites of the same host provider are hacked at the same time. Urge the other party to respond.
Find out the possible blackout time
3 Clean up the abnormalities found. Compared with the file modification time on the server, dispose of the files uploaded and modified by hackers; Check the user management settings in the server to confirm whether there are abnormal changes; Change the user access password for the server.
Determine the possible blackout time. However, hackers may also modify the access log of the server. Note: You can access the log from the.
Check the website for vulnerabilities
4. Do a good job of safety. Prevent it from being blacked again.
How to prevent websites from being hacked
You need to do a lot of work at ordinary times to prevent your website from being attacked by hackers. for example
Check whether there is any suspicious access to non foreground pages.
1 Check the server log regularly.
2. Frequently check whether the website files are modified or added abnormally.
And the official website of the program used. If the security update patch appears, 3 pay attention to the operating system. It should be deployed immediately instead of using the version that is no longer actively maintained by the official. If conditions permit, it is recommended to directly update to the latest version; Pay attention to the safety setting guidelines issued by the site building order party.
If the website uses these application orders
3 The system vulnerability may come from the application order of a third party. It is recommended to carefully evaluate its safety.
Hackers usually judge whether a certain program is used by automatically scanning whether certain files exist
4 Modify the default file name of key files in the open source sequence.
Improve the password strength of the management background
6 Modify the default administrator user name. Use passwords composed of letters, numbers and special symbols, and strictly control the access rights of users at different levels.
6 Select a powerful host service provider. And ports.
7 Turn off unnecessary services.
8 Turn off or limit unnecessary upload functions.
9 Set firewall and other security measures. It is recommended to reinstall the server operating system.
10. If the black problem is repeatedly presented. Re upload the backup website file. This article was published by Beijing Website Construction Company Shangpin China //ihucc.com/
Source Statement: This article is original or edited by Shangpin China's editors. If it needs to be reproduced, please indicate that it is from Shangpin China. The above contents (including pictures and words) are from the Internet. If there is any infringement, please contact us in time (010-60259772).
