NEW: Analysis and Countermeasures on the security of personal website

Source: Internet
Author: User

New Chen from the practice, relying on their own website experience and personal webmaster (especially forum, blog, etc.) research, and refer to the major sites of various construction and site tutorials and website SEO process. Take a number of personal forum site instances and add your own insights for analysis. For Personal Forum website Security Problem, is an individual stationmaster must brave to face and carry on the process of confrontation. At this point, new Chen has proposed ways to treat it.

After the new market survey, there are currently 50% of the market on the Web site is the Internet Open template site, resulting in nearly 45% of the site become someone else's money-making tool, open source code is very unsafe, from which to find loopholes, using the site for profiteering.

Each of the above data indicates:

1, now the number of individual webmaster not only sharply increased, but also personal webmaster has begun to focus on the site's SEO promotion, which is not only a technical live, but also a test of a webmaster threshold;

2, now the webmaster has begun to achieve profitability, for website SEO technology has begun to mature. This shows that the personal webmaster more attention to technology, including website promotion, SEO, as well as the security of the site;

3, there are a lot of unsafe factors in many websites nowadays.

This information tells us that the current number of sites is growing rapidly, and many sites have started to profit, but the security of the site is also growing quietly ...

According to data analysis, Now the market has 50% of the Web site use is the Internet Open template site, resulting in nearly 45% of the site become someone else's money-making tool, open source code is very unsafe, from which to find loopholes, using the site for profiteering. This means that more than half of the existing sites are likely to have backdoor procedures. Of course, I said that these backdoor procedures are those malicious backdoor, these backdoor is the source code announced deliberately added up, for the current personal webmaster, the identification of these code is still very difficult. So, this code is on the website crazy, using the code for malicious attacks on a website, stealing its user information, stealing back-end SUP program ...

At present, for small sites, the new Chen believes that the most common database is access, the database has a lot of sensitive information, the need for administrator attention to things, such as: background password, customer data, and these will become illegal elements of the goal of profiteering, The access suffix is. mdb is downloaded directly from the client in the browser, so it is recommended that the administrator make a security setting for the database, and put it in the database to be downloaded, causing the background administrator to leak, causing the website security problem.

Robots setting is generally a new problem, if set, will expose the back office management address, will give the site security left hidden trouble, but is conducive to search engine crawl, here to the webmaster some suggestions, recommend backstage do not use login.asp login.jsp, etc. Generic login name, you can set a more complex file name. At the same time set the verification code mechanism to prevent brute force.

             

New Chen here puts forward some solutions to some basic security problems:

1, the proposed use of the website to launch the source code or to the official proposed to develop a system to prevent backdoor procedures and source code loopholes;

2, the proposed use of host or VPS as a Web site server, to prevent the risk of side-note, to prevent malicious attacks, prevent the backup is not timely and other problems;

3, it is recommended to learn some basic website language, easy to understand the basic code information and timely response;

4, it is recommended to always pay attention to the background management interface, to facilitate the occurrence of extraordinary events.

New Chen knows, Personal webmaster of the times, there is wind rain, there is bitter sweet, which is full of passion and blood, whenever the Webmaster tools to view the site information, is the most sweet moment of laughter ... For the same in the network through the webmaster, the new Chen here, to everyone refueling! After all, for the present forum security issues, we must pay attention to, because this is your side the biggest time bomb, so please remove it! Website security issues, such as Microsoft's vulnerability patches, will never be updated, because technology in progress, the world is not absolute. But it's always good to keep an eye on it. Since it is your time, please take a good grasp of it!               

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.