ASP Trojan Horse
* To invade, it is important to upload the ASP wood to the target space immediately! * So how do intruders upload ASP Trojans? |
since most of the Web site intrusion is done using ASP trojan, close-up of this article so that ordinary virtual host users can better understand and prevent ASP Trojan Horse. Only space and virtual host users to do a good job of preventive measures can effectively prevent ASP Trojan!
One, what is ASP Trojan?
It is actually the use of ASP to write the Web site procedures, and even some ASP Trojan is the ASP Web site management program to modify.
It and other ASP programs do not have the essential difference, as long as it is able to run ASP space can run it, this nature makes ASP Trojan very difficult to be found. It differs from other ASP programs only in that the ASP Trojan is an ASP program that is uploaded to the target space on the intruder and helps the intruder to control the target space. To prohibit ASP Trojan running is tantamount to prohibit the operation of ASP, obviously this is not workable, this is why the ASP trojan rampant reason!
Ii. The principle of intrusion
To invade, it is important to upload the ASP wood to the target space immediately!
So how do intruders upload ASP Trojans?
Ironically, the intruders are using an ASP program that already has an upload function in the target space. Under normal circumstances, these can upload files of the ASP program are restricted, and most also limited the ASP file upload. (For example: can upload pictures of the news release, picture management program, and can upload more types of documents forum program, etc.) but because of the existence of artificial ASP error and the ASP program itself loophole, gave the intruder an opportunity to upload ASP Trojan. As soon as the ASP wood reaches the target space, the intruder can run it and complete the control of the target space.
therefore, the key to prevent ASP Trojan Horse is the virtual host users how to ensure their own space in the ASP upload program Security!
to put it bluntly is to not let intruders have the opportunity to upload files!
Here's an extra word:
Due to the inability of the space trader to foresee what kind of programs the virtual host users will upload in their own site, and whether there are any vulnerabilities in each program, the intruder cannot be prevented from uploading the behavior of the ASP Trojan by the client program itself.
The space trader can only prevent intruders from using the compromised site to invade other sites on the same server again.
This is also more to prevent ASP Trojan, virtual host users will be strict on their own procedures!
Iii. Preventive measures
first of all, you can according to the following security level, assessment of their own site by ASP Trojan intrusion risk.
A, the site does not have any upload procedures and forum procedures
-----Very safe .
b, the website has the upload program or the forum program, only the administrator can upload the program, and the program database to do the protection measures
-----General Security
C, the website has upload program or forum program, there are many users can upload programs, the program database does not do protection measures
-----Very dangerous!
This level of security is only to let you have a preliminary understanding of the security of their own space, and then we have to talk about the specific preventive measures:
1, we recommend the client through FTP to upload, maintain web pages, as far as possible not to install ASP upload program.
2, the ASP upload program calls must be authenticated, and only allow people who trust to use the upload program. This includes a variety of news releases, mall and forum procedures, as long as you can upload files to the ASP will be authenticated! Another can be uploaded when not required to upload the ASP file name or delete, such as upload.asp, Upfile.asp and so on, and then use the FTP to restore the original or upload again.
3, the ASP Program Administrator username and password to have a certain complexity, not too simple, but also pay attention to regular replacement.
4, to the regular website download ASP program, download to its database name and storage path to modify, the database file name must also have a certain complexity. It is recommended that our clients use the database file name extension of. mdb because my company server has the. mdb file anti-download feature.
5, to try to keep the program is the latest version.
6, do not add on the Web Page Admin program landing page link.
7, in order to prevent the program has unknown vulnerabilities, can be maintained after the deletion of the Background Management Program landing page, the next time the maintenance of FTP upload can be.
8, to regularly back up the database and other important documents.
9, daily to more maintenance, and attention to space whether there are unknown sources of ASP files. In particular, the directory used to store uploaded files, such as: UploadFile, Uploadsoft, and so on, if the discovery of unknown *.asp or *.exe files should be deleted immediately, because these files are 90% possible intrusion procedures. Remember: One cent sweat, change a point safety!
10, once found to be invaded, unless the customer himself can identify all Trojan files, or to delete all files. All ASP program username and password will be reset before uploading the file, and the program database name and store path as well as the path of the background management program should be modified.
11, the installation of the necessary intrusion detection system, timely update anti-virus software.
Do the above precautions, your space can only be said to be relatively safe, must not be negligent, because invasion and invasion is an eternal war.