Website Baidu snapshot hijacked analysis and preventive measures!

A few days ago in the forum of Baidu search resources platform to see a netizen in the forum for help, said his website snapshot and the actual content does not match, the website TKD also have been tampered with. Obviously, this netizen encountered is our topic-Baidu snapshot was hijacked.

How did the site get hijacked?

Hijacking is a "see Not light" black hat SEO techniques, specific can be divided into traffic hijacking, snapshot hijacking, PR hijacking and so on. Snapshot hijacking is the hacker through the system vulnerability and brute force to obtain the background account password, that is, get the shell, and then add Trojan script code in the website, so that the hijacked site snapshot shows the content of the specified site, or even directly tamper with the site TKD settings. As a result, the hijacked site can easily be reduced to the right, even by the search engine black.

Is hijacked many is the enterprise station, the enterprise station mostly uses the open source to build the station system, many systems because of its own problem has many security hidden dangers, for example the Dede of the abuse heart. Some of the system's vulnerabilities have been exposed, to find the characteristics of these vulnerabilities and the vulnerability of the system, and then go to various channels to collect the use of the system's website, traverse scan each station, if there is this vulnerability, on the violence to crack the background account name and password.

What happens to Web sites that experience snapshot hijacking?

First check the site background site basic settings, such as malicious tampering with the self-change back. Then the most important thing is to find the hijacking code, view the page source code, find out if there is a strange JS code. Some may hide relatively deep, you can first look at the next station system header and footer template files,

If there is an external file to introduce the code, if there is a Trojan script based on its path to find the source file, delete can. To avoid the same mistakes, we recommend that you modify your FTP account password to enhance your accountability.

How to avoid site snapshot hijacking?

1. Choose a secure and stable server

Many users covet cheap, choose Hong Kong and other overseas a year dozens of dollars of cheap host, and this host space is the most easy to be taken off the high-risk groups. Especially for enterprises, the best choice of independent IP VPS host or standalone server.

2. Update system vulnerabilities in a timely manner

Whether it is the server operating system or you use the CMS station system, you should update the patch in time to avoid the vulnerability exposure after malicious attacks. It is recommended that the operating system preferably with Linux, and the station system is the best choice of high safety products.

3. Increase the password of FTP and background account

This does not too much elaboration, everyone in the setting password must increase the complexity of the password, you can use Keypass and so more to build and manage.

Finally, Xiangyang SEO to remind everyone is the true meaning of SEO is user-oriented optimization, rather than search engines. For the Black Hat SEO involves some cheat tactics, on the one hand everybody must know how to evade the middle recruit, on the other hand must not try to use Black hat seo.

Website Baidu snapshot hijacked analysis and preventive measures!