Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall
The matters to be noted are summarized as follows
First, the safety of the horse before the loss
A, change more default management directory Dede, change the more complex or.
B, check the install directory for the existence of install.lock files. A user failed to write permissions to the install directory causing the lock file to not be generated during installation. The Intstall directory can be deleted as a whole after the installation is complete.
C, pay attention to background update notification, check whether the latest Dedecms patch D, Server Web directory permissions set conditional users DEDECMS data, templets, uploads, HTML, special, images, The install directory is set to disallow script execution, and other directories prohibit writing, and the system will be more secure.
E, suggest to the official download program F, Server security measures (take windows2003 system as an example)
1, update the system patch to the latest, and turn on Automatic Updates
2, install anti-virus software, update virus library to the latest, and turn on Automatic Updates
3, open the system from the firewall, open the application of the port to filter unnecessary port access
4, open the TCP/IP Security policy, open the port in the application to filter unnecessary port access
5, open the user and user group management, add IUSR users corresponding to different Web sites, so that the division rights Management to reduce the loss of a site by the authority of the crisis
6, for different web directories to set different permissions example: Websitea directory corresponding permissions are generally system/administrators full permissions IUSR_ Websitea read-only permission Websitea the following subdirectories are assigned Iusr_websitea write run permissions according to the requirements of the DEDECMS program.
7, do not install the server on the unknown antecedents of software
8, do not install on the server what crack version of the Chinese version of software, if you really need to recommend the original
9, the proposal does not install SERVU FTP software, exchange with other FTP software, change FTP port, user password not too simple
10, if you do not need to close the service application of remote access features, such as MySQL user remote access
11, for the above point, you can use the Local Security policy function, set to allow access to IP.
12, the use of local security policy, but also can effectively deny CC attacks, filtering source IP access.
13, the server on the application of various services to update timely patches, such as MSSQL remember to play patches, and to use the genuine, no conditions to use the normal copy version 14, server applications such as IIS configuration MySQL configuration, please search Baidu Google this aspect of the security application of the topic, It is important to strengthen the internal strength.
15. Turn on IIS access logging
Second, the security check after the horse is necessary to close the site to step through the investigation.
A, into the DEDECMS management background check whether there are new patches or security reminders are not updated in a timely manner.
B, check the source file is the corresponding Trojan virus code to confirm whether ARP attack ARP attack performance: The program files are not dissimilar, the attack is to deceive the target gateway to achieve the effect of deceiving the user side, the realization of the user-side access to the Web site loaded Trojan.
ARP attack prevention: the server installed anti-ARP attack software and other countermeasures, or contact your IDC service provider.
C, check the directory permissions, see the first big point in the security measures.
D, check every directory in the FTP, find the most recently modified suspicious files.
1, with Notepad and other types of tools to open the search, if it is really hanging horse, here analysis can be found.
2, if the whole station is hung, please focus on first check the entire station to call the JS file.
3, from the file to find the code hanging, copy the key statement part of the code, open the replacement type of software batch or batch to find it.
4, the above step need to have the server Control authority, no words can only download back batch. (This is a cautious approach, if you are sure that you can only check some files or directories) E, above or can not solve, that must analyze IISLog log, traced source to find the invasion point.
You can download IISLog analytics software research.
How to turn to the authorities for help or to report security issues?
1, look at the Trojan, suspicious file modification time 2, view the site system log, in contrast to the 1th obtained time, find the way to hang the horse.
3, please read carefully to understand the one or two major points, confirmed still unresolved, please dream of the official forum for the exchange of questions, there will always be someone to help you, that station's popularity is not bad.
--The article comes from the station together shoots Meimei picture net: http://www.174mm.com/.