Be careful when performing every step of preventing website Trojans

The real hackers will not find our webmasters to mount Trojans. Only the shameless spam hackers will think that they are amazing when they have some technical skills, crazy Trojan.

The following are some common website vulnerabilities and common hacker methods. I hope you can strengthen your defense after reading them.

1. The background address must be changed. Do not use this folder as your background address. Some friends do not know that this background folder can be renamed.

2. It is best to add a verification code in the background. Although it is troublesome, it can prevent many small hackers from using social engineering to crack your website (I have tried it, the passwords of many friends are often mobile phone numbers, domain names, qq, etc)

3. If a field is added to your website (for example, the user is required to input a birthday value when applying) to filter the fields, don't worry about it. (It is recommended that some PHP technical friends modify it. To achieve the function, it is not simple to add a publishing form to the background of the form at the front end and then add a database field, to prevent XSS attacks, add htmlspecialchars, mysql_escape_string ())

4. Some friends also used some small programs in their own space to add features (those programs I also used forgot to delete and the results were hung up), for example: album, registration and other programs, the authors of these programs are not specific, their programs will basically have a certain risk. A friend's website is exploited by hackers to upload the blackeyes pony (Trojan Horse), obtain the right to use the virtual space, and then batch Mount Trojans.

5. Do not ignore the risks of IDC server vendors. I tell you that hackers often do not use point-to-point methods to crack your website, the method to choose next to injection is to crack other websites on the same server as you, others need to know which of your website's neighbors are easy (go to this website and check all the websites under the same ip address by yourself, by entering your IP address, you can crack other users on the same server, making it easy for you to mount a Trojan. This issue will not occur if some good servers still have severe restrictions.

6. It is better to strictly control the user upload column that you enable. This is also critical. If hackers do not crack your background, it will be much harder to get rid of your Trojans, because they need to upload a trojan tool. If you have already been infected with a Trojan, check whether your website allows html upload. php. asp and other files.

7. Keep an eye on the officially released security patches. I have studied the last several security patches. Some vulnerabilities may be exploited by others due to double reasons, we can see that we are still concerned about the security issue. I remember that the member patch was released in January. In February, some hacker websites published articles about websites without such a patch, I am speechless and hope you will pay attention to the official security patches at any time.

8. Some friends often upload files after the horse to this forum and hope you can study them together. I want to say, "the uploaded file cannot be prevented, because the JS or iframe is not critical, you have uploaded a trojan that can only crack the encrypted file." What others leave is just a purpose rather than a tool.

9. Use tools and hacker tools to check your website's vulnerabilities. Of course, do not abuse them. Use some hacker software injected with SQL to check your website (such as the D injection device, I have used it, and I have not found any vulnerabilities that can be tagged. If you do not believe it, you can test it. Of course, I do not know it, but you should also know that, I am afraid the number of websites to be hanged will be terrible if a vulnerability is detected)

10. irresistible natural factors. For example, if a super-top Hacker wants to mount your website, I am afraid that many things without faults will be faulty. Believe me in a word, trojan-infected hackers are some cainiao hackers and tool hackers. If you do this well, those hackers do not know how to do it.