Check whether a website is infected with Trojans during client surfing

1. The client accesses the Internet through the ISP, and the ISP refers to the Internet access service provider of China Netcom, China Telecom, or Internet access service providers such as long width, gehua, and tietong;

2. The customer accesses the image server of a site to obtain information;

3. Some sites do not have an image server configured. Users can directly access the source server.

Attack point:

1. attackers can send attack code on the client (Internet users) host or network, such as ARP attacks, insert malicious code, and entice users to access the site specified by the attacker. This will affect the client or its network;

2. ISP service provider's network, for example, some unscrupulous service providers force advertisement insertion. Or the ISP service provider is attacked and the user accesses the content set by the attacker.

Solution:

The link between the user and the server is infected with Trojans and can only be solved by the user end or ISP. This type of Trojan occurs when a user or a certain user accesses a specific website, but not in other regions.

Link between the source server and the backup server:

1. The server content provider manages the content of the source server;

2. Content is synchronized between the source server and the backup server based on a specific mechanism;

3. When a user accesses content not found on the backup storage, the backup storage synchronizes data from the backup storage.

Attack point:

1. The source server is intruded, And the attacker directly modifies the source content. In this way, after the image is synchronized, all clients will find trojans when accessing the site. This is often called "the server is hacked"

2. If a host in the network of an image server or server room is intruded into, attackers can use session hijacking to provide the modified content to users. This situation is common. For example, a host that is prone to intrusion can always be found in the data center. Attackers install attack programs on the host and then use ARP attacks to affect the LAN of the entire data center.

3. In the middle of the source and image synchronization links, hijacking and tampering of the data from the source to the image results in the tampered source content.

Solution:

1. Add a fixed source server to restore tampered content;

2. Search for attack sources in the IDC, isolate attack sources, and bind MAC addresses and IP addresses to hosts in the IDC to prevent ARP attacks;

3. encrypted communication is used between the source server and the backup storage, such as VPN, which consumes a lot of bandwidth and reduces performance.

The safest practice:

It is also the most extreme. The communication between the client and the source server is encrypted, which ensures security, but affects the user experience. A typical example is a network banking client that encrypts all data throughout the process. For ordinary Internet users, the anti-virus software installed locally is the last line of defense to protect computer security. Please upgrade it in time and call for genuine versions.

The process of a user accessing a Web site