Web Application Security Protection-web Trojan

Trojan Overview
Malicious Program . Most of them will not directly cause damage to the computer, but are mainly controlled.

Web Trojan (SPY)
On the surface, it is disguised as a common webpage file or maliciousCodeDirectly insert a normal webpage file. When someone accesses the webpage, the webpage Trojan will automatically download the server of the configured Trojan to the visitor's computer using the system or browser vulnerability of the other party for automatic execution.

The other is to place a Web-based spy program in a directory of the website through website security vulnerabilities or social engineering principles.

Main forms and hazards of spy on webpages
Attackers can read, download websites, and obtain sensitive files in the server system illegally.
Modify and delete websites, important files in the server system, damage the website or server system, and make the website or server system unable to work normally. Or tamper with important content to fool visitors or damage the company image of the website.
Modify the website program and mount a Trojan on the website page, causing the computer system of the visitor to be implanted with a Trojan program.
Attackers can obtain advanced permissions of the server, control the server, and perform illegal operations.
The Web server is used as a stepping stone to intrude into the internal system of the company.

Principle of webpage Trojan
Attackers can exploit this vulnerability to upload files or apply a social engineering principle to place illegal *. asp, *. php, *. aspx... files on the website.
Check that the directory where the file is located has the execution permission to ensure that the above files can be executed by the Web server.
Confirm the illegal webpage program, and have the permission to read, modify, and delete files.
Check whether the illegal webpage program can execute special system commands.
Check whether software/service programs with vulnerabilities are installed on the server
Illegal operations are performed using the illegal webpage Program

main defense means
IIS does not enable write permission
File Upload programs on the website, to have certain security filtering capabilities
the storage directory of uploaded files is not allowed to execute scripts in IIS
it is recommended that you set the file or directory to read-only if you do not need to modify it dynamically.
websites with security risks should be set in an independent application pool
the execution identity of the application pool should be set separately, in order to isolate access permissions between different application pools, the user's system permissions should be kept as low as possible (for example, not allowed to execute high-level system commands)
the file system uses the NTFS format, set sufficient minimum permissions.
the Database Service Department allows direct access from a local account, in particular, administrators are not allowed.
it is recommended that you do not allow database users on the website to have XP-shell execution permissions.
third-party software with security risks should be avoided as much as possible, for example, Serv-U.
if it is iis7.5, we recommend that you set the application pool ID to application poolidentity