Website blacklist post-processing and batch deletion of malicious code

If an exception occurs to the website, such as the page being modified or the management account cannot be logged on, the website has been intruded. In this case, it is necessary to handle the problem as soon as possible to prevent the spread of webpage viruses planted by hackers.

Temporarily close the website

After a website is hacked, the most common situation is that it is implanted with Trojans.ProgramTo ensure the security of the visitor, you must first close the website and open it after processing. When it is disabled, You can temporarily turn the domain name to another address, such as creating a website's website, or placing a description page.

Use Backup Recovery

If a website file is damaged or deleted by a hacker and website data is backed up in advance, the backup file can be used for restoration. In case the backup is not performed, and the data is very important, we recommend that you do not perform any operations first. Please immediately ask the company dedicated to data recovery to try to restore the data in the server's hard disk.

Because some VM service providers regularly back up data on servers, users who use the VM space can also contact the space provider for data backup.

Patch vulnerability check

When a program vulnerability is published, the official website of the program will release the patch of the program. You only need to download the corresponding file and upload it to the website space to overwrite the original file according to the instructions. If no patches are available, you can temporarily disable or delete some functional files.

Next, we can view the Website access log, find out the IP Address Record of the Trojan program, and view the pages accessed by hackers again based on the IP address to check whether there are other vulnerabilities on these pages.

Trojan Detection

The webmaster can determine whether a trojan is implanted Based on the modification time of the webpage file by checking the modification date of all the changed files. Because these pages are modified by Trojans, therefore, their modification dates are very close. Then, query the newly created ASP, aspx, and ASA files on this date to isolate or delete the abnormal files.

Use phpwind Forum program Webmaster can also download a dedicated web trojan detection tool to detect and clear the Trojan (: http://www.phpwind.com/2.0/safe.zip), decompress the files uploaded to the Forum directory, if the server is Linux or FreeBSD, you also need to set the Forum directory to read/write mode. Enter the absolute address of the SAFE. php file in the browser. The program will automatically detect the files in the site. After the detection is complete, the Security Report will be displayed.

We can also use specialized web trojan detection tools for inspection, download a "website program Security Analyzer" (: http://www.zyw365.com/soft/softdown.asp? Softid = 1780), decompress the package, open the main program (Figure 1), and then use the FTP software to download all the website files to the local hard disk, select the folder where the file is located and click "scan. Wait a moment, and the software will display the name of the scanned Trojan file. Note that the software is relatively harsh and some component files and background management programs will also be included in dangerous files, it must be carefully identified during use.
Batch repair web pages

After hackers intrude into the website, they always add them to the webpage.CodeDuring Trojan planting, users can automatically open and download the trojan program when browsing the website. Some trojan programs automatically add a line of code after all the webpage files: if there are many website files, manual cleanup is impossible. In this case, you can use the batch modifier of the digital dragon web page to batch Delete malicious code.

First, delete the trojan files in the website space, then download the batch modifier of the digital dragon web page, open the software main program, and enter the detected malicious code in the "delete character" column, then, select the folder where the website file is located and click the start button. The software will automatically complete the page repair operation (figure 2 ). After confirming that no malicious code exists, upload all the files to the website space.