How to fix the ranking of attacked websites on the server

The server was under the php Tutorial-dos attack. The problem was that the PHP program vulnerability was exploited by hackers and thus the php-dos attack was launched. The server continuously sends packets outward, with the traffic at 100 MB (see figure 1 ). My server was directly frozen in the IDC, so I submitted a new unfreeze application. After several hours, the unfreeze was completed. I thought it was solved in this way, but I didn't expect that remote connection could not be achieved. I found myself in a mess. I went to the Internet to find some success stories. All documents indicate that IIS should be disabled before going to remote. I submitted another application to disable IIS. After the application is closed, it is possible to access the remote computer. When the application is available, the blue screen is displayed. I thought to myself, my God. Apply to restart the server in the IDC. After several setbacks, the remote connection finally went in, and the PHP program vulnerability was directly added. The code for these vulnerabilities, of course, is not developed by myself. I am only a grassroots Administrator. One of the steps is all from the Internet, and the handling experience is summed up by people who are connected to me. Alas, the emperor was finally taken care. Everything on the website is normal.

 

(Figure 1) outward packet data

After the DOS attack problem is solved, I thought it would not happen again, but everything was unpredictable. On the third day, the server was attacked again by CC, so I carried the CC attack problem again, perform a direct Baidu search. There are too many search results. CC attack, which is also a small part of the php-Dos attack, was originally thought very simple. After the process provided by the instructor, I observed it, my server uses the WINDOWS2003 + IIS6 + PHP + mysql tutorial. w3wp is the IIS process, and the progress is soaring. It occupies CPU, and the website is very slow. The result is displayed in a pop-up window. The content is in English and the system error message is translated. (because the server has reinstalled the system, I cannot remember the specific English information ). In this case, we can only reinstall the system. Reinstalling the system does not mean installation. Now we need to format all the disks on the server so that all the viruses in the server can be completely processed. The website and data on the server always have more than 30 GB. The server is rented for the whole time, not from our company. It is also troublesome to handle. Let the server headquarters back up the data for us, they said NO. Since we paid, they also told us NO. In this world, download it as long as you suffer. If the system is to be installed, install a Thunder. This will speed up loading, but the fact is not exactly what I imagined. How to install Thunder is a display error. There is no way, just start a machine, use FTP to load it, package it, load transfer took me two days and one night, I spent two days and one night in the company.

It was not until today that the server was handled. A problem occurred in the morning. The mysql process and w3wp process continued to rise, and the CPU usage increased by 100%. For Mysql process problems, please have detailed instructions on the internet. I will finish the process according to the operation. W3wp is not detailed due to the previous operation. After I finish, I find that the CPU usage has not declined. So I restarted IIS and restarted it. The CPU usage dropped from 100% to 1%. I thought it was a problem with a website, so I stopped running several websites on the server that thought the program would have a problem one by one, and I was blinded by the results, when I stopped one of the sites, the CPU usage dropped, and when I turned it on, it went up again. This site is a PHP program, and a database tutorial error occurs. I immediately restarted the service application pool, and the server was normal.

After the server is normal, I check whether the website has the possibility of being K. After all, the website has not been normal for so many days. After the query, the interesting picture is now in front of me (see figure 2). The snapshot of the website has been archived until March 21, 2003, which is amazing. In, the station still had no idea where it was. The website is still ranked. In this case, I think it is caused by too frequent Spider visits. However, this situation does not matter. As long as the content of the website is updated and indexed, it will be restored tomorrow.

 

(Figure 2)