How to Prevent servers from being threatened by ASP Web Trojans
Nowadays, many webmaster friends often build several or more websites or substations on one server, or share servers with others.
If another website suffers intrusion and obtains websehll or even Elevation of Privilege to the server, after the server is intruded, all the websites on the server are threatened.
Therefore, we should not only ensure website security, but also ensure server security! Here we will summarize the methods to effectively prevent webpage Trojans.
If your website has a vulnerability that is maliciously attacked by hackers, your server will also be threatened. I hope this article will help you solve your problems.
Currently, the popular ASP Trojan mainly uses three technologies to perform server-related operations.
1. Use the FileSystemObject component
FileSystemObject can perform regular operations on files
You can modify the registry and rename this component to prevent the dangers of such Trojans.
HKEY_CLASSES_ROOT/Scripting. FileSystemObject/is renamed to another name, for example, FileSystemObject_ChangeName.
You can call this component normally when you call it later.
Also change the clsid value.
1 HKEY_CLASSES_ROOT/Scripting. FileSystemObject/CLSID/project value
You can also delete the Trojan to prevent its harm.
Run the following command to log out of this component:
1 RegSvr32/uC:/WINNT/SYSTEM32/scrrun. dll
Disable the use of scrrun. dll by Guest users to prevent calling this component.
Run the following command:
1 caclsC:/WINNT/system32/scrrun. dll/e/dguests
Ii. Use the WScript. Shell component
WScript. Shell can call the system kernel to run basic dos Commands
You can modify the registry and rename this component to prevent the dangers of such Trojans.
1 HKEY_CLASSES_ROOT/WScript. Shell
And
1 HKEY_CLASSES_ROOT/WScript. Shell.1
Change the name to another name, for example:
1 WScript. Shell_ChangeName
Change to or
1 WScript. Shell.1 _ ChangeName
You can call this component normally when you call it later.
Also change the clsid value.
1 2 HKEY_CLASSES_ROOT/WScript. Shell/CLSID/project value HKEY_CLASSES_ROOT/WScript. Shell.1/CLSID/project value
You can also delete the Trojan to prevent its harm.
3. Use the Shell. Application Component
Shell. ApplicationAttackers can call the system kernel to run basic dos commands.
You can modify the registry and rename this component to prevent the dangers of such Trojans.
1 HKEY_CLASSES_ROOT/Shell. Application/
And
1 HKEY_CLASSES_ROOT/Shell. Application.1/
Change the name to another name, for example:
Change
1 Shell. Application_ChangeName
Or
1 Shell. Application.1 _ ChangeName
You can call this component normally when you call it later.
Also change the clsid value.
1 2 HKEY_CLASSES_ROOT/Shell. Application/CLSID/project value HKEY_CLASSES_ROOT/Shell. Application/CLSID/project value
You can also delete the Trojan to prevent its harm.
Disable Guest users from using shell32.dll to prevent calling this component.
Run the following command:
1 caclsC:/WINNT/system32/shell32.dll/e/dguests
Note: All operations take effect only after the WEB Service is restarted.
Use cmd.exe
Disable the use of cmd.exe for guests
1 caclsC:/WINNT/system32/Cmd.exe/e/dguests
The above method is to operate in the window2000 system. If you change C:/WINNT/system32 to c:/window/system32 in the window2003 system!
The above four steps can be used to prevent several popular Trojans, but the most effective method is to achieve the server and program security standards through comprehensive security settings, to prevent more illegal intrusions.