Novice how to deal with the server is hacked

Because the novice will also make their own server to build their own station, and no professional knowledge, is not what big project, so they can only maintain their own, then be killed, must also do their own maintenance and inspection work, and then have the following.

Usually the server is killed, generally there are several situations, follow me to see it.

A simple post-black job check process:

1. The server was killed, the first I want to do is, the development of the system are temporarily closed, the system account password is modified again, please check the server before the existence of Trojans and so on. So as not to be black to give you get hash ( by some means to obtain the hash value of the system password and to decipher the plaintext password ) or clear text ( then you are vain, black and wide grinning, thought you a silly bird I listen to you again )

2. check whether the system has redundant accounts, usually manual and tool inspection, I refer to the idea here, specifically to do your own to achieve, such as can check C:Documents and Settings here, if you create a new account login 3389 regret here to generate and account name corresponding folder, even the god horse with $ hidden account, there is also the registration table to check, do not understand the tool bar.

3. Check the system open ports, their familiar port on the first regardless, there are unfamiliar to check, in the end what the program re-use, and sometimes can check out the Trojan or backdoor use of the port, the unnecessary ports are closed, to avoid accidents

4. Check the log, novice level of the general no way to clean up some logs, you can take a good look at, such as IIS, The WEB system comes with the log function, system logs, etc., this can analyze the black and wide are dry god horse bad, and how your server was killed

5. check the system of the various drive letter and the operation of the key directory permissions, such as a 2B management to my server,E disk originally did not have authority, and then I changed to everyone, and he did not go to check, as long as I Webshell in the words, the authority is very large, especially with a number of power tools, it is cool crooked

6. the use of anti-virus security software, this is to scan the Trojan, Avira Trojan and repair system loopholes, as for the choice of God horse antivirus software, we find themselves, I do not recommend to avoid being said to be gunmen, this year when the good people difficult

7.web system script back door to good check, generally look at the file operation time ( but the file time is can be changed ), with the tool audit, there are manual audit, not the ability to find the base friend, find acquaintances, there is a good backup of the system in advance, after the problem, Package two files locally with Beyond Compare Comparative analysis, of course, other comparative analysis tools can also make sure to eliminate the black-wide script, in addition to find their own Web system Vulnerabilities Best, if you know how the black-wide how to engage your Web system then you have to fix it, remember that the variants of the extension of the script should also pay attention to.

8. installation of security software, although not guaranteed 100% protection, but at least to the black to make your server add a lot of difficulties, can also block a number of so-called script boy.

but to remind the user, anti-virus software download be sure to but the official website, lest download to just software.

Novice how to deal with the server is hacked