Security Settings and maintenance for 11 websites away from intrusions and Trojans

Author: Chen
After building a website for a while, you will always be able to hear what websites are infected with Trojans. It seems very easy to intrude into the website. In fact, intrusion is not simple. Simply put, the necessary security measures for your website are not done well. Please refer to my practices:

1. Modify the account password

Most of the initial passwords are admin, either commercial or non-commercial. Therefore, the first thing you need to do when receiving a website program is to "Modify the account password ". Account password should not be used before you get used to it. It should be special. Try to combine letters, numbers, and symbols. In addition, the password should preferably exceed 15 characters. If you are using SQL, you should use special account passwords. Do not use any admin or other information. Otherwise, it is easy to be infiltrated.

2.create A robots.txt

Robots can effectively prevent hackers who use search engines to steal information.

3. Modify background files

Step 1: Modify the name of the verification file in the background.

Step 2: Modify conn. asp to prevent unauthorized downloads. You can also encrypt the database and modify conn. asp.

Step 3: Modify the name of the ACESS database. The more complicated the database, the better. You can change the directory where the data is located.

4. Restrict the background IP Address

This method is the most effective, and each VM user should have a function. If your IP address is not fixed, you need to change it every time. Security is the first.

5. custom 404 page and custom transmission ASP error message

404 allows hackers to batch search for some important files in your background and check whether the webpage has the injection vulnerability.

ASP errors may send the desired information to unknown visitors.

6. Carefully select website programs

Pay attention to the existence of vulnerabilities in website programs. you should be aware of the problems.

7. Exercise caution when uploading Vulnerabilities

As far as I know, the upload vulnerability is often the simplest and most serious, allowing hackers or hackers to easily control your website.

You can disable upload or restrict the types of files to be uploaded. If you do not understand, you can find your website application provider.

8. cookie Protection

Try not to visit other sites during login to prevent cookie leaks. Remember to close all browsers when exiting.

9. directory permission

Ask the Administrator to set some important directory permissions to prevent abnormal access. For example, do not grant the script execution permission to the upload directory or write permission to non-upload directories.

10. self-testing

Today, there are a basket of online hacking tools to test whether your website is OK.

11. Routine Maintenance

A. Regularly back up data. It is best to back up the backup file once a day. After downloading the backup file, you should delete the backup file on the host in time.

B. Change the Database Name and administrator account password on a regular basis.

B. Use WEB or FTP to view the volume of all directories, the last modification time and the number of files, and check whether the file is abnormal. And check for any abnormal accounts.