Solutions for website servers infected with Trojans

Www.2cto.com: suspected of having 360 soft texts

This solution mainly solves the problem of trojans on the WEB server of the website. Sort out this document based on the preliminary experience. If there are any deficiencies, please add them.
 
Prevention of server Trojans should be focused on strengthening the management of software and hardware firewalls. Strengthen program robustness testing, timely detection, repair, operating systems, application platforms, and WEB programs. Because of the characteristics of Internet-oriented WEB services, WEB servers are open and cannot fundamentally reject illegal requests from any computer on the Internet. However, we should also prevent such requests, it can also be quickly repaired.
 
Trojan intrusion detection.
During the trojan intrusion period, IP addresses from illegal sources frequently request servers, resulting in network access exceptions. On the one hand, we can see exceptions from the CPU usage, concurrency, network traffic, and other parameters monitored by the data center.
You can also see the size of the server error log file on the WEB. Under normal access, the daily log size does not fluctuate greatly and is consistent with the overall PV curve of the website. In the case of external detection or attacks some time ago. The WEB error log is several times larger than the normal value, and the content of the error log is a continuous request to the same website. The access status is abnormal.
 
Symptoms of Trojan Infection
Symptoms of server Trojans are as follows.
1. Use the 360 browser to open a webpage with a Trojan. the browser status bar turns red and a red alarm appears.
2. Some anti-virus software will trigger an alarm.
3. Access to the website using Google Chrome is forbidden.
The above symptoms may occur at the same time, and the search engine and anti-virus software may also report false positives. However, in either case, attention should be paid to it. Strengthen troubleshooting.
 
Trojan detection and removal methods
1. If there is a page warning with a Trojan, you can check the source code of the current page according to the warning content and find the trojan location to be cleared.
2. Use Google webmaster tools to check the completeness. Process the results retrieved by webmaster tools.
3. Use the 360 website security detection tool for detection. 360 website security detection tool is 360 new service, recommended, access address is: http://webscan.360.cn
4. Use the xunxun WEBSEHLL scanning tool to scan server program files and check for suspicious files and high-risk files with Trojan marks. Http://sales.yxlink.com/download.html
5. Manual troubleshooting. The implanted Trojan generally has a certain regularity. No automated tool can replace manual analysis and processing.
 
Several precautions for Trojan Detection
1. Determine the trojan type and infected area. Trojans are HTML or JS tampering, program files, and database Trojans. Some trojans do not modify the "modification time" attribute after files are tampered with, which is concealed and difficult to identify which files have been modified.
2. Comprehensive troubleshooting should not rely too much on tool detection. Tool detection works almost the same way as search engines. It cannot be ensured that all pages are traversed. You must log on to the server to find out the keyword features of Trojans, such as link URLs for comprehensive file search.
3. server security technology involves software engineering, script technology, database technology, hardware, network and other fields. A person's knowledge is still limited and has problems, the superior leaders should be provided to them in a timely manner, and multi-party personnel should be coordinated to solve the problem.
 
 
From Naola's column