Solve the difficult problem of Trojan Infection

Website Trojan Prevention Measures

After learning about the main causes of website Trojans, we can develop corresponding preventive measures to prevent website Trojans. The following points should be noted:

1. Website Server Management

Install patches in a timely manner. Patching is not only required for the system, but also for all programs that provide external services.

If conditions permit, use special planes. Do not place other services such as FTP, file sharing, and printing services on Web servers.

Disable all unnecessary service programs and ports on the Web server. For example, the Database Service port only needs to provide local services to disable remote connection permissions.) This reduces the risk of attacks.

Web developers must install anti-virus software on their machines, and you can also choose to install the appropriate anti-virus software on the server.

Using hardware virtual machine technology to provide multiple Web services on a server is more secure than using virtual host services directly. When only the VM service is available, we recommend that you strictly restrict the permissions of the directories and accounts of each VM to avoid affecting all the websites on the server due to a website issue.

Do not perform service-independent network operations on the Web server, such as surfing the Internet and sending and receiving emails.

Periodically performs security scans on your Web servers. You can choose to use free security scanning software, such as nesses, or local security scanning software. You can also choose online security scanning service.

If conditions permit, try to configure a dedicated firewall device for the Web server.

2. webpage code management

The Administrator should clarify the source of the webpage code of his website, whether to develop it independently or use an open-source or commercial website construction system. If it is self-developed, all Web Page code should be audited. If you are using an open-source or commercial build system, you need to keep an eye on the updates to your website's background versions.

Currently, there is no particularly useful Automatic Detection System for code auditing. In most cases, human intervention is required. Some security companies will provide paid services in this regard. If the Administrator audits the code by himself, the administrator should focus on Webpage code that includes database operations, file read/write, user input, and other functions, and use valid regular expressions to strictly limit user input. If there is no special need, using static pages is a good choice.

The minimum principle should be followed for the account that the Code operates on the database. If you only need to query, you should use an account with only the query permission.

Use security scanning software and specialized SQL injection vulnerability scanning software such as Pangolin to scan websites to effectively locate vulnerable pages.

Some application-level firewalls can effectively block most SQL injection attacks. Web page tamper-proofing systems installed on Web servers can also reduce the risk of website Trojans.

Tips

When a user finds that his or her website is infected with a Trojan, the user should first analyze the cause of the website being infected with the trojan, then clear the link, and reinforce the server. This includes performing a comprehensive security scan, system reinforcement, or even system reinstallation on the server. It also audits and reinforces all web code, instead of simply clearing the found Trojan link, the consequence of a simple purge operation may be that the trojan is again infected. The following analysis techniques help us locate the problem more quickly and handle it in a targeted manner:

Check whether the trojan link is added to the webpage source code or database on the server. If the link is added to the database, the attacker may exploit the SQL injection vulnerability.

Because viruses cannot automatically determine the structure of webpage code, the trojan links they add are usually at the top or bottom of the page source code. In addition, when the Page code is modified by virus, it will add a trojan link to all pages, rather than adding it selectively.

If not, check whether ARP hijacking exists in the LAN.

If only a portion of the webpage source code on the server is selectively inserted with a Trojan link, it means that the attacker may have obtained the server's management permissions, in this case, you need to perform a comprehensive check on the server.

If a webpage source code contains multiple inserted Trojan links, it is likely that there are multiple vulnerabilities on this server.

There are many reasons for website Trojans, but most of the time, website Trojans are caused not only by technical problems, but also by lack of management. If you can strengthen the management and maintenance of your website, we believe that the number of Trojans will be greatly reduced.