Some security suggestions for webmasters using VPS

I don't know if the webmaster using VPS will have such experience. When Baidu and GOOGLE were just starting to include the website, one day they found that their website was mounted with a Trojan horse, the traffic plummeted, and the blood pressure went up. After half a day of work, the result was hung up again the next day, and my mind was close to crashing. I don't know how to do it well.

I think everyone knows the impact of website Trojans. Search Engine indexing, user experience, and website data security are almost the lifeblood of a website. In fact, whether it is an independent server or VPS, you usually need to take security measures for the server. The server is relatively rich in system resources, and it is easier to install anti-virus software and firewall, in addition, if conditions are met, you can add hardware protection to the server. There are many defense methods. VPS is relatively small because of its memory or CPU usage. If anti-virus software and firewall software are installed, the system will be slow and security defense is difficult.

However, you can think about it another way. If you cannot prevent it by consuming resources, how can you save it? The following is an analysis:

I. anti-virus software is designed for viruses. webmasters generally upload and download data for VPS. They are less likely to contain viruses. Anti-virus software can be installed without occupying system resources.

II. firewall personally think it is necessary. Baidu may find that many Trojans come in through the port, which is also an important channel for hackers to attack computers, and the general firewall occupies low system resources.

III. OS patch. If you are using a WINDOWS server, the patch must be played. You can choose to enable automatic system updates or install 360 security guard to update the patch. Everyone knows the Security meaning.

4. The read and write permissions of website directories are easily ignored by many webmasters. Imagine how terrible it is to grant the write permissions to the users who visit the website.

Through the above analysis, if the new VPS is used for security protection, we believe the chances of being infected with Trojans will be much lower. However, if the webmasters are removed by Trojans themselves, pay attention to the following points:

1. Perform full-Site program check because some code files will be uploaded and hidden after the hacker mounts the trojan, so that the next time you come back easily.

2. Check the file update time on the website. This shows which files have been modified or their permissions have been changed.

3. Delete unnecessary code, files, and standardize the directory structure. Imagine how difficult it is to drop a garbage in the garbage.

4. Try not to use port 21 for FTP and port 3389 for remote login.