If the site is found to be abnormal, such as the page was modified, admin account can not log in, then the site has been invaded. At this point need to be processed as soon as possible to prevent hackers to grow the Web page virus spread.
Temporarily close a Web site
The site was hacked, the most common situation is to be implanted Trojan program, in order to ensure the safety of visitors, must first shut down the site, pending processing and then open. When off, you can temporarily turn the domain name to another address, such as setting up a Web site or placing a description page.
Using Backup Recovery
If the Web site files are hacked or deleted, if the site data backup in advance, you can use the backup file directly restore. In the event that backups are not backed up and the data is important, it is recommended that you do nothing and immediately ask the company that specializes in data recovery to try to recover data on the server's hard disk.
Because some virtual host service providers regularly back up the data in the server, users who use virtual host space can also contact a space provider for data backup.
Fix the bug.
When the bug is released, the official website of the program will release the patch of the program, only need to download the corresponding file, according to the instructions uploaded to the site space coverage of the original file can be. If the relevant patches are not present at the moment, you can temporarily disable or remove some feature files.
Then we can look at the Web site's access log, to find access to the IP address records, according to the query to the IP address, again see the hacker also visited which pages, check these pages have other vulnerabilities.
Trojan Horse Program Detection
Webmaster can be based on the page file modification time to determine whether the Trojan is implanted, the method is to see all the changes in the file change date, because the Trojan modified these pages, so they modify the date is very close. Then query the newly established ASP, ASPX, ASA file for this date and isolate or delete the exception file.
Use the Phpwind Forum program webmaster can also download a dedicated web Trojan detection tools to the Trojan detection and removal (download address: http://www.phpwind.com/2.0/ Safe.zip), after decompression will file all uploaded to the forum directory, if the server is a Linux or FreeBSD system also need to set the forum directory for read-write mode. Then in the browser to enter the absolute address of the safe.php file, the program will automatically detect the files in the site, the detection will be displayed after the security report.
We can also use a dedicated web Trojan detection tool to check, download a "Web site Program Security Analyzer" (Download Address: http://www.zyw365.com/soft/softdown.asp?softid=1780), after decompression open the main program (Figure 1), Then use the FTP software to download all the Web site files to the local hard drive, select the folder where the files are located and click the "Scan" button. Wait a moment, the software will show the name of the Trojan file scanned, to note that the software detection is more stringent, some component files and background management procedures will be included in the dangerous documents, in use need to be carefully identified.
Bulk Repair Web pages
The general hacker invades the website after all is in the webpage to add the code to carry on the Trojan planting, so that users browse the Web site automatically open and download Trojan program, some Trojans will automatically in all the Web page file after adding a line of code: If a lot of web site files, manual removal is simply impossible. Then you can use the Digital Dragon Web page batch modifier for malicious code to delete the bulk.
First delete the Trojan file that exists in the Web site space, then download the Digital Dragon page batch modifier, open the software main program in the "delete character" column input detected malicious code, and then select the Site file folder, click the "Start" button, the software will automatically complete the repair of the Web page (Figure 2). When you confirm that there is no malicious code, upload all the files to the site space.