Thinking on the problem of broiler

Source: Internet
Author: User
Tags aliyun

Source: http://help.aliyun.com/knowledge_detail.htm?spm=5176.788314863.3.5.p8zlve&knowledgeid=5980550& categoryid=8314863
Broiler inspection and protection, provide some ideas and methods, for reference:
Account Terms:
Windows:

    1. Check the server for abnormal accounts, see if there are non-system and user-created accounts within the server, general hacker created account account name will be a $ this character, there are such accounts exist, please immediately disable or delete;
    2. Hackers may also create hidden users within your server, hidden accounts in the local user is not viewable, you can click on the server inside the start-run-input regedt32.exe, select Hkey_local_machine/sam/sam, by default, the content is not visible, This time point to Sam, the right mouse button Select permissions, select Administrator, the permissions are checked for full control, OK. Then click Start-Run, enter regedit, select Hkey_local_machine/sam/sam/domains/account, open the display is all the user name of your machine, such as the presence of accounts not in the local account, that is, hidden accounts, can be deleted, This allows you to remove the hidden user (it is recommended that you back up the registry before you modify it to avoid errors in operation)

Linux:

    1. Use the last command to view the recent login account records of the server, or to view the/var/log/secure log, if there is a user other than root login, check/etc/passwd This file to see if there is an unusual account, some words use the command "USERMOD-L user name "Disable the user or remove the user by using the command" Userdel-r user name "
    2. Check if the password setting of the server internal account (such as Administrator account, MySQL account, SQL Server account, FTP account) is simpler, too simple password is easy to hack

Please set the password to a more complex exception port:
Windows:
Login Server Click Start-run-enter cmd-input Netstat–nao see if the server has unauthorized ports to be monitored, see the corresponding PID
Process number, and then the server clicks Start-and-run to enter the "MSINFO32" software environment--running tasks, view the path of running the file through the PID number
Paths, delete the corresponding path file
Linux:
The login server uses NETSTAT–NAP to see if the server has unauthorized ports to be monitored, view the corresponding PID, and then use
Ls-l/proc/$PID/exe ($PID for the corresponding PID number) command to view the corresponding file path under the PID, delete the corresponding file
Malicious program:
Wndows:
Check if there is an exception within your server startup items, first click on the server within the start-All Programs-start, this directory by default is an empty
Directory, but if you have a startup program or a. bat suffix file, verify that it is added for your technician if it is not, delete it, and then tap
Start-run, enter Msconfig, open the system startup item, and in the boot menu bar, see if there is a naming exception for the startup item, such as A.EXE
Xxxxi1su2. EXE and so on, some words you will start the item check out, and to the command to show the path to delete the next file, and finally click Start-Run, enter
regedit, click Hkey_current_user/software/micorsoft/windows/currentversion/run to see if there is an item on the right to start the exception, and then delete the
and recommended in the server installed antivirus software to judge to do the virus avira, clear the virus Trojan.

Linux:
The logon server uses the Ps-aux command to see if there is an exception process, which can be closed with the KILL command, using Chkconfig--list
To see if there is an abnormal start-up service in the boot entry under boot, some words use the Chkconfig service name off command off, and also see
Next/etc/rc.local whether there is an unusual item in this file, some comments out;
Web Services
If you have a Web service running on your server, restrict access to the file system to the Web run account, open only Read permissions, and recommend that you
Open the next Cloud Shield Web attack interception function, according to Http://help.aliyun.com/view/11108300_13857395.html?spm=5176.7400488.1998074806.5.uAmtUv Open, Cloud Shield's
The Web attack interception feature protects your server from intrusions by preventing hackers from exploiting the Web application's vulnerabilities to invade the server and prevent hackers from exploiting new vulnerabilities to invade the site.
Modify remote ports and restrict logon IP
Windows:
Modify remote Port Click Start-run-enter Regedit to open the registry and enter the following path:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\wds\rdpwd\tds\tcp
Hkey_local_machine\system\currentcontro1set\control\tenninal server\winstations\rdp-tcp
Modify the Portnamber value on the right
Restricting Remote login IP:
Windows 2003: Open Firewall Click Exceptions, select under Remote Desktop-click Edit-Change scope, fill in the custom list requires remote IP
Windows 2008/2012: Open Control Panel in turn-system security-windows Firewall-Advanced Settings-Inbound rules-Remote Desktop (tcp-in)-scope, fill in remote IP with server IP that requires remote connection
Linux:
Modify the remote port you can edit port 22 in the/etc/ssh/sshd_config file in the server to modify the 22 to a different port, you need to restart the next SSH service after the modification, you can use
/ETC/INIT.D/SSHD Restart command reboot
Restrict login IP can edit/etc/hosts.deny,/etc/hosts.allow two files to limit under

Thinking on the problem of broiler

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.