Use of virtual host (space) webmaster Friends, may encounter the site is often hung black chain, Trojans and other situations, but this is a program or space (server) problem?
This question is really tangled, if you ask the space trader, they will say is the procedure question, then you look for the program developer, they must say is the space problem.
To judge from the technical point of view:
1, Webmaster station tools with IP site inquiries, enter your domain name, query the same server on the other sites, if there are more than 5 have the same black chain or trojan, then space (server) the probability of a very large;
2, the Web site in the space of all the files deleted, upload pure static html or HTM files, if a few days or is black, then must be a space problem;
3, if your program is purchased on the network, or free download, you should pay attention, because these procedures have changed hands, may have ulterior motives, this situation is not a few, especially the so-called packaging procedures, preferably a file of a document to see if there is no problem. Lest there be a back door left.
To know those so-called website "packaged download" is also through the intrusion site, and then use Trojan Horse program to package their website, these sites themselves have security risks, if not repaired, may be invaded. And some of the "pack Master" in the packaging site, and did not clear their own invasion of the site used by the backdoor, such as Trojans and other tools.
Therefore, the purchase of the program on the network and the download of others packaged procedures, to be carefully examined, it is likely that the program is a loophole or a backdoor caused by itself.
4, the emergence of the horse's web site, most of the ASP, these procedures are mostly 2005-2008 years of development, and then there is no update, the new vulnerability is open. In particular, the level of some authors is not high. It's best to find someone to help you look at it; This web site was hacked into black chain because of the high probability of the program being caused.
5, the site after the problem, download all the files, check whether there are files such as xxx.asp.gif, be careful, this is the majority of the program upload audit problems caused. If a directory such as Xxx.asp appears, this is typically caused by an operating system vulnerability that is not patched. Some backdoor commonly used filename:, he1p.asp (is the number 1 is not the letter L), t0p.asp (is the number 0 is not the letter O), it is best to check the whole station code. It is recommended that you use the Beyond Compare tool to compare files that were previously backed up and files that were mounted after the horse.
6, upload space probe procedures to check whether there are Wscript.Shell and other basic security issues. If there is, you can try to upload an ASP Trojan horse program, to test, if you can see other sites, or modify the system settings, it must be a server security problem.
Of course, the server (space) and the program are related, one of the problems, the site security problems. Some program vulnerabilities must be in a specific server environment to burst (program vulnerabilities, can be limited by the server policy, and to achieve the purpose of ensuring security), conversely, some server system vulnerabilities, There must be a certain program problem to be exploited (although the server is vulnerable, the hacker needs a pointcut and your program happens to be there.) such as: A typical component-free upload and IIS6.0 directory file name resolution vulnerability. )
Security recommendations:
1, space selection, as far as possible not to use the almighty space, supporting the program language more, the greater the security problem. If your program is Php+mysql, do not use a space that includes support for ASP;
2, the use of the program:
A, the network download the program: Notice the release time, check whether there are updates, if it is a few years ago, as far as possible with the latest procedures to replace. If you really want to use it, check to see if the most basic security vulnerabilities are fixed. Check to see if anyone with ulterior motives has added malicious code and backdoor;
B, the hacker packs the release the procedure: This kind of procedure itself security problem is very big, must repair itself. Also have to check the intruder to use the backdoor program, Trojan Horse program has been cleared;
C, the use of CMS program: Subscribe to pay attention to the official news, such procedures tall tree catches, easy to burst oday, a release patch, it will be the first time to play;
3, Space use: The current IDC provider used by the host management platform mostly contains some security features, to make full use of.
Folder IP Access Restrictions: Admin directory for the Web site, may be set to restrict their own IP access;
Set execution permissions: For image and other pictures directory, file upload directory, you can set the cancellation authority to ensure that the upload of the Trojan file is invalid;
Write permission settings: Turn off some directory write permissions, such as the configuration file directory, and so on, to ensure that it is not modified, when required to open again;
Set deny IP: A blacklist of IP settings that attempt to crack passwords in some log records.
4, develop a good backup habits, at least every half a month to do a full station off-site backup (to their own computer), the database and upload a weekly copy of the file directory for off-site backup, often through the program backup database, there are large changes, to be modified before and after the off-site backup.
5, choose a technical strength of the host provider and program use:
In the space trial period, you can upload probes, trojans and other procedures for security testing. Observe the other sites of the same server;
Make full use of search engines to evaluate the security of the program and ensure the minimum security.