What should I do after the website is attacked by hackers?

What should I do after the website is attacked by hackers?

If your website is unfortunately attacked, follow the prompts below:

1. confirm that the website to be attacked has been tampered with. All possible attacks only involve website permissions, which are commonly referred to as webshells. Attackers may also escalate permissions through webshells and have obtained server permissions, it has even penetrated into the Intranet. Therefore, you can identify and confirm the attack range through logs and other signs.

2. Back up logs (such as IIS, apache, FTP, Windows/Linux/Unix ). Some logs may have been cleared by hackers. You can find more logs by means of log recovery. If there is a large loss, you can trigger an alarm. At this time, the log plays an important role. The case handling personnel can use the log to find the whereabouts of intruders. The log also plays an important role in finding the methods used by hackers to attack the website and find the vulnerability.

3. Remove Backdoor programs. Generally, hackers will install various Backdoor programs, such as asp, aspx, php, jsp, cgi, and py, to consolidate the "Results" for a long time. If the hacker has obtained the server permission, you can check system-based backdoors such as Rootkit, rebound Remote Control Trojan, check whether the hacker has replaced the program, and clone the administrator account.

4. It is not enough to fix vulnerabilities. You must find the vulnerability. This is a fundamental solution to security problems. This process is the most difficult and generally involves development, experienced security personnel are required to solve the problem.

5. After changing the original configuration to fix the vulnerability, we need to change some previous configuration files, for example, you need to change the path or file name of a website background password, database connection password, or a database in the format of ACCESS or ASA to prevent hackers from intruding into the database again through the previous record information, change the Administrator password, such as Administrator and Root.

Website anti-Black suggestions

1. if conditions are met for penetration testing, you can hire security personnel for penetration testing or professional security personnel for maintenance. Or learn the hacker attack and defense technology to achieve the essentials of defense, can access the http://vip.2cto.com

Tip: after being authorized, the penetration test simulates hacker attacks to find vulnerabilities and vulnerabilities on networks, servers, and websites, and provides corresponding security solutions.

2. Enhance Security Awareness if there are security devices to protect the website, and the website source code passes professional security audit, if the website background password or FTP password is set to 123456, so good protection is useless.

Website security cannot be ignored. Hackers can control website permissions through a small website vulnerability, and then obtain server permissions through elevation of permissions in Webshell, or even use this server as a stepping stone, control the entire internal network and Traverse Network Resources by means of overflow, sniffing, brute-force cracking, and social engineering. As a result, security events such as leaks and core data damages continue to occur.

If you want to protect your website from being hacked, there are other ways to do this: by deploying CDN nodes in different regions, you can avoid direct attacks from hackers on open-source websites, improves the security of the source website and accelerates Website access. It is the best of both worlds.