Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall
Is your site often hacked? How can webmasters prevent their websites from being hacked? The most common hacker intrusion now is the use of injection to reach the goal of invasion. Webmaster How to prevent their own web site was hacked? Here is my experience, you can refer to the following!
Hacker intrusion of the site is the most preferred site of high traffic, how to avoid it? Personally think it necessary to do the next step!
One: injection holes must be filled
What is inject loophole, how to produce, these I also embarrassed to say in this, Baidu many about this aspect introduction. For example, your site is dynamic (assuming this URL: www.xxxxxxx.com/show.asp?id=110) after the URL Plus and 1=1 display normal, and 1=2 display errors, indicating that your site is an injection loophole. There are many injection tools on the Internet can also be manually injected to crack the administrator's account password, and now online also popular cookie injection, for example, you and 1=1 and and 1=2 both display errors, you do not inject a cookie to fill the hole, it will also cause the hacker invasion. Many of these patch codes are online and can be downloaded.
Two: Modify the database address
Database address, this is important, for example, you are using a new cloud, easy to use, and you are not accustomed to the database address because of convenience, so you will be used by hackers. So be sure to change.
Three: Manage login page and upload address
Manage Login page Don't use silence, this is also very important, for example, you use admin, admin/login.asp, manage ... Wait a minute. You have to revise. The address of the uploaded file is best not open without administrative permission, otherwise it will be exploited by hackers.
Four: User name and password length set complex
Username and password do not use silence, such as admin,admin. The username and password length are set to be complex, for example, there is now an online MD5 encrypted web site, some to charge, and the longest is only broken to 12 digits. Of course not ruled out hackers use dictionary tools to crack. Password personally think the pinyin must be combined with numbers, punctuation is the best.
Five: The choice of binding to the IP server site
If you are not using your own stand-alone server, then the choice of server bindings is also important, hackers will use the method of side-note to invade the site, for example, your website hackers did not find a loophole, he will use and you bind the site to start. Personally think do not and hacker stations and web-color sites tied together.
VI: ' or ' = ' or ' vulnerability
In the online ' or ' = ' or ' is known as a universal password, this loophole must be filled. There are a lot of code online, to download themselves, Baidu is actually very useful, but also the best teacher, we do not forget it!
Seven: account password, background address settings for some small details
One way of doing it online is social engineering. Let me make an analogy, for example, your website (www.admin555.cn). Some people will be for the convenience of the account or password, background address what the settings admin555, which you give hackers drilled Zi. Improper when this also has other, for example you leave on your website QQ, mailbox, telephone This kind of, I suggest must stagger!
has been my experience, hoping to give a single webmaster to bring use!
I qq:378121033