An analysis of the 70 days ' tangle with black chain

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

70 days and Black chain entanglements documentary summary, today published a summary of the October since the beginning of the site and the black chain of repeated entanglements, 70 days of entanglements also make their own a bit of experience, write down to save some novice detour.

Black chain, as the name suggests is the Black Hat link, that is, through black hat gimmick, get the website permissions, Hang Dark link. Such links are mostly invisible links, home content does not show, but search engines can crawl to the source files can be found. From the beginning of October, up to now 70 days, intermittent web site has been hanging black chain, constantly delete, looking for backdoor, loopholes. Over and over, nearly a few, the current site has finally stabilized, before, see a lot of places are in the black link, did not care, thought that this is just another way of life, after all, everyone is in order to make money, can understand, but did not expect the final black link hanging on their website.

At the beginning of October, the National Day holiday happy to spend, never want to just return to the company, routine inspection site situation, suddenly found that the site was a large area hung black, all kinds of pornography, illegal, movies, games, such as links are not enough colorful. Shock, immediately delete the link on the home page, check Baidu snapshots, fortunately not be Baidu included black link. Into the template observation, found that it modified the homepage template, after recovery, the site normal. I thought it was calm. Never want to rise again, and more crazy.

In mid-October, the black chain returns, and a large number of black links are hung on the home page, and the first situation is basically the same, delete these black chain, inadvertently open the table of contents, view the source code, suddenly found that the directory page was also linked, and this time hang more ruthless, more rampant, no way, only careful examination, finally, found that both the catalog page template and the Inner page template were modified, and the basic entire site page was hung black. Depressed angry that is unavoidable, there is no way to seriously check the Web log. After careful review, the goal will eventually be established to a suspicious IP, this IP carried out a large number of Web site files scanned, finally through the site to upload a Trojan horse. Determined the backdoor of the Trojan horse to remove it. After modifying the password in the background of the website, in order to ensure the security of the website, it took another afternoon to carefully check all the files in the Web server. It's time-consuming and laborious. I thought this should be no problem, right? Never thought, next is the big problem no, little problem constantly ah.

After the end of October, continued to appear on the home page was hung black chain, and then analysis found that the site may be before the website was hacked FTP password leakage, and then changed the FTP password is better. Then there is a daily spam, spam messages piled up in the message board, forums and other places. Until December, to the above application to close the message board, the forum such features successfully approved, the site situation is basically stable.

70-Day Experience Summary:

If you find similar code in your site source file, delete it.

2. Troubleshooting steps

1 Check the home page, the contents page, the inner pages. Notice change time, some change time obviously should not exist, may be hung black chain time.

2 through the record is changed time, check the website log file, lock suspicious IP and its operation action, troubleshoot the rear door, Trojan.

3 is also not assured that the whole station of the server check, for possible changes in time, to observe whether there are other items are changed, including JS picture templates and so on.

4 Modify the server password, background password. Although it might not work for a hacker with a vulnerability attack, it works for the average hacker, especially when there are FTP records.

5 Repair site vulnerabilities. Generally may be due to the low version of the program, the upgrade of the program can be basically, of course, if you have other upload content programs, such as forums, message this, you need to pay special attention to. does not work, or can not use, try to close or remove the function.

3, Attention matters:

1 Check time must record or notice the change time, for the subsequent inspection save a lot of trouble. Improve efficiency.

2 must check the site's log, general purchase space words have this service, log time may be within 7 days, if it is their own server, must set up a good log, easy to observe and analyze.

3 Delete The black chain must change the FTP password, background password, you can change the background path.

4 regularly upgrade procedures to reduce some of the vulnerabilities. Develop the habit of regularly changing FTP passwords, background passwords.

5 forum, message, such as similar functions, if useless, try to remove. If necessary, you need to pay more attention, including possible spam messages.

Because hackers in the network, hacker software, so the black chain will also exist for a long time. And the tangle of black chain certainly unavoidably, above basically is 70 days over black chain entanglements content, hope to some novice help, save some detours, avoid time-consuming and laborious. The article is compiled by www.vziji.cn, reprint please reserve, thank you for the approval and support of this article.