Analysis on the security of personal website and its countermeasures

Source: Internet
Author: User
Keywords Personal website

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

New Chen from practice, relying on their own experience of building the site as well as personal webmaster (especially forums, blogs, etc.) of the study, and reference to the major sites of various construction site tutorials and web site SEO process. A number of Personal forum Web site examples, and add their own insights for analysis. For Personal Forum Site security issues, is a personal webmaster must be brave to face and confrontation process. Here, new Chen puts forward the method that treats it.

After the new market survey, the current market has 50% of the Web site use is the Internet Public template site, resulting in nearly 45% of the site become someone else's money-making tools, open source is very unsafe, from which to find loopholes, the use of sites for profiteering.

The above data indicate:

1, the number of personal webmaster is not only a sharp rise, but also personal webmaster has begun to pay attention to the site's SEO promotion, this is not only a technical live, but also a test a webmaster threshold;

2, now the webmaster have begun to achieve profitability, SEO technology for the site has begun to mature. This shows that the personal webmaster more attention to technology, including website promotion, SEO, as well as the security of the site;

3, many websites now have a lot of unsafe factors.

This information tells us that the number of Web sites is growing rapidly, and many sites have started to profit, but the security of the site is also quietly growing ...

As the name suggests, the personal site is not more than 10 people of the group, that is, in this team, you have to assume multiple roles, new Chen blog with an interesting analogy is: personal webmaster Entrepreneurship so you have to become a Superman, forcing you to learn all kinds of things ... A person's energy is always limited, so big a website, from the website typesetting, website code optimization, the promotion of the website to the forum of various plate and daily maintenance, server operation, website SEO, there are too many things need you to do ... So, inevitably there are some places you don't, you ignore, so these become your site security issues.

According to the data analysis, now the market has 50% of the Web site use is the Internet Public template site, resulting in nearly 45% of the site become someone else's money tools, open source is very unsafe, from which to find loopholes, use the site for profiteering. This means that there are more than half of the existing sites that may have backdoor procedures. Of course, I said these backdoor procedures are those malicious backdoor, these backdoor is the source code announced deliberately added up, for now the personal webmaster, to identify the code is still very difficult. So, this code on the website crazy, use this code malicious attack a website, steal its user information, steal back SUP program ...

At present, for small websites, new Chen think the most common database is access, there are many sensitive information in the database, need administrator attention things, such as: backstage password, customer data and so on, and these will become unscrupulous elements for profiteering targets, Access suffix is. mdb in the browser is the customer is directly downloaded, so we recommend that the administrator to the database security settings, placed in the database is downloaded, causing the background administrator leakage, causing the site security problems.

The setting of the robots is generally a more tangled problem, if set, will be exposed to the background management address, site security will leave hidden dangers, but is conducive to the search engine crawl, here to the webmaster some suggestions, recommend the background do not use login.asp login.jsp, etc. Universal login name, you can set a complex file name. At the same time, set up a verification code mechanism to prevent brute force.

Web server settings security has always been in the Internet, new in IIS, after each update completes, as far as possible to set not to write operations, so as to effectively prevent IIS vulnerability issues, for Tomcat, the need to set Tomcat management password, as far as possible to set up complex, this is what webmasters need to know.

Weak password security is completely prevented, webmaster new SEO Blog To facilitate memory, set some simple password, such as domain name, name, QQ, and so on, this information can also be obtained from the WHOIS, the black record is basically 99%, so strengthen the background password settings, is also an important factor in website security.

This security issue is one of the most serious problems space is a variety of sites placed in a server, it is conceivable that the safety of other people's sites will directly affect their own site security, through the vulnerability of others to get the server user name and password, thereby infecting all the site, which is a very terrible factor, unable to defend , unless you are managing a VPS or stand-alone server, webmasters need to view the site data every day and find and solve problems in a timely manner.

These problems make a lot of webmaster stop, so that they stay up every night, every night to delete one after another malicious posts, to disarm one after another malicious attacks ... It is these security issues that make many personal webmaster die in the cradle ...

Here are some basic security issues to solve:

1, it is recommended to use the website to launch the source code or to the official proposed system to prevent backdoor procedures and source code loopholes;

2, it is recommended to use the host or VPS as the site's server, to prevent the risk of side note, to prevent malicious attacks, to prevent the backup is not timely and so on;

3, it is recommended to learn some basic website language, easy to understand the basic code information and timely response;

4, it is recommended to pay attention to the background management interface to facilitate the occurrence of extraordinary events.

New Chen know, personal webmaster of the times, there is wind and rain, there are bitter sweet, which is full of passion and blood, whenever you open Webmaster tools to view website information, is the sweetest moment of laughter ... For the same network through the webmaster, new Chen here, to everyone refueling! After all, for the security of the forum now, we must pay attention to it, because this is your biggest side of a time bomb, so please remove it! Web site security issues, like Microsoft's bug patch, will never be updated, Because technology is progressing, there is no absolute. But it's always good to keep an eye out. Since it is your time, please take a good grasp of it!

This article is written by New Chen Blog, reprinted please specify the Source: http://xcen.cn/324.html

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.