Discussion on Web site safety protection technology

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

With the rapid development of the Internet, network security problems are also very serious. Like Trojans, viruses overrun. Let's take a look at the 3513 sites tampered with throughout the continent in September 2009, of which 256 were tampered with by the mainland government web site in September, although there were many declines.

I am here to analyze why the site has been tampered with, the main reason for tampering, I think the most important step or site security is not very important, weak security awareness is the main reason. The second reason is that there are many sites do not deploy tamper-proof system, or do not deploy a defense system, and the third is our website platform and architecture and some sites are not rigorous clicks and some loopholes, these loopholes to the hacker, the last one is the current hacker technique is quite clever, And on the internet I do not know you have not tried, in the Internet search some hacker tools are easy to search, the current hacker tools are very simple and intelligent, to what extent? for example, if you want to attack the site as long as the input URL to a little scan, you will scan your site and then list a lot of loopholes, Then tell you what method of attack, the current hacker attack this aspect is still very grim, this kind of thing is still a lot of, in the recent CCTV has a program, the program is mainly about the 09 years of Chinese Trojan Horse industry, and Trojan income has been tens of billions of dollars, the current Chinese netizens according to official statistics has more than 300 million of this piece of market is very large, About the site to sell Trojan, a program can even sell 5,000 to 10,000 or more, another sale of the "broiler" server, "broiler" can be sold to 5,000 to 10,000 yuan.

The second is to attack our large Web sites. And the third factor is personal behavior, many network teenagers always want to become famous overnight, find some tools on the Internet, in fact, not real hackers, are some rookie level, these rookie level, using advanced tools on our site is enough to pose a threat, so in the personal behavior of this piece of threat we too much.

Here are two layers of ideas.

The first is the work of the database, SQL injection attacks, many of our sites do not have user access parameters filter, or filtering is not strict enough, resulting in many attackers can be directly through the SQL to steal the account and password, they can be in many ways, find the expression inside there are related personnel accounts, find out after the crack, Finally get the database administrator password, as long as the database account password can be Trojan injection, this accounted for 70% of the hacker attack.

We now look at the horse, hanging horse is a hacker in the program quietly implanted some Trojans, so that he can let you download some Trojan horse programs, but also can control your computer, this phenomenon can explain the trojan situation, for example, we open Sina or the official website, I'll click on it. The home page pops up and opens another Web site, another site is not the point of their own, this example is a horse phenomenon, that our site has been hung horse, he let you open another site is propaganda role, so that you help click on its website to improve its website click-through, click-Through After high, for example, some companies to do some advertising, click-through access can get some corresponding income.

Another advanced hanging horse no window, is very quiet implementation of some illegal procedures, such as in your computer loaded with some programs, you visit the site after unknowingly your computer has been controlled, so the site is still very serious hanging horse, 90% of the site has been different degrees have been hanging horses, especially some school sites , the school website is mostly hung by horses.

Let's take a look at the hacker it attacks the simple process. First, hackers will first understand some of the current security vulnerabilities, they will study hackers very diligent, they study after they have a specific Trojan script for these vulnerabilities, first we see customer information, in addition to some of the main through a number of aspects, one through the Web page tampering, the other is to the database rectification, There are many ways and means, but the purpose is one.

External polling check, we will regularly check, to manual or automatic polling way to read the site's web page for inspection, to determine the integrity of the Web page content.

The second is file-driven protection, this is more effective, through the system files at the bottom of the driver protection, the implementation of Web site files or folders are not deleted modified, or found to be tampered with recovery. Through file-driven protection, static files can be effectively protected, but there is a disadvantage it can not protect the dynamic region, the database can not be protected, because some data to be changed.

Web core embedded protection is very popular, it can be very accurate to the Web page with very high filtering point, a little found that the web was tampered with immediately blocked, that is, to prevent tampering with the Web page is not left out, it's the benefits of the first, because it is inside, so there is no virus or trojan off, like we installed some of the leak-proof software, Once the virus has entered, it will shut down your software, but the core embedded technology does not have this shortcoming, the other disadvantage is a little bit of delay, but the current delay can be ignored for user access.

Let's talk about the overall security solution for the Blue Web site.

Blue technology is based on independent research and development as the core, scientific and technological innovation for the purpose of High-tech enterprises, has been concerned about the development of network security products for many enterprises network An Gong to provide maintenance. Let's take a look at two scenarios, the first scheme protects Web sites from attack through the web, and the second system is anti-channeling

Tamper with the system, the third system is the analysis of the site data, can be very intuitive chart form intuitive to reflect the site visit to make some reports, you can clearly understand the current network access situation, and finally a guardianship service, we can do some security scanning user sites and security assessment, And you can show some security reports to your site, such as what bugs you have corrected last year.

Here are a few scenarios, the first one to prevent malicious scans, prevent malicious uploads, prevent horse-hanging, and even filter some charts.

The second is a tamper-proof system, you can protect the original file of our website, to ensure that our web page will not be tampered with will not be deleted, whenever our web page to leave us to do some preparation, if found that the current stay out of the Web page and we do a backup there are different times, we think This time we are not allowed to be tampered with the page to flow out, and actively restore and alarm.

The third system we have a data analysis system, this system mainly collects the data of the website, at the same time forms some intuitive report, from the report our management person is very easy to know, for example this year May one day a visit quantity, each day's visit page number, we can from each day each page's visit quantity, We can also see from the report that our visitors from that province, and the provinces and cities visit more than this can be seen. can also be a few minutes a day to analyze the number of visits, and even can be analyzed out of our site by Baidu search engines such as how many times.

The fourth plan puts forward the guardianship service, to do some related protection to your website, mainly to the system flaw scan, to the Trojan scan, also has your disk space, finally we also have the report, tells you the efficiency and the risk appraisal.

Through the overall solution we can prevent your site from being attacked, but also prevent the site from being tampered with, we can also make an analysis of your website visit, finally we can also carry on the system comprehensive security Monitoring service to your website.

Finally, I am mentioning some network security recommendations, first of all, we still have to pay attention to the safety of the site, one is the most important, the second to do a backup, the third update when the patch, the fourth we do some professional firewall, finally we also risk assessment. Finally, through today's speech, mainly talk about some web site things. Thank you!