Web site security: Poisoned by deep burial did you find it?

Source: Internet
Author: User
Keywords Safety found that a

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

As a security webmaster, in the site was black n times, found that the hacker each attack form is different, but summed up on a few: upload Trojan, modify the file. Just hide more and more deep, but it doesn't matter, we small stationmaster diligent check can find out. The following inventory I recently encountered several typical attacks, for the enterprise station managers, especially the old enterprise station not to check, please compare my in-depth examination of your site.

Bad URL added in the title description, modify config or conn such files

Hidden index: ☆ Easy to find

Add a backdoor file, the file level is very deep, the name and your site existing file name is very similar to the genuine, such as you have a file name class.asp, his virus file called lasss.asp. They may not pass the back door immediately black you, when you feel that nothing happened to start to move.

Hazards: Various modifications

Hidden index: ☆ Carefully will find the file.

3, add a file directly, or delete a file

Harm: Backstage cannot use, the front desk cannot open, each kind of is tampered with

Hidden index: ☆☆ as long as you have a backup is a good solution

4. Picture back door. For example, there is a picture: 20133616410311.jpg I very doubt, directly modify the suffix for ASP, look at the following results:

  

Hazard: Upload Trojan file, then no ...

Hidden index: ☆☆☆ generally see pictures upload time can find, sometimes upload time is also very confused, how to find out in so many pictures, need patience

Judge the agent header, you see a normal page, the spider sees another page or a modified homepage

Hidden index: ☆☆☆☆

This judge proxy head of the code may be directly on the home page, may also be placed in the first page of a file inside, such as the following figure is the home page call file function.asp was modified, if it is a search engine, return a full black chain of the page

  

The following code is to determine whether the search engine, is the search engine was jump.

<%

Function Is_bot ()

Dim User_agent,re

User_agent = LCase (Request.ServerVariables ("Http_user_agent"))

Set Re = New Regexp

Re.ignorecase = True

Re.global = True

Re.pattern = "(Baiduspider|googlebot|youdao|sogou|iaskspider|3721|yahoo|sogou|msnbot|soso|ciba|scooter|ia_ Archiver|webcrawler|slurp|spider|robots) "

Is_bot = Re.test (user_agent)

Set Re = Nothing

End Function

If Is_bot = True Then

Response.status= "Moved Permanently"

Response.AddHeader "Location", "/fosdot.asp"

Response.End ()

End If

%>

Recommend a detection method, Chinaz website is hacked detection tool: http://tool.chinaz.com/Tools/webcheck.aspx

  

The above hint can not detect whether the black chain is hanging, is the need for your own naked eye detection two source code whether there are, now hackers are added in search engine simulation results show, will not let normal visitors see black chain. So this test will still help us find the black chain.

In fact, Chinaz view of the source code can also detect, but we are accustomed to their own view, as long as you select the simulation Baidu spider, and the above tools.

  

Here to remind you not to check the site regularly

Back up your site files and databases regularly, at least one of the original and most recent copies. Avoid problems that cannot be repaired

Make a record every time you change the site, remember the time that you modify the site, modify the file, modify the content. The website problem good judgment is oneself mistake to cause or be black.

Regularly check the Web site on the remote server files, appear unusually timely resolution, even if no signs of black

After poisoning every document points to, check in place, do not miss any one corner

Often simulate search engine crawling sites. Regularly modify the site a variety of passwords, set a variety of permissions, basic can block rookie

own detection of web site vulnerabilities, timely repair. In a word to say myself: too many loopholes deserve to be black!

Look forward to your supplementary

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.