How to deal with a Web site being put on the horse

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Unfortunately, a few days ago the author of a website was hanging motor for a long day, of course, this also blame the author's rough branch of the careless, to the site security issues have not too much concern, so that those despicable people can take advantage of. However, crisis crisis, some people often see from the crisis, and some people are more willing to see the opportunity from the crisis, all depending on how you look, fortunately the author is a willing to learn, so spent a period of time, preliminary understanding of what is hanging horse.

All along, have heard of a website was hanging horse and then Baidu K off things, however, I do not expect the author's own website has the opportunity to try to be hanged horse, because for a long time, I think that hanging horse such things and they should be insulated, after all, the site is purely to provide learning information, and other people do not have any competition to speak, But afterwards I just wake up, in fact, not because whether or not the other competitors, the other side to black off your site, but after the horse can make money, so there are some hackers at all costs to invade others website and Hang horse.

First, the aftermath of browsing the website of the Hung horse

I am here to briefly introduce, I believe that friends who like to surf the internet should try to enter a strange web site, suddenly the end of a large number of software and automatic installation of the situation, this time perhaps anti-virus software will be reminded, but often antivirus software is quietly let those software installation completed. Then when you browse other sites, either often pop up some of the pages do not know where to come, or when you open the browser automatically jump to a website ... This is the Web site to browse the sequelae of the horse.

Ii. the consequences of a Web site being hung by horses

If a site is Hung horse, and the site webmaster did not find in time, the site was indexed by search engines, then search engine through a variety of Web page technology analysis found that your site exists Trojan, it is sad. Because then the search engine will think you this site is a "black" site, so it will remind visitors, do not enter this site, because this site has Trojans, often we can see as "Security Alliance reminds you: the page may have been illegally tampered with!" Such a hint, is because the website is hanged the horse to distort the page to appear the consequence, therefore this is needs to prevent.

After all, after the site was hanging horse, very vulnerable to the search engine down the right, not only the rankings fall, more importantly, your site data may also be hackers to steal!

Third, how to find their site was Hung horse?

The author login to that site, the antivirus software to remind, so open the first file to check the source code after the horse was found hanging. The author of this Trojan is more troublesome, not only in the HTML file is hanging, and even PHP and txt are hanging horse, and the entire site thousands of of pages have been hanging horse situation occurred.

(Figure 1)

As shown in Figure 1 through the HTML source code analysis, found that the horse is located in the IFRAME code, although just a simple code, but because it involves thousands of pages, a time to deal with is quite troublesome.

If you can read HTML text language, then to find that these are hung horse place is quite convenient, if you do not understand, then according to the online data, the use of Sina's security website was hanged horse detection tools to check, but also can quickly find the site of the horse code.

How to delete the Web page code of the hanged horse?

We can use antivirus software to remove the core of the Trojan, but left behind in HTML, PHP files that the IFRAME code is not to be deleted by antivirus software, which requires us to delete manually, if it is 10 fishes Web page, so there is not much work, However, due to the current CMS Web site procedures often hundreds of thousands of HTML and PHP files, then the manual removal is undoubtedly the workload is extremely cumbersome things, this time how should we solve the problem?

(Figure 2)

I recommend using a software called "Batch modification tool", the biggest benefit of this software is that you can find a piece of code, and then replace any you want to replace the things, then you can freely choose "File type" and "directory." As shown in Figure 2, the author because of the site of the PHP file was hanging horse, so use this software, and then "file type" select "*.php", directory selection is the site directory, when everything is ready, press the "Full change" button, quickly the Web page on the return of the original clean page.

Finally, although the page has been cleaned up, but there will still be a slip through the other places-database, so we have to clean the Trojan horse in the database. Because now the database used by the site is basically SQL database, so we can use the SQL language to solve the problem of Trojans, only need to use the following code: "Update table name set field name =replace (field name, ' xxx ')", which is the key point is to put xxx ( The contents of the horse-hanging code are replaced with null. Through the SQL language, we will be able to completely delete all the horse code, of course, before deleting the database data must be prior to the database backup, after all, the deletion of the code may also damage the database.

V. How to prevent the website from being hung again?

Believe that there is a Web site was hanging Horse's experience, we are unwilling to continue to be entangled by such risks, so we have to learn to prevent, so that their website can be away from these horse code intrusion.

1, because there are many types of horse code, there are picture code, frame code, JS code and the IFRAME hanging horse, etc., so we must be in their own Web server anti-virus software, Trojan Horse software installation, and regularly updated;

2, we also need to periodically replace the remote login password, FTP upload password and so on, after all, sometimes just because our password is too simple, and the hacker enumerated success, so no matter at any time, webmaster password must be complex enough, and also a regular replacement;

3, for Web pages and databases and other information, we must be accustomed to regular backup, to develop good habits, the best time to pack the site every day for the RAR file, and then every few days from the site downloaded to their hard disk, or even burned into a CD-ROM, through such a backup means, we can avoid losing too much data;

4, if we are using IIS, please prohibit writing and directory prohibit execution, such a combination of functions can effectively prevent ASP Trojan Horse;

5, sometimes some hackers use the search engine to steal information, so for sensitive directories or files, we should try to exclude search engine crawl, This time we need to create a robots.txt file to the root directory of the site, the advantage of this file is to tell the search engine which pages can be crawled, which pages can not be crawled.

6, the use of Windows Update the server back door as far as possible closed. It is believed that for many stationmaster, because the fund and the convenience and so on question, mostly is uses 32 bit Winows 2003 Sever, however this system already existed for 11 years, so was the hacker research very thorough, therefore has the massive back door, So we need to make use of the patch provided by the update platform so that the server can close the back door as much as possible.

I believe that after the setting, the probability of the site being hanged will be greatly reduced, although we have no way to 100% to ensure that the site is not being invaded by the horse, hanging black chain, but as long as we are willing to spend more time to prevent, will risk to a minimum, after all as a webmaster, we will have the opportunity to face a lot of unexpected situations, So what we can do is try to do all kinds of preparation to face the sudden appearance of these situations!

The author of this article Ilovegoktv, reproduced please indicate the source, thank you for your support!