How to do a good job of website safety

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

How to do a good job of website security This article should have been csdn, Renren, Tianya and other well-known website users should be written when the data is leaked, but at that time did not write the power of the Web site security articles, many bloggers are discussing the network security aspects of things, many articles even have the same part, Until last week several of my websites were hacked, the site security work really aroused my attention. 2 of them with Dedecms site, the bottom of the site was hung a large number of hidden links, I still check the links when found a large number of export links, by looking at the source code to find that the site was invaded.

Another hack technology is a lot smarter, from the surface of the site and even source code you can see that there are any signs of horse, until one day I look at this site's traffic data, found that there is a part of the traffic from XXX keyword, I am very confused, I have never done this keyword how can there be traffic? When I use Google Webmaster tools inside the ' like Google Crawl ' view, found the problem, the original search engine crawl and users see the content is not the same. And then another site encountered another problem, when the user from the station or other non-search engine site to access completely normal, but all Baidu, Google, Soso, Sogou and other search engine traffic sources will jump to a Taobao customer promotion page.

The following is a malicious code that is linked to one of the Web sites:

This should be the latest type of Web site intrusion, we have time to check whether their site was hung like malicious code, encountered a keyword ranking by the front, Baidu Index is also very high and the flow is very small also need to be paid attention to. The above is a brief introduction of my site was invaded, the following will be introduced to you how to prevent the site is invaded is how to do a good job of the site security.

I. Regularly check website data

Most of the sites that are hung by horses are long term unattended maintenance sites, in particular, some of the corporate web site, including the previous mention of my 2 is Hung horse's website is due to a number of reasons for long-term lack of management maintenance, and then the domain name to expire after a renewal of the site was found to be hung black chain. At present the black chain market is still very hot, so try to take time regularly to check your infrequently updated website.

Two. DEDECMS System vulnerability

As a result of the popularity of Dedecms, using Dedecms imitation station became one of the targets of hacker attacks, from dedecms5.1 to the present 5.7, there are still some loopholes, with Dedecms do the site to pay attention to the following points,

1. Modify default background (Dede) path

2. Delete Install installation directory

3. If you do not need to use members can directly delete the Member Directory

Most hackers invade Dedecms website is to use the member to submit the function, upload Trojan file.

Three. Prohibit important files and directories from being executed, written

The DEDECMS system website can be set as follows

1. The following directory: Data, templets, uploads, a set to read and write can not execute permissions.

2. The following directories: Include, member, plus, Dede are set to read executable writable.

Many web sites that use Discuz and phpwind have been hacked because of the fact that important directories and file permissions are not set.

Four. How to deal with the website after being invaded

1. Overwrite with backup file

2. No backup, find the most recently modified files to see if these files contain malicious code.

3. Find out the files of the Web site program, and focus on whether there are unknown files in the root directory.

Five. FTP and server security settings

It is recommended to use Linux server, FTP and server username and password to set a complex point, as far as possible with the letter + Digital + special symbols, the use of stand-alone servers or VPS to learn more about server Security configuration of the tutorial to ensure server security.

Above is Vuronge summary of how to do a good job of web site security, the actual situation may be based on the use of each site is different and more complex, but do the above work, the site is basically not easy to invade, even if the invasion did not worry too much, as long as the serious investigation or can find a maliciously modified files. Finally remind everyone must pay attention to the site security work, once the site is invaded and has not been found for a long time will bring you a lot of trouble, especially the impact of SEO. This article by Vuronge creation, the original address: http://www.wulongjie.com/jzjy/125.html, reprint needs to retain.