How to prevent hackers from the summary of several tips

Source: Internet
Author: User

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

Write in front of the words: "People do not put the black page hanging horse" hacker "think too much, the bad is disdain these. This sentence is enough.

Now the hacker Web site is a dime, no matter where you want to learn, you can learn a recruit half style. Read someone else's signature: Aunt Wang is a hacker, baked sweet potatoes are also hackers, the owner of the opposite adult supplies shop, digging day, or hacker-_-~!... That's a lot of hackers!!! According to incomplete statistics, at least tens of thousands of websites are hacked every day. Once in a group chat, a high school students to find a meeting girl's information, intrusion local Civil Affairs Bureau intranet server to view information. NB. The process is estimated to be quite exciting. As long as there is a computer place, there will be rivers and lakes. There's always a reason to be black ... Welcome to the long black network to communicate.

How to prevent the Web site black?

Let's start with the station. First of all, it is important to select a server. Because even if your website program is safe and the server is compromised, your site becomes a plaything. Perhaps the idea in the eyes of friends is that a safe server will be more expensive. In fact, the investment can only say that the hardware and software to enhance the speed or load capacity to improve. But the security of the server can be artificially configured, as long as the network management settings appropriate, can make the server a lot of security. In previous practices, many government schools were found to be poorly set. It's as if it's on IIS, as long as you can browse the site. Before listening to a friend said the government school site, as long as a webshell, basically the server can be won. This sentence can explain a phenomenon, many school government webmaster obviously not pay attention to site security. Although your site is only posted news articles only, but was invaded by attackers, his goal is not necessarily a simple site, but a bridge to the intranet server. Let's talk about our personal website. Personal sites due to the financial considerations, are basically hosted on the virtual server more. Server security We can not do any personal webmaster work, so choose a good point, safe space is very necessary. The same is a virtual host, I have encountered a relatively safe. Eliminate some common because of directory permissions improperly configured to disclose information security risks. At least not by those who hang black pages of the "hacker" casually tinker. If you need help when choosing a server, please email me admin@zzfhw.com. I will be free to help the friendship, and provide reference advice. For security configuration on the server, we'll write a detailed article later.

Let's talk about the process of doing the website again. Before that, let's take a look at some of the common methods of attack.

1. Dangerous Upload Vulnerability

This is also divided into three categories:

One is the place to upload without any authentication, and can upload the Trojan horse directly.

A class is only registered an account can be uploaded, and then upload the place is not done to filter.

One kind is the admin backstage authentication uploads.

Of course some upload can upload the script directly, some after certain processing can upload script Trojan. No matter what, this is a lot of attackers are uploading access to the site.

2. Injection holes

The injection vulnerabilities of various scripts differ from the permissions. Dangerous can directly threaten server system permissions. Ordinary injection can burst the account information inside the database. To get the administrator's password or other available information. If the privilege high can be written directly to the Webshell, read the server's directory file, or directly add a management account, perform a replacement service, etc. attack.

3. Relay injection, also known as Cookie relay injection

This was supposed to be the upstairs category, but I got it out of my list. Some programs themselves or additional anti-injection programs simply filter the post or get for the parameters. The cookie is ignored. So the attacker could also reach the goal of injection just by relaying.

4. Database Write Trojan

That is, some programmers may have thought that the MDB database was easily downloaded and replaced with ASP or ASA. But did not expect such a change, brought greater security risks. Both of these formats can be downloaded to the local by Thunder. More frightening is that attackers can be some way to submit a word trojan, inserted into the database, and then connected with the tool to get permission.

5. Database backup

This is actually a lot of web site backstage a function, the intention is to let administrators back up the database. But attackers through this to upload their own back-door with the image of the Trojan horse format to the real Trojan. To get permission. Remember that there was a Web site system database backup of the page without management certification, the harm is even greater. Some Web site database backup, although there are restrictions, but still by some special circumstances break through. such as the format that an attacker can back up, asp,asa,cer,htr,cdx,php,jsp,aspx,ashx,

There are several iis6.0 environments available for ASMX. asp;x.jpg. asa;x.jpg php;x.jpg This kind of, many programmers write ASP program only filter parsing ASP format, ignoring PHP and other parsing. There is the backup directory folder named Zzfhw.asp Zzfhw.asa this parsing. If the above is not used, the attacker may also be the site Directory of conn.asp files back into Zzfhw.txt to view the database path, may be used to write the database Trojan means. Of course, the method of attack is not exhaustive. Only through the exchange of people, to learn more.

6. Management account Password Leakage

You might say that one of these attacks is done on the basis of a managed account. Here I will talk about some common management account password leaks.

First: Universal password ' or ' = ' or '. There are many more to be written. This principle can be searched on my website. is to put this in front of the administrator's account password can be directly into the background. There are still a lot of websites going in.

Second: weak password. For example, your password is admin/admin888/123456/5201314 and so on. It's easy to guess.

Third: default password. The default background password and default background database are divided here. If the attacker knew the source of your site is set up, will go to the next set of the same source code to see if the default database can be downloaded, the background password has not changed.

Four: Webmaster personal general password. A lot of people just use one password on the Internet. No matter which link your password is leaked, the attacker may use this password to test your website backstage, your mailbox, your QQ number, your FTP, your registered account in other places ... This problem is a bit serious, it involves social engineering this piece.

7. Editor

Two main editors ewebeditor and FCKeditor. Ewebeditor Low version is indeed a loophole, you can build code directly upload Trojan. But the high version is now on the market has not said that there are any loopholes. But the worst of it is when you use it. Forget the ewebeditor password and database path, causing the site to be invaded. FCKeditor some modified version of the Trojan can be directly uploaded. But since ";" After the leak, the intruder is more crazy, some version of a unsuccessful, and again to be successful. Many big websites are implicated.

8.ftp Weak password

As mentioned above, it is possible that you use a generic password. and the weak password. For example, your website is www.zzfhw.com. The attacker could then use ZZFHW as the username (which proved to be the case for many virtual hosts) and generate a series of weak passwords, such as zzfhw123/zzfhw123456/zzfhw888/zzfhw520/123456/888888/ Zzfhw.com/zzfhwftp and so on, because you can use the relevant tools to scan, all he can generate a lot of common people use the password to test your FTP password. Scientific research has proved that this method is more harmful.

9.0day

Now many people use some mainstream programs. For example, moving nets, Discuz forum, Phpwind, dynamic, New Yun and so on many of these user's source code, will occasionally give you "surprise", for this everyone please pay more attention to the webmaster anti-Black network of the latest bug article. Patch the program as soon as possible.

10. Side Station. is to take down other sites on the same server as you, and then get more information through some XX means. If the permission is big enough, throws a trojan to your directory directly, if the permission is general, throws the Trojan not to go in, reads your administrator password, or other sensitive information, further invades; If permissions are close, attackers will try sniffing.

11. There are also some that cannot be ignored. Bauku, column directories, arbitrary download vulnerabilities, include file vulnerabilities, IIS write vulnerabilities, Cookie spoofing, Cross-site XSS, and much more. You are interested in my website search to understand these nouns and methods.

Well, these basic methods are finished, if met the master feel that has not finished, welcome to send my mailbox. We understand the means of these attacks. Then you can target each and all. Make sure your site is secure. For example, the commonly used backstage is admin.manage.system we can change to uncommon will not be guessed, and do not write what the program on the background landing links. Select the program, through Baidu Google to see if there are loopholes, whether the latest version. If you care about your website, you can test your website according to some of the methods listed above. Don't wait for the black page to armchair.

Written in the back of words: personal feeling, the current Web site security is generally poor, mainly people are not conscious enough. I am just a small webmaster, not with a large company security experts than, although I can not give you how much skills, but as long as you can reduce the opportunity to be invaded, it will be OK. Security is a process, not a result. Was invaded, and we had to find out why. I hope everyone's website is better. If the article above is wrong, please reply.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.