How to quickly restore hacked sites

Source: Internet
Author: User

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

April 18, 2009 I, A5 of the safety group, received a call in the morning. A user said the site's web site is not normal access. Is it black? There are some problems with the website users. User profile is very anxious.

I opened the user's website. Found it was indeed inaccessible. The page is blank. Just show up. One line of English.  It was dark indeed. Find the problem and pass the simple test. The user's home page was determined to be injected with SQL. Therefore, the normal access is not possible.

So what is called SQL injection? In fact, it is a time to use some web programmers to write code. There is no judgment on the legality of the data entered by the user. In order to use the security risks of the application, submit a section of database query code. To obtain some publicly available data. be exploited by hackers. Attacked. also become SQL injection.

So I took out my professional tools. A risk assessment of the user's website is made. The result is not what I expected. The site has a SQL injection used by hackers. Altogether six sites were injected. Good dozens of cross station attack points. So the site has a great security risk. The code needs to be securely defended immediately. To ensure the safety of the site.

Problem solving:

Through the analysis of the database. It was found that the data had been injected, first after the corrupted data had been recovered. And the site did a safe reinforcement. Make the site normal access. The entire operation took only one hours. Here to tell you that. Administrators learn to read IIS logs. Firewalls on the market do not alert SQL injection. Be sure to test the site application in many ways to find the injection point. and reinforce the site.

Here are a few ways to tell you

1. It is recommended that you close or delete unnecessary interactive submission Form pages, as they are the means by which hackers inject SQL, and closing these interactive pages effectively blocks the attack and injection of some XSS cross-site scripts. The most effective way to prevent injection and cross-site scripting attacks is to screen out dangerous characters such as unsafe scripts in the code layer.

2. Code and SQL injection keyword filtering for the code of vulnerability injection point to standardize code security.

3. Do not put backup files on the server to avoid infection, or backup files contain vulnerabilities, resulting in entry points, such as index1.asp index2.asp products1.asp.

All right, so much for today. I hope everyone's sense of safety is getting higher. Can add me: QQ70065671 Webmaster Network recommended Professional Server Devis: http://safe.admin5.com

Server and Web site Security Technology seminar Official group number: ①27805343②84814264③75927060④84815626⑤84815663⑥40702240

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.