How to remedy hacked websites

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Invade your website there are 2 kinds of people: master, Rookie! So the methods they use are not the same! You can get it through the Web log. Do not believe you look, rookie of the log records are all using tools to scan, do not sweep out to give up. Master is not the same, they will construct a variety of statements to attack!

First, prevention:

The way to counter rookie: Change your 404,400,500 error page, change the background management path, check whether the MD5 of your password is included in the website that cracked the password; make all known patches complete; change the default database path and filename; Counterattack Master method: Every day must go to the official to see if there is no latest patch, master generally only play 0day.

You must do: Install the software, do not choose the default path. such as c:\programfiles\serv-u, such as d:\programefile/serv-u; change your default password, Serv-u,mssql, and so on; set the hacker's Common directory permissions (I will list a small number of directories after the article); Erase all the useless software. , very dangerous; Change your site default prompt statement, poweredbydiscuz such, although have the copyright question! But you can show it in other ways.

What are the hackers doing after the invasion?

1, many virtual hosts are almost very safe, of course, this is not absolute. The rookie may be hanging a horse.

2, let your server become chicken! Now the most popular is still serv right, although we all know, but I still want to tell you, like personal server, 70% can elevate the permissions!

3, do not provoke any hackers, or you will be miserable. (It seems a bit exaggerated)

How to find Webshell

Many hackers have left a backdoor, whether you are a stand-alone host or a server! There are probably 2 ways to find Webshell:

1, the use of tools to find, to the lake2 of the script Trojan find tools is very good.

2, look at the time, see the hacker to change your home page time, and then based on this time to find some of the same day some of the same time documents. Of course, there are a lot of gadgets to change time now.

3, see unfamiliar documents. wap.asp css.aspadmin_editor.asp.200702002.jpg.php Wait for you to think they're normal? Don't trust your eyes, open it.

4. Database insert type. My practice is generally not to change the database to ASP and other classes of documents.

5, waiting for you to add.

6, teach you a step counterattack practice, don't move his back door page address, change the content to your Trojan address or an IE dead loop statement. Hey, this is called Black eating black, "the body of the same."

Original address: http://www.top3600.cn/gonggao.asp?id=176