Novice how to prevent web site from being hacked

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

In China, hundreds of stations are hacked every day, network security can be imagined, including large and medium-sized enterprises, but also hateful to be attacked by the attackers took Webshaell after the homepage to be changed, of course, as I understand, beginners hackers to show off their own people get the site, So change the homepage as if you need to show off space.

Hackers have the spirit of hackers, in the discovery of the vulnerability will actively contact the site webmaster, tell the location of the loophole, to avoid being some no conscience of the hacker invasion of the horse, damaged the corporate image does not say, but also to browse the Web site to become a chicken. My friend found Phoenix IIS6. 0 parsing vulnerabilities, and the administrator contacted more than 10 phone calls before the bug was repaired. This loophole can get Webshell, if be the hacker hangs a horse, the consequence is disastrous.

Not much nonsense, simply introduce how to prevent the invasion of small and medium hackers, to avoid corporate image damage. The following based on my personal experience

One: Database address, admin address, most sites are downloaded from the Internet source, so you have to give these two default address to change, otherwise you know I know, from what security?

Second: password security, background password as much as possible to use the number of lowercase letters, do not use weak password and URL name, weak password such as admin,admin888,123456. Your website URL if it is sesail. COM, password must not use with sesail password, security precautions This is to be noted. Always change your password irregularly.

Three: Inject the vulnerability, the vulnerability has been around for several years, cookie injection. Database injection and so on, but many sites still exist this problem, in the Internet to find a set of anti-injection system is not difficult?

Four: File upload restrictions, many sites provide file picture upload, but file upload to do a good job of data packet restrictions, restrictions can only upload jpg gif doc. Perhaps you will ask, directly limit the ASP file on the line, in fact, if the attacker grabbed the bag, change the package. Counterfeit packs, as well as breaking limits.

Five: Social work, the attackers may be a lot of means, but personal attention to enhance security awareness is very important, as a webmaster responsibility is to ensure the safety of the site, so the attacker may be disguised as a customer or partner, through QQ. e-mail to you to send a cooperation document, should be cautious to open, because it may be sent over the document, may be a document mixed with a Trojan horse. If you open, then your QQ password has fallen. Perhaps your QQ password is the website background login password, or perhaps your QQ space exposes your friend, through the above steps, deceives your friend in the Trojan, gets the QQ password, disguises your friend to send you to take the Trojan picture.

Attack means everywhere, but we have to do the basic protection, on the basis of the premise to continue to extend, only their own strong, to avoid foreign enemies

Original Author: Nanjing Safety set sail Network Technology http://www.sesail.com Welcome reprint