Reason analysis and countermeasure of common consuming resources, large flow rate and horse in enterprise website

Source: Internet
Author: User
Keywords flow cause analysis countermeasures

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

If you are in charge of the company's website, the site rented the virtual host, it is best to look down.

Have you received such emails such as "large flow customer Notification", "resource-consuming customer notification", or the site is closed by the access provider, the site can not login to upload, etc. Today deliberately sorted out an article on "corporate Web site consumption resources, large flow of radical method"

Want to thoroughly solve, need to know the reason, to understand the reason, first of all, the site to analyze the problem, as follows:

1. The website is uploaded suspicious file.

2. The database has been injected, and information and product systems have seen a lot of spam.

3. Message board was poured, a large number of spam messages.

4. Member system is flooded, there are a large number of garbage members.

5. Comment system intrusion, there is a lot of spam comments.

6. The website homepage, the inside page, even manages the backstage to be hanged many rubbish text link or the garbled character.

7. Background can not log in or can not publish information.

Part I: The source of the cost

The reasons for and general handling of suspicious files being uploaded:

Access providers (such as million network) will give the files which resources, show evidence (email notification, or directly to the million network to ask), with FTP directly delete those cost source files. Also, the evidence will not give all the resources of the resource files, and some files need to find the administrator, some of the web site files are necessary documents, some suspicious files, this needs to be checked. If the cleanup is not clean, it is difficult to say when the remaining suspicious files will also consume resources.

How did the suspicious file get sent up?

Channel One: Small (Enterprise) Web site backstage, many of the use of the online spread of open source CMS (Content management system), such as the dream of dedecms, there are many small CMS, countless, a number of construction stations claiming that their development of the CMS is actually a lot is based on a CMS improved. These CMS because of open source and public, its loophole is also public, the hacker is uses these vulnerabilities to the website host to upload these can file.

Channel Two: Web site ftp password leaks, such as the company to replace the site responsible, the company replacement technology, passwords too simple to be cracked, and so on, with a password, hackers can be free to operate the site.

Channel Three: Each website management backstage has a Super Administrator (Admin), has the highest authority to manage the website, if this password is leaked or cracked, the hacker can also operate the website freely.

Channel Four: A server carrying hundreds of Web sites, if a site is invaded or attacked, upload a virus or Trojan horse to the server, will spread to other sites on this server.

The above approach is a stopgap measure, how to cure the root causes?

If the suspect file is not cleaned up thoroughly, or if the whole cause is not found, in a short time will also receive "resource consumption", "big flow" notice, because your site has been included in the hacker's "chicken" list, they will Zooey Patronize and use your site, which is 1 months long, a brief 3 days or so. Million net each month altogether gives three times opens the opportunity. If a website is closed three times, it will only be opened next month.

The cause of the site's consumption of resources, large flow is complex, should look for the cause, one by one solution, can be cured.

Channel One solution: If the site uses open source CMS, not to consider the replacement of CMS in the near future, first upgrade the patch, to the site to upgrade to the current new CMS patch, and then regularly manually upgrade CMS patches, open source CMS will not regularly release patches, Automatic Updates or manual updates.

Channel two or three solution: once a month to replace the FTP password, Web site Super Administrator password to be regularly replaced, the best password in more than 8, at the same time to include uppercase, lowercase letters and numbers. Replace the password immediately after the site administrator replaces it.

Channel Four solution: this is more difficult to deal with, but we can do regularly back up the site, once the site has a large range of changes, you can use the date of the backup file to recover.

Part II: Large flow

First say what is traffic, the Web site used by the virtual host, in addition to the size of the Web page differences, there is a less often noticed parameters, that is, "traffic", such as the million-net M3 host, it has 1GB of web space, the monthly traffic limit of 30GB. Monthly flow exceeding this limit, the million net will send you notice. So how do we understand this flow?

For example, your site has a video, the video size is 30MB, then by a netizen to see, the flow will consume 30MB, if 1 weeks by 1000 people to watch, that consumption of traffic is 30G. Usually a website contains HTML, pictures, Css,js and other documents, all add together estimated 2-5MB, netizens open a website home page, browser will download from your Web site to download so many files, to see the normal home page. In addition to visiting the home page, he will also visit the pages, product pictures, videos and other information, all add together, a Netizen visit your site will consume 10-20mb about the flow. 30GB of traffic, an estimated one months for 1000-3000 visitors, an average of 100 people a day to visit. For the general not to do promotion or promotion of small business sites, 30GB traffic is sufficient. Then why the flow? For the following reasons:

1. The website has MP3 or the video file, these files are crawled by some search engines, when playing music in others ' website, also will consume your host's traffic, because these files are stored on your virtual host.

2. The site was flooded with a lot of garbage information, but also caused the database capacity exceeded the limit, so that Web site access slowed down, traffic is too large.

The first solution to the situation is, directly delete those included files, obviously this is not the root of the solution, the thorough approach is to first change the audio file name, and then add a sentence in the robots.txt, do not let the search engine included this link. So there is no worries.

For the second phenomenon, there are many reasons, such as the use of Dream Dedecms website, membership system, comment system, message system if there is no preventive measures, it is easy to be poured. The method is as follows:

1. Prohibit registration of members, in the "Basic system parameters, membership settings" to turn off member registration.

2. Prohibit comments, in the "Basic system parameters, interactive settings" to turn off the comments.

3. Add the verification code to the message board.

4. Bulk Delete spam member information (SQL statement).

5. Bulk Delete Comment information (SQL statement).

6. Bulk Delete message content (SQL statement).

7. Clean up FTP cache Member Directory garbage.

8. Back up the clean site after cleaning for later use.

The third part: the website hangs the horse

The site was Hung horse, is a solution to the problem of a headache. The General Enterprise website is hanged the horse, the phenomenon is as follows:

Home is hung horse, such as the bottom, the top of a line of links, more than the contents of guns and ammunition, yellow gambling drugs, etc.

The whole station is hung horse, each page the same part or different parts are hung horse

In addition to the website front desk, even the website backstage also was hanged the horse, the website administrator landed the website, discovered the landing interface garbled, the management interface was made unrecognizable

The reason why the Enterprise website was hanged:

To solve the problem of hanging horses, we first look at how the horse is going. The so-called hanging horse, that is, hackers through a variety of means to obtain webmaster account, and then log into the site backstage, to the page to add malicious steering code. can also directly through the weak password to get the server or Web site FTP, and then directly to the site page changes directly. When a user accesses a page that is added to a malicious code, it automatically accesses the address being turned on or downloads a trojan virus.

Corporate web site is hanging Horse handling measures:

found that the site was suspended after the horse, is generally two solutions: the first is to find the root cause, blocking the root cause, because this is difficult to do, can not quickly locate the pathogen. In most cases, start with the second measure, such as deleting the malicious code from the page being hanged, and starting from the homepage. A home page is easier to handle, it is difficult to deal with the entire site before and after the station are hung, more difficult to deal with, malicious code to destroy the original program, resulting in irreversible changes. When you meet this profile, you need to restore your backup. If the database is also heavily hung, the database is restored to its original state.

Radical method to start from the loopholes, refer to the first part of the "resource-consuming" approach.

The prevention of the Enterprise website is hung horse:

1. Back up the site regularly.

2. Observe site anomalies regularly.

3. Regularly modify the password (FTP password, webmaster password, server remote login password).

4. Regularly install patches to Windows servers.

5. Third-party tools unreliable: 360 detection and small parasol monitoring, after personal trial, are not particularly reliable.

To sum up, the website is an enterprise's façade, even if he only shows the role. A lot of small and medium enterprises website is maintained by everyone, the website can not open no one tube, this is a very sad thing ah. Do not make good use of, good management of the site, the original why pay to do the site.

Thanks to achair-Li's contribution to share


Source: Lou Blog

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.