Talking about the solution of the website server under attack

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Preface: Often walk along the river, where have not wet shoes? operating E-commerce site friends, I would like to hackers will not be familiar with, whether small hackers, or large hackers, is rookie or veteran, they always bring a variety of large and small threats, sometimes because of personal negligence or 0day vulnerabilities, resulting in the Web server was invaded , all the sites on the server have been tampered with by hackers, how should we deal with it? Read the article on the previous period: "Electrical Safety: Talk about E-commerce Web site and server intrusion security settings," Today, the electric business district again to the electric merchants webmaster Friends talk about the server was invaded after the treatment method.

1, the discovery server is invaded, should immediately close all website service, suspends at least 3 hours.

Many webmaster friends may think, no Ah, the site closed for a few hours, that the loss of how much ah, but you think, a hacker may be modified by the phishing site on the loss of customers, or a closed site it? You can temporarily jump to a single page of the site, above write a sentence: website maintenance, Expected to open 3 hours later, please visit later, contact: XXX, you can solve this problem.

2, download the server log (if not deleted), and the server for the overall antivirus scan.

It will take you nearly 1-2 hours to but this is what must be done, you have to make sure that the hacker did not install backdoor Trojan horse on the server, while analyzing the system log, see the hacker is through which Web site (generally be hanged horse of that site may have a loophole), which vulnerability intrusion to the server. Locate and confirm the source of the attack, and save the hacker's website and the hacked Black page screenshot, as well as the personal IP or proxy IP address that the hacker may leave behind.

3, install the latest patches for the system, of course, all the running server software.

Window System on the latest patches, and then the MySQL or SQL database patches, as well as PHP and Iis,serv-u not to mention, often out of the loophole, there are some IDC use of the virtual host management software, such as N-point virtual host management software, easy-side management software, Hua Zhong management software and so on.

4, for the Site Directory reconfiguration permissions, close the deletion of suspicious system accounts.

Turn off all suspicious system accounts, especially those with high privileges! Re-configure permissions for all site directories, turn off executable directory permissions, and do not have permissions on pictures and non script directories.

Figure:

5, reset a variety of management passwords, open the firewall port filtering.

After completing the above steps, you need to put the Administrator account password, as well as the database management password, especially the SQL sa password, as well as the MySQL root password, you know, these accounts have special permissions, hackers can get system permissions through them!

6, Next, you need to deal with the site.

Web servers, usually through the site vulnerabilities intrusion, you need to check the Web site procedures (with the above log analysis), all sites can be uploaded, written to the shell where the strict inspection and processing.

Complete clean-up work: Install a sniffer and Honeypot tool for the server, remote backup service to the server log, and backup operation on all the data and program of the website, prevent the hacker from maliciously deleting the website data to cause the economic loss. Keep a close eye on the server and Web site for the next few days to see if there will be a hacker attack, and then discover and fix the unknown vulnerabilities based on the logs.

PostScript: As a result of the continuous renovation of hacker attacks, the emergence of new vulnerabilities, we can not do to prevent all hacker attacks, and then a good server can not say foolproof, we can only "prevention, prevention and treatment combined with" attitude to treat each hacker attack, while doing a good job of data backup, Reduce the loss of hacker attacks to the lowest value, at the same time for each intrusion behavior of careful analysis and evaluation, the vulnerability of the server to carefully check and improve, only in this way, to better prevent hackers to the Web server attacks.

Electricity 2012 Original: HTTP://WWW.IBXBOY.COM/POST/98 Article address reproduced please keep!