To teach you how to deal with the attacks on websites

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

There is always a website to Eesafe for help: "The site was attacked", "home was tampered with", "website database access" ...

As a professional dedicated to the site to solve a variety of security-related issues of the team, we always tell the webmaster to solve the problem first, how the secondary how, until the end of the technology to solve the area. Sometimes webmaster do not understand, think why not immediately use technology to solve the problem, we also feel very helpless. Because most Web sites use technology directly to solve the problems they face can cause worse consequences. It takes a long time to explain the cause of the problem. But still want to explain the reason clearly, said that, if in this process can let more webmaster in the site security management has been a good promotion, this will be our greatest encouragement.

Received are sudden events:

"The site was attacked", "home was tampered with" These are site owners suddenly found that the site security incidents, may directly affect the site's access to the site itself to affect the normal use of its members, and even affect the site by the search engine, the weight of the site and so on. Then we must all want to solve the problem of the quickest, let the website return to normal. Simple to solve these problems is not difficult, the Web page was tampered with directly modified to the correct page can be resolved. The web site was attacked and prevented from accessing most of the IP parsing can be resolved as quickly as possible. But the key is to find the cause, to prevent being continued tampering, to continue to attack. So, looking for the reason is the key, but in our help website, be able to find the cause of the few, which is why we always tell the webmaster first, how, secondly, because to find, to solve the problem of the site security problems from the development stage of the site to the site of the operation of the stage by layer backtracking, This requires a process, a can find, solve the site security problems of the processing process, this process we have. Another is to provide a website, a site in various stages of the production of various documents. In the resolution of the site security problems, the two lack of one, will make the security problem can not be resolved in a timely manner, to the site caused greater losses.

Take an example of a web tampering.

The web site has been tampered with this security issue, in our contact with the most anxious to calculate the website of the government. But there are exceptions. After we received help:

First of all, someone in the team will be assigned to take over the task, and the person being assigned will ask the Help website for a general question?:

(1) The domain name of the website? (2) The server IP of the website? (3) What is the current location of the Web server? (4) tampered page URL? (5) The possible start time of the tampering (6) The time elapsed after the restoration has been tampered with (7) The work done after the first tampering with the website (8) The first time site operations performed prior to tampering (9) The approximate structure of the website (10) The access log of the Web site and the log log of the Web server 10 days before the problem ( 11 the site's corresponding security precautions ...

The accuracy of these questions directly determines the speed and quality with which people who accept your problem handle the problem. In contact with the site, can be in the problem is to answer the high quality of the site accounted for only 20%, then the answer to these questions from where we mentioned in the site in the management of the various documents produced. Give you a list:

1, the website domain name (possibly many documents have this content, does not say)

2, Web server IP (do not say all know, most of the use of virtual host and shared IP webmaster are not clear).

3, the site server's current specific location

4, tampered with the Web page URL (not what column of what the module has been tampered with, but to specific URLs, such as http://www.eesafe.com/bbs/thread-342-1-1.html address, should be from your website maintenance document Records)

5. Possible start time of tampering (the first time you discover or be discovered, should come from your website problem sheet)

6, after the resumption of the time to be tampered with (that is, tampering with the page back to be tampered with the interval between the time, should come from your Web site problem sheet)

7, the first time after tampering with the site to do the work (that is, after the problem you have done, from the website maintenance record documents)

8, the site before the first tampering with the site operation (from the website maintenance record documents)

9, the approximate structure of the site description (not the need for Web site development instructions, but the latest accessibility features address entry instructions, should come from the site's construction instructions configuration map)

For example: Web Site Login: function description, provided to the webmaster, for basic site maintenance work.

Url:http://www.eesfe.com/db.html

10, the issue of the first 10 days of the site access log and Web server log log (from the Log retention system)

11, the site's corresponding security precautions (hardware topology map and development of the use of manuals)

...................

Where these documents come from, they are not categorized from what you have recorded, but rather the various intermediate documents that you are producing in managing your site. So, if you lack these documents, and you want the fastest time to solve the security problems encountered, two ways: first, by luck, intuitive judgment directly find points for remediation. Second, the study, the implementation of the system Web site management process, adhere to the problem set to deal with the process of accurate positioning remediation. Speed is the same, but the effect and quality is not a level.

Original article, Pure hand Dozen, reprint please specify the Source: Eesafe website Security Alliance-network security Exchange area

Original address: http://www.eesafe.com/bbs/thread-342-1-1.html