Web server Security Configuration for Web site construction

Source: Internet
Author: User

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Today and you discuss the site construction and website after the release of the work, in this process, we must consider the security of a good site, many friends build stations feel that the site security is very troublesome, do not care too much to protect the site security, and now the site's security settings, if let others do, the price is not low, Then it is necessary for us to learn if the site is safe to build. In fact, people are often because of problems, just know the seriousness of the problem, once my site is also because of the reasons for neglect, and in addition to talking about the site in the forum to let others stare at the site, and the site of the injection of PHP Trojan, and lead to the content of the site into a lot of ads and malicious code, When the time also appeared inexplicable dynamic link and led to a large number of Baidu included. After I cleaned out these PHP trojan, Baidu again visit my website, cause did not find the corresponding link and 404 status code continued for nearly one months time, and then by Baidu down the right to deal with. From the above the lesson of the blood Let us know, at least to prepare to build stations or have been on the station webmaster a reminder, hurriedly check the site under the situation, there are problems to remedy and pay more than the cost of prevention to the serious. The following is mainly for the use of friends of the server, to explain a number of key protection measures, in a wide range to avoid hackers easily invade the site.

1, set up a good website security.

For webmasters using Windows systems, individuals recommend that the Web site directory not be placed in the root directory, and that the permissions that are assigned to the root directory affect the entire letter. The recommended setting is similar to the following format: D:/www/web then create a new account (master) under the Windows system, and then give the WWW permission Master Full Control, except for this account, leaving the system and administrator accounts, Other accounts are deleted. Then set the anonymous access account (master) and password on the Site Directory security. The rest for the different Web folders, set the background system, template files, upload folders, pictures folder and so do not allow the execution of scripts. For disk permission settings, we recommend that you only give cadministrator and system permissions, and then give the Windows directory Users default permissions.

2. Close unwanted ports

This part of the content of some server providers to do a good job of the hardware firewall filtering, only leave the remote Desktop, 80 ports and FTP use of the port, then we can scan through the site port, to see the site port open, for unnecessary port we recommend all to shut down, we can open the system from the firewall, Then check the exception, select Remote Desktop in the exception, add 80 ports, and open the FTP port as appropriate. On the other hand, we'd better change the port on the Remote Desktop, change the method I do not explain here, please go to the website to check the relevant information, by modifying the registry way to make changes.

3. Close unnecessary service

In fact, the WINDOWS2003 server default open service many do not need to use, on the one hand, unnecessary service opening will occupy a certain amount of resources, another aspect, unnecessary service will increase the probability of the site is invaded. Then we need to shut down unnecessary services. This includes the prohibition of remote access to the registry, LAN file sharing, prohibit Remote assistance, etc., we can in the service to view the relevant services have been opened, and then according to the name of Baidu Search Service Content description, decide whether to close, for less familiar with the service webmaster can be a first shutdown service, Close the next service after the last service shuts down without affecting the Web site or server.

4. Close the default shared null connection. This is a lot of webmasters know that we have to routinely close these default shared connections, it is not possible to default to open others come in.

5, for the execution of the program under Windows only Administrator permissions. The included execution procedures are: Network link view (Netstat.exe) command line tool (Cmd.exe) remote access (Telnet.exe) formatting tool (Format.exe) User rights settings (Cacls.exe) Registry Editor (Regedit.exe )

6. Procedural loopholes. In addition to setting Windows directory and Security policy, we also need to update Windows release patches, MySQL patches, IIS patches, patches, and ensure that the program is free of bugs.

When the above set up, already have a certain safety protection. More details of security, webmaster can go to the Web site search related security settings, in the Windows security policy will have many policies can be set, such as three times after a password error to lock and so on, to some extent, will increase the difficulty of hacking. In addition to the setting on the prevention, we must also take into account the site was attacked by the Trojan, the fastest speed to restore the site.

1, through the Trojan Detection tool scan to find the problem of Trojan horse program.

2, a lot of friends on the above method is very confusing, after all, not all webmaster to the Web site procedures are very understanding. Then I can teach you a skill, the website content suffix is. PHP (for example) to search, search conditions are modified to think that has been in the Trojan time period. In general, the program file does not often make changes, so in this way, we can find the hacker to modify the PHP file, and then the file to see the code to see which code is new to delete.

3. If a friend thinks that the code is completely ignorant, there is a more simple way is to replace the program folder, Templates folder. This is the most direct and quickest way.

4, if there is the use of generating static page function to optimize the site, please restart the site static page for the entire station generation can!

The above content has explained the website security setting and the website after the problem processing method. I hope that through my cover-day fiction network has been due to ignorance caused by the Trojan injected to me to bring a lot of harm, and to the Web site brings trouble. To warn you of the importance of prevention. Do not because of trouble, for the future of the site problems bring trouble, outweigh the gains!

This article is the first webmaster net, "Cover Day" http://www.zhetian8.com Original, reproduced please reserve, thank you for your cooperation.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.