Web site security and Defense: a brief discussion on some methods of Web site security

Source: Internet
Author: User

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Site security and defense is a permanent topic, especially for many e-commerce types of Web sites, security is very important, once the database is stolen or changed may let you suffer huge losses, such as some hackers hacked into E-commerce type of Web site, and then the price of related products to change, is generally adjusted very low, So the more you sell, the more you lose, the importance of the site security is visible!

Some websites are attacked by hackers and cannot be judged immediately. And some hackers in order to show off the site after the results of their own, the site's home page and related logo have been changed, which may make their own corporate image suffered losses, and even to browse the website of the Internet users become chickens, I have found that my friend's website has IIS6.0 parsing loopholes, and later spent a lot of time to solve, or to fix this loophole may be malicious hackers hanging horse, the consequences of natural unimaginable! Below we will talk about how to do a good job of Web site security methods and techniques!

One: Modify the default database address and admin address, because now a lot of Web sites are downloaded from the source code, and these sources are public, have the default address, if not to modify, then your site on the portal open, what others want to do, so the first step is to modify the default some of the address!

Two: Password set to have the mind, backstage password must use the number to increase lowercase letter method, many people are afraid of such a password is not easy to remember, so that need to have a certain mind to be able to set their own easy to remember, and others have the password can not be cracked, Because when the use of letters plus numbers and combination of uppercase and lowercase password can effectively prevent the program to crack, some people are afraid of trouble on the use of their own URL to do the password, which is very unsafe, for the vast number of webmaster must be a warning!

Third: The injection of vulnerability prevention, this loophole has existed for many years, and injected a variety of ways, such as cookie injection, database injection and so on, and now many sites still exist such problems, so the Internet to find a set of anti-injection system is very necessary!

Four: To develop the principle of file upload restrictions, many sites have provided file picture upload Services, if not limited, many people will use this space to upload some Trojan files, so need to do some restrictions, generally can only upload jpg,gif and doc these files, Some people may think that as long as the limit of ASP file on the line, in fact, this is the wrong idea, if the attacker to change the package, counterfeit packets, as can break the limit!

Five: Continue to learn some new security methods, now there are a lot of attackers, so we have to constantly learn about prevention methods, such as customers may be disguised as your customers or partners, through some chat software to get your password, or send some files to you click, Once you click on their traps, now some Trojans can be embedded in the picture, file inside, there are some Web sites, once you open on the computer without the relevant precautions, will be in the Trojan! So your site becomes a chicken! This requires us to continue to learn, to create a safe website!

The final summary: the site attacks everywhere, and some hackers are in the interests of the drive to constantly violate other people's computer, and then the magic of a foot road, as long as we keep on the prevention will certainly be able to prevent it! Source: http://job.chuzhoucheng.com/Chuzhou Talent Network Original start, reprint please keep. Prohibit k666 reprint

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.