Webmaster found that the site is black after how to properly handle

If the site has been found to have unusual conditions, such as the page was modified, the site was added to malicious code or virus files, Admin account can not log in always remind Http://www.aliyun.com/zixun/aggregation/17936.html "> password error , it is likely that the site has been invaded. At this point, it is necessary to deal with the relevant process as soon as possible to prevent hackers to grow the Web page virus spread, affect the browser's computer security.

(1) Temporarily close the website

The site was hacked, the most common situation is to be implanted Trojan program, in order to ensure the safety of visitors, must first shut down the site, pending processing and then open. When you turn off, you can temporarily turn the domain name to another address, such as setting up a website post, or placing a notification page.

(2) Using Backup recovery

If a Web site file is corrupted or deleted by hackers, if the site data backup, you can directly restore the use of backup files, in case the backup is not backed up and the data is very important, we recommend that no action, immediately please the company dedicated to data recovery attempt to recover data on the server hard disk.

Because some virtual host service providers regularly back up the data in the server, if you are using a virtual host space, you can also contact a space provider to obtain a data backup.

(3) Patch Check Holes

When the bug is released, the program will release the program's patch file, just to the official website of the program to download the corresponding file, according to the instructions uploaded to the site space coverage of the original file can be. If the relevant patches are not present at the moment, you can temporarily disable or remove some feature files.

Then we can look at the Web site's access log, to find access to the IP address records, according to the query to the IP address, again see the hacker also visited which pages, check these pages have other vulnerabilities.

(4) Trojan Horse program detection

Webmaster can be based on the page file modification time to determine whether the Trojan is implanted, the method is to see all the changes in the file change date, because the Trojan modified these pages, so they modify the date is very close. Then query the newly established ASP, ASPX, ASA file for this date and isolate or delete the exception file. The program will automatically detect the files in the site and the security report will be displayed when the detection is complete.

can also use a special web Trojan detection tools to check, need to pay attention to some Trojan detection software is more stringent, some component files and background management procedures will be included in the dangerous documents, in use need to be carefully identified.

(5) Batch Repair Web page

The general hacker invades the website all is in the webpage to add the code to carry on the Trojan planting, so that users browse the Web site automatically open and download Trojan program, some Trojan virus will automatically in all the Web page file after adding a line of code: If a lot of web site files, manual removal is simply impossible. At this time we can use the Web page batch modified software for malicious code to delete the bulk.

First find the site in the Trojan file code, then download and unzip the software, open the software main program in the "Find what" column to enter the detected malicious code, and then select the Web Site Files folder, and then click the "Start Replace" button, the software will automatically complete the repair operation of the Web page. When you confirm that there is no malicious code, finally upload all files to the Web site space.

Figure 31 Text Batch replacement software

In fact, as long as the usual precautions, at the same time, if the site is black, take the right approach, can minimize the loss of their own site.