Website security analysis is your site safe enough?

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

The threat to the website

With the rapid development of the Internet and Intranet/extranet, the web has had a profound impact on business, industry, banking, finance, education, government and entertainment, and our work and life. Many traditional information and database systems are being ported to the Internet, and E-commerce has grown rapidly, surpassing national boundaries. A wide range of complex distributed applications are appearing in the Web environment.

Website is in the relatively open environment of the Internet, various types of Web application system complexity and diversity led to endless system vulnerabilities, viruses Trojan and malicious code on the Internet, and more and more websites in this process also because of the security risks encountered by various attacks, media reports, China 95 of the Internet Connected network management centers have been attacked or hacked by hackers inside and outside the city, where government, banking, finance and securities institutions are the focus of hacker attacks. In China, for the government, banks, securities and other financial areas of the total amount of criminal cases involved in crime has reached hundreds of millions of yuan. Web site as a government and securities and other financial sectors of the external image of the window, e-government, E-commerce is an important platform, once the hacker breached, so as to acquire, destroy, tamper with a variety of important information and data, to the organizations caused significant economic losses and adverse social impact, and even caused political, financial and national security.

The following is from the National Internet Emergency Center statistics, from August 1, 2009 to 31st one months time, the mainland has more than 3,000 sites have been tampered with, of which mainland China. Gov.cn has 299.

Second, the website is invaded the reason

Why are so many websites so heavily affected? What are the reasons for Web site security? 007 Security Team summarized the above forms, the current site security is the following threats:

2.1 Server System Vulnerabilities

Exploiting a system vulnerability is the most common way to attack a site. The Web site is based on a computer network, and the computer operation is not the operating system. Vulnerabilities in the operating system can directly affect the security of the site, a small system vulnerability may be to disable the system, such as the common buffer overflow vulnerabilities, IIS vulnerabilities, as well as third-party software vulnerabilities.

2.2 Website Programming flaw

Web design, often only consider the business functions and normal conditions of stability, consider to meet user applications, how to achieve business needs. Rarely consider the vulnerabilities that exist during Web site application development, these vulnerabilities are rarely seen in the eyes of people who are not concerned with the design of security code, and most Web design developers and site maintainers have little knowledge of the site's offensive and defensive techniques;

Web site source code security also plays an important role in the security of the entire site. If the code vulnerability is seriously compromised, the attacker can easily get the highest privileges of the system through the appropriate attack, when the entire Web site is also in its possession, so the security of the code is critical. At present, due to the lack of rigorous code writing caused a lot of vulnerabilities, the most popular attack method diagram is as follows:

(1) Injection vulnerability attack

(2) Upload vulnerability attack

(3) CGI vulnerability attack

(4) XSS attacks

(5) Tectonic intrusion

(6) Social engineering

(5) Management negligence

2.3 Security awareness is weak

Many people believe that the deployment of firewalls, IDS, IPS, anti-virus walls and other network-based security products, through SSL encryption network, servers, Web sites are safe. Not in fact, attacks based on application layer such as SQL injection, cross-site scripting, construction intrusion, this feature is not unique site attacks, is through the 80 port, and the attacker is through normal get, post and other normal way to achieve the effect of attack, based on feature matching technology defense attacks, Cannot intercept the attack accurately, the firewall is unable to block. SSL encryption, only to explain that the site sent and received information has been encrypted processing, but can not protect the information stored in the site security. At the same time, there is a lack of security awareness of managers, the default configuration is not appropriate, the use of weak password password.

Tip: Firewall and other security products is to intercept network-based attacks (such as DDoS, port scanning, etc.), you can limit the need to open the port, can facilitate centralized management, partition network topology.

Third, how to deal with the website Black

If the site is unfortunately attacked, don't worry, you can follow the 007 security team prompts:

3.1 Confirm the range of attack

Site has been tampered with, may attack all only the website's permission is often said that Webshell, also may the attacker through Webshell to raise the power, has obtained to the server the authority, even has penetrated into the intranet. So you judge and confirm the scope of the attack by the signs of the log.

3.1 BACKUP Log

Backup logs (such as IIS, Apache, FTP, Windows/linux/unix, and so on). Perhaps some of the logs have been hacked, you can log recovery and other methods, try to find more logs. If there is a large loss, can be reported to the police, this time the log plays an important role, the investigators can find the whereabouts of the intruder through the log. The log also has an important role to play in finding out where the hacker is attacking the site and looking for vulnerabilities.

3.2 Clear Back Door program

General hackers in order to consolidate the long-term "results", will install a variety of backdoor programs such as ASP, ASPX, PHP, JSP, CGI, PY and other script Trojan. If the hacker has obtained the server permission, then you check the system based backdoor such as rootkit, Bounce remote control Trojan, check whether the hacker replaces the program, the clone administrator account and so on.

3.2 Fixing vulnerabilities

Just clear the back door is not enough, must find the loophole, this is to fundamentally solve the security problem, this process is the most difficult, generally involves development, need to have rich experience of security personnel to solve.

3.3 Change the original configuration

After fixing the vulnerability, we need to change some of the previous configuration files, such as the website background password, the database connection password, if it is access, ASA and other format database needs to change the path or file name, the purpose is to prevent hackers through the previous record information, to invade again, Change the administrator password at the same time, root, etc.

Iv. website anti-black Suggestions

4.1 Permeability Test

If you have the conditions to hire security personnel for penetration testing, or to hire professional security personnel to maintain.

Tip: Permeability testing is authorized, security personnel simulation hacker attacks, to find networks, servers, sites vulnerabilities and vulnerabilities, and to give appropriate security solutions.

4.2 Security Awareness

If there is a layer of security equipment protection site, and the site source code through professional security audit, if the site background password or FTP password set to 123456, then a good protection is no use.

V. Summary

Web site security can not be ignored, hackers through the site a small loophole, control the site permissions, and then in the Webshell through the right to gain access to the server, and even to the server as a springboard, through overflow, sniffing, brute force, social engineering and other means to control the entire internal network, traversing network resources. This leads to leaks, core data breaches and other security incidents.