How to effectively deal with webpages being tampered with, websites and servers being hacked

Lionsure 2020-08-27 Original by the website

If your website has a certain amount of traffic or influence, it will inevitably be invaded by others, and the intruder may be your competitor. There are many types of intrusions. Less serious case, the webpages of the website has been tampered with; serious cases, the server was hacked and paralyzed, and it cannot operate normally.

What should I do when a webpage has been tampered with? In this case, there is usually a vulnerability in the website program. The intruder catches and uses it to tamper with the webpage. Therefore, it is necessary to find the vulnerability in the program and patch it to completely eliminate such attacks.

How to effectively deal with websites being hacked and servers being hacked? It depends on the severity of intrusion. If only the service password is stolen by hackers or the server security settings are not in place, causing the website code or related information to be stolen, strengthen the server security; if the server is invaded by a virus, the virus must be completely eliminated to avoid hidden dangers. Next, look at the specific solution:

 

I. How to effectively deal with webpages being tampered with

1. Check the last modification time of the tampered file to determine whether it was modified by yourself.

2. Open the tampered file(such as the homepage) and check whether there is any new Javascript code or tampered content in it. Open the file to find the content displayed on the tampered webpage can be quickly found.

3. If the tampered file has not been modified, it means that the content displayed on the tampered page has been injected into the database, and the website program has an injection vulnerability; this vulnerability should be patched first, and then all the content injected into the database should be cleared.

4. There are also some server-related content, which will be introduced below.

 

II. Can my website be hacked, what should I do?

1. If the server has a virus, remove the virus first. If you don't know whether it is poisoned, you can check the task manager for abnormal processes. To remove viruses, first use anti-virus software with strong anti-virus capabilities. If there is no anti-virus software to remove it, you can only remove it manually. You can search the Internet for the name of the suspected virus process to see if there is any related solution.

 

2. Strengthen server security

1) Set the access permissions of each disk, especially the permissions of system disk(C disk) and the folder where the website is located. For example, the system disk can usually only be assigned the two user permissions of Administrator and system; website folders that do not require execution permissions are not allocated it, such as folders for saving Html, Javascript, Css and pictures.

 

2) Security settings of the database server

The Sql Server database needs to delete some files with hidden security risks, close port 1433, restrict remote login, set complex login passwords, etc.

3) Configure the firewall, close unnecessary ports, and change the ports that must be open. For example, if you modify the remote desktop login port 3389, others cannot connect without knowing the port, and there is no cracking password.

4) Configure the half-open connection to prevent flooding.

Server security configuration involves a lot of content. For ease of use, this website has been summarized into one page. For details, please refer to the article "IIS Configuration Encyclopedia".