Shulou(Shulou.com)06/01 Report--

What should I do after the domain name is hijacked?

Through iis7 website monitoring, enter your own domain name, you can immediately see whether your website is hijacked, and the query results are real-time, you can use the query results to better optimize our website.

1. Change the password of the domain name service provider and mailbox immediately, use the password with high complexity and change it frequently.

2. Delete the DNS resolution that does not belong to you, and restore the DNS settings

3. Turn off the universal resolution of the domain name, go to the domain name management backend, click on our domain name to find the domain name resolution with the * sign, and delete it.

4. If you are using a third-party DNS service, you should immediately change the third-party DNS server account password, lock the account information, and open the account SMS mailbox reminder.

5. See whether the overall code of the website has been tampered with. This is to solve the problem of domain name hijacking and conduct a comprehensive investigation of your own website, so as to remove the junk pages perfectly and ensure the security of the website.

6. Collect all illegally added pages and set 404, use Baidu webmaster platform tool to submit dead chain. Because the dead chain of those websites is our junk page, so we have to solve all these dead links. We can just write that the website has been maliciously written in the report content of the page.

7. If the domain name under the service provider is often hijacked, you can consider changing a more secure and stable service provider. Capable websites can build their own DNS services and operate independently.

How to prevent domain name hijacking?

1. Set complex passwords for domain name registrars and registration mailboxes and change them frequently. Using a separate DNS service, you also need to set the password as described above. At the same time, be careful not to use the same user name and password in multiple important registrations

2. Set the domain name update to the locked state, and it is not allowed to modify the record through the website of the DNS service provider. After using this method, the domain name resolution needs to be done through the service provider, which is not timely.

3. Check the domain name account information and domain name whois information regularly, check the event manager, and clean up the suspicious files in the Web network. Every day the site website checks to see if there are any unexpected pages. Check the website index and external link information in detail. If there are any anomalies, you must check them clearly.

4. Strengthen the anti-SQL injection function of the website. SQL injection is a method to write content to the database by making use of the characteristics of SQL statements, so as to obtain permissions.

5. Configure Web site folder and file operation permissions. In the Windows network operating system, using super admin permissions to configure permissions for Web site files and folders, most of them are set to read permissions, and write permissions are used cautiously. If the super administrator permissions cannot be obtained, the * program cannot take root, and the possibility of the website domain name being hijacked can be greatly reduced.

6. Use transaction signature to digitally sign region transfer and region update.

7. Delete unnecessary services running on DNS servers, such as FTP

8. Use firewall services on the periphery of the network and on DNS servers. Restrict access to those ports / services that are required for DNS functionality.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.