Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to solve the problem that the website has been attacked". The content of the explanation in the article is simple and clear, and it is easy to learn and understand. let's study and learn "how to solve the problem of website attack"!

Website attacks are generally divided into three types, namely ARP spoofing attack, CC attack and DDOS traffic attack.

First, let's talk about ARP spoofing attacks.

If you want to launch an ARP spoofing attack, you must first take control of the server in the same computer room, the same IP segment and the same VLAN as the website, by invading other servers. After gaining control, the program is used to disguise the controlled machine as a gateway to deceive the target server. This kind of attack usually sneaks into the code in the web page or intercepts some usernames and passwords. It is easy to deal with this kind of attack, just inform the computer room to deal with the corresponding controlled machines.

II. CC attack

Relatively speaking, this kind of attack is more harmful. Host space has a parameter IIS connections, when the visited site exceeds the number of IIS connections, the site will appear Service Unavailable. The attacker uses the controlled machine to continuously send access requests to the attacked website, forcing the number of IIS connections to exceed the limit. When the CPU resources or bandwidth resources are exhausted, then the website will be destroyed. For attacks that reach 100 megabytes, the firewall is very difficult, and sometimes even causes the firewall to run out of CPU resources and cause the firewall to crash. When it reaches more than 100 megabytes, operators will generally block the attacked IP on the upper layer.

For CC attacks, you can generally rent a space, VPS or server with anti-CC attack software, or rent an octopus host, which is more effective against CC attacks.

3. Traffic attack

Is the DDOS attack, this kind of attack is the most harmful. The principle is to send a large number of packets to the target server, occupying its bandwidth. For traffic attacks, simply adding a firewall is useless, there must be enough bandwidth to cooperate with the firewall in order to defend. If you want to defend against 10-gigabyte traffic attacks, you must use about 20 gigabytes of hardware firewall plus nearly 20 gigabytes of bandwidth. If the cost of using a single hard defense machine is quite high, 10G hard defense also costs tens of thousands of yuan a month. However, if you use cluster protection (octopus host), the cost will be much lower.

The website has been attacked, how should we solve it?

First check the server of the website

When we find that the website is attacked, do not panic excessively, first check whether the website server is hacked, find out the black chain of the website, and then do a good job in the security defense of the website. The specific operation is divided into three steps.

1. Enable IP to disable PING to prevent scanning.

2. Close unwanted ports.

3. Open the firewall of the website.

These can only prevent simple attacks, if you think it's too troublesome, you can search (Red Shield is free to fight attacks). When you are attacked, find the technician above, where there are free services to help you fight attacks.

Why did the website be hacked?

Hanging a horse on a website is the biggest headache for every webmaster. I personally think that the reasons why the website is hacked are generally divided into two kinds.

First, the security of the server space business leads to being implicated. Second, the security loophole of the website program itself is hacked and hacked and hung up. If there are conditions, you can find a professional to do safety to have a look. If the company, you can go to Sine security to see what your friends say is good. Generally speaking, there are vulnerabilities in the website program or the server and are attacked.

Solution:

1. It is easy to find the code that hangs the horse in the program, delete it directly, or overwrite the source program that you did not send to the server once, but hang it over and over again will have to solve this problem in depth. But this is not the best solution. The best way is to find a professional programmer to solve the problem.

Clear horse + fix vulnerabilities = thoroughly solve the so-called hanging horse, that is, heike obtains the webmaster account by various means, including SQL injection, scanning of website sensitive files, server vulnerabilities, website program 0day, and then logs on to the website background to obtain a webshell through database backup / recovery or upload vulnerabilities. Use the obtained webshell to modify the content of the website page and add malicious redirection code to the page. You can also obtain the server or website FTP directly through a weak password, and then modify the website page directly. When you visit a page that has been added malicious code, you will automatically visit the redirected address or download the Trojan.

Thank you for your reading. the above is the content of "how to solve the problem of website being attacked". After the study of this article, I believe you have a deeper understanding of how to solve the problem of website attack. The specific use of the situation also needs to be verified by practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.