A brief discussion on the frame hanging Horse and the solution 01/28 Update SLTechnology News&Howtos

A brief discussion on the frame hanging Horse and the solution

2025-01-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

During the recent internship period, some customers reflected that there was an inexplicable exception code in the source code of the website, and after checking, it was determined to hang a horse for the website. I hereby write this article to summarize the form and solution of hanging a horse on the website.

The purpose of hanging a horse on a website: to earn traffic and business interests, it is generally put on the home page of the website, because the home page is the place with the largest traffic.

The reason why the website hangs up the horse: generally speaking, there is a loophole in the website program or a loophole in the server.

The form of hanging horse on the website: 1 frame hanging horse

2 JS file hanging horse

3 JS deformation encryption

4 body hangs the horse

5 concealing the horse

6. Hang the horse in CSS

7 Java hanging up the horse

8 picture camouflage

9 camouflage calls

10 Advanced deception

The pages that hang horses on the website: index.html index.php index.asp index.aspx index.cgi index.jsp default~, etc.

Solution: 1 enter the website server, open the site, find suspicious page files, static and dynamic, back up first, then delete the hanging horse sequence, and finally carry out comprehensive antivirus treatment

2 with the help of software, you can check the location of the horse, such as utlsnooper, delete the horse program, and clean up the antivirus.

We should form the good habit of backing up the database frequently. If this happens, we can directly restore the data of the database.

Fix the vulnerability:

1 modify the username and password and the default path of the backend of the website

2 change the database name to make the modification a little more complicated

3 check whether the website has injection or cross-site loopholes, and patch it if necessary

4 check the uploaded files of the website and filter the sensitive characters

5 do not disclose the address of the backstage of the website at will, so as not to guess the user name and password by social engineering

6 write some anti-hanging horse code to make the frame code invalid.

7 pay attention to the read and write permissions of some files on the website

8 the security of the program is also noteworthy.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.