Shulou(Shulou.com)06/01 Report--

After searching the reasons repeatedly, the main characteristics of domain name hijacking are found. After analyzing the implanted characters of * *, it uses "_ window.location." The href'js statement will also cause the website management to be unable to log in. After entering the user name and password in the management login window, the administrator will generally pass some information of the user to other files through session when passing the authentication, but the "window, location.href" statement makes the authentication link impossible, and the user's form cannot be submitted to the verification file normally, if the system uses the verification code. The _ window.location.href' statement can make the CAPTCHA expire, and the CAPTCHA entered is invalid, making it impossible for the website to log in normally.

For the detection of domain name hijacking, by entering your own domain name in the iis7 website monitoring, the real-time check results will come out immediately, and you can detect problems such as dns pollution. Check the problem first, and then solve the problem.

These features mainly have the following characteristics:

(1) strong concealment

Generated * file name, and Web system file name is very similar, if identified from the file name, can not be judged, and these files, usually put into the web folder under many levels of subfolders, so that the administrator can not find, the file implant character is also very hidden, only a few characters, generally can not be found.

(2) highly technical

Make full use of the characteristics of MS Windows, the file will be stored in a folder, and the file for special character processing, the normal method can not be deleted, can not be copied, and some can not even see, but can not be detected in this folder, but can not see, (the system fully shows hidden files), can not be deleted, copied.

(3) highly destructive

If a site is planted with people or characters, the whole server will be completely controlled by *, which can be very destructive, but the purpose of these * is not to destroy the system, but to use the Web server to hijack the website they want to display, so if some websites are hijacked, they will be transferred to some illegal websites, resulting in adverse consequences.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.