Shulou(Shulou.com)05/31 Report--

This article introduces how to solve the problem of webshell Trojan that may exist in the website. The content is very detailed. Interested friends can use it for reference. I hope it can help you.

As soon as we went to work in the morning, a new customer consulted us, Sinesafe Security Company reported that he had received a text message from Ali Yun, the content was: website Trojan file reminder 018-06-20 09:20:49 Dear * * Network: there are files in your virtual host that trigger security alarm rules, and there may be a webshell web Trojan. You can log in to the virtual host console-"manage" file management of the corresponding host-website Trojan detection function to confirm whether it is a malicious file. For relevant help documents, please refer to the website Trojan horse detection help. The list of hosts with hanging horses is as follows: IP address domain name webshell web Trojan

First, what is the website backdoor file webshell web page Trojan?

In fact, the website webshel web Trojan l is an asp script or php script Trojan back door, hackers in the invasion of a website, often these asp or php Trojan backdoor files will be placed in the web directory of the website server, mixed with normal web files. Then hackers can use web to control the website server through the back door of asp or php Trojan horse, including uploading, downloading, editing and tampering with the website file code, viewing the database, executing arbitrary program commands to get server permissions, and so on. The prompt image in the CVM management console of Ali Cloud:

Prompt for the existence of a website backdoor file

Second, the website backdoor file webshell web page Trojan is how to appear? 1) through the website's own program loopholes, such as the upload picture function or message function, the program of the website is open source, and it is the secondary development carried out by the website development company on the basis of this open source program. And the website itself leaves a back door, because the author of the open source program is not a fool, there must be benefits.

2) the hacker obtains the administrator's backend password through sql injection, logs in to the backend system, writes the WebShell Trojan to the configuration file using the background management tools, or the hacker privately adds the upload type, allowing scripts to upload files in formats like asp or php.

3) use the database backup and recovery function of the background function to obtain webshell. For example, change the suffix of the backup file to asp when backing up. Or there is a mysql data query function in the background, and hackers can output php files by executing select..in To outfile queries, and then insert the code into mysql, resulting in the generation of webshell Trojans.

4) other sites in the server are attacked because their own sites are uploaded to the website Trojan horse across directories, or the server is equipped with a ftp server, and the ftp server is attacked, and then injected into the webshell Trojan horse, and then the website system is also infected.

5) the hacker directly attacks the server. If the hacker attacks the server by using overflow vulnerabilities or other system vulnerabilities, then the hacker obtains the administrator rights of the server and can upload webshell Trojan files in the directory of any website.

Website backdoor file

3. How to prevent the system from being uploaded to the WebShell webpage Trojan? 1) on the website server, open the firewall that comes with the system, enhance the password strength of the administrator account, change the remote desktop port, and update the server patch and antivirus software regularly.

2) regularly update server system vulnerabilities (windows 2008 2012, linux centos system), website system upgrade, try not to apply third-party API plug-in code.

3) if you do not know too much about the program code, it is recommended to find a website security company to repair the loopholes of the website, as well as the security testing of the code and the removal of the back door of the Trojan horse. SINE security companies, Green League security companies, Qimingxing and other website security companies are recommended to do in-depth website security services to ensure the safe and stable operation of the website and prevent the website from being hung up.

4) try not to simplify the password of the background users of the site, and conform to the combination of uppercase and lowercase letters, numbers and symbols of 10 to 18 digits.

5) the path managed by the background of the website must not be accessed by the default admin or guanli or manage or the path with the file name admin.asp.

6) the basic security settings of the server must be done in detail, the security policy of the port, the security of the registry, and the security reinforcement of the underlying system, otherwise the server is not secure and the website is useless.

On how to solve the problem of webshell Trojans may exist on the site to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.