Many people often encounter such problems. Platform websites are always maliciously attacked. What is linked to horses and what is hacked. When the website is opened early in the morning every day, all kinds of problems will always occur. This is true. Let the webmasters worry. Starting from changing the server management account to changing the remote port, all countermeasures have been carried out, and it will still be linked to malicious attacks.
What should I do when the server is always maliciously attacked? Next, let's follow in the footsteps of Maduyun!
1. Disconnect from the network
All the attacks on the server come from the network, so when the server is attacked, the first step is to disconnect the network. Not only can you quickly disconnect the source of the attack, but at the same time, you can also protect the server. Other hosts in the network.
2. Search for the source
It is necessary to find out the content of abnormal information and analyze the abnormal program by analyzing the system log or log file based on its own experience and comprehensive judgment.
3. Analyze *** factors and approaches
Be sure to find out the specific factors and ways of being victimized. It may be caused by various factors such as system vulnerabilities or program vulnerabilities. Only when the root cause of the problem is found can the system be repaired immediately.
4. Copy the user data information
When the server is compromised, it is necessary to immediately copy the customer data information, and also pay attention to whether this data information contains the source of the ***. If there is a VPN source, you need to delete it completely, and then back up the customer data to a safe and reliable place.
5. Reinstall the system
This is also the simpler and the safest and most reliable method. It is impossible to completely eliminate the source of abuse in a system that has already been attacked. Only by reinstalling the system can the source of abuse be completely eliminated.
6. Patches or system vulnerabilities
If system vulnerabilities or program vulnerabilities have already been discovered, system vulnerabilities or program bugs need to be patched immediately.
7. Restore data and network connection
Copy the already copied data information to the reinstalled system again, and then open the network connection to the server to restore external services.
How to prevent the server from being malicious?
First of all, our first step is that the server must prohibit the use of administrator, and then upgrade the system, apply operating system patches, especially IIS6.0 patch, SQLSP3a patch, and even IE6.0 patch, and immediately track the latest vulnerabilities. patch. Secondly, run the system's built-in Internet connection firewall, and check the Web server in the setting service options; at the same time, it is strictly prohibited to respond to ICMP routing notification messages, and to prohibit the use of Workstation in the service. Finally, we have to block IUSR customers from improving management authority and avoid SQL injection.
In short, for servers that have been hacked, in fact, we have a better way, that is to use a high-defense server, professionally carry DDOS***, CC***, etc. network ***, with a high Anti-IP, coupled with UDP blocking service, can solve many problems of malicious attacks.