How to solve the problem of hijacking the site?

　　Website hijacking is the favorite black producing a web drainage way, this approach often by governments, educational institutions website (high weight), modify the website source code, put the parasite program, set up two directories reverse proxy or the like. Network forms can be hijacked jump, hijack web content can be presented, is widely used in PW, and other lucrative industry.
　　IIS7 website monitoring
　　test whether the site was hijacked, if the domain name is the wall, DNS information pollution detection.
　　Server hijacking
　　server hijacking hijacking, also known as global, dynamic approach to modify the language of the site text to determine the source of access control returns the contents, never achieve the purpose of the site hijacked.
　　asp / aspx / php hijacking
　　Global.asa, Global.asax, conn.asp, conn.php other documents rather special role in each execution of a dynamic script, the script will be loaded first, and then execute the target script. So just write information to determine the user's system in the Global.asa code (such as access to source), if the keyword is the spider visits the page (Web site you want to promote) is returned, if the user is accessing, the page returns to normal.
　　Client hijacking
　　client hijack the way there are many, but mainly two kinds: js hijacking, Header hijacking.
　　js hijacking
　　js hijacking Objective: malicious js code to the target page, control of the site to jump, hide page content, window hijacking.
　　js implantation technique: *** server can be directly written to the source code; can also be written in the database because some database renders the page content.
　　js hijacking case
　　effect: Jump to page through a search engine ××× click on the page (the implementation of a js); enter the URL directly access a Web page, jump to page 404.
　　Code:
　　Today new new = a Date ();














　　<meta http-equiv = "refresh " content = "10; url = http: //thief.one">;
　　use is Meta Refresh Tag (automatic steering), the flow lead away.
　　Contrast the way
　　the client and server to hijack the difference between
　　client hijacking: Every visit to the page from the server to get the code pages are the same, but the effect of the control page code rendered in the browser (such as whether to jump, etc.) .
　　Server hijacking: changing each time you visit the page from the server to obtain the Web page code.
　　The client and server hijacking method for determining
　　the client's hijacking judgment method: just observe web browser front-end code presented to see if cited improper js, or other sensitive content.
　　Server determination method hijacking: back-end code by observing site, or by changing IP, header, etc., to observe whether the source back different.