Some time ago, the website was hacked , From Baidu to open the site directly hijacked jump to cai ticket ,du Blog website , Home page of the website index.html The documents have also been tampered with into something Beijing sai vehicle ,pk10, some cai Key words of tickets , Make the website can't browse normally at all , Search our company website from Baidu , Directly blocked by Baidu , What do you suggest ： Baidu website security center reminds you ： There may be illegal information on this page ! The screenshot is as follows ：
How to solve the problem of website being hacked , Prevent website hijacking , I'll tell you more about my solution ： First of all, our company's website uses dedecms System development , It was used PHP development language , And the database is mysql, This is the main reason why the website was hacked this time dedecms There is a vulnerability in the code , It was used and uploaded by the attacker webshell, That is the website Trojan file , Tamper with the homepage of the website , Hijack and jump to other websites .dedecms Why do open source systems have vulnerabilities ? Enterprise website developed by Zhimeng , Why are they often attacked ? Some people may think that the security protection of the server is not good , The code is not well written , In fact, in the final analysis ： All website systems open on the Internet , There are loopholes , It looks like the one we use now win7,win10,windows2008, They're all systems developed by Microsoft , It was developed by some very powerful experts , But there will still be vulnerabilities in Microsoft's system , Why? 360 The security center always tells you to fix the vulnerability , Always patching , The vulnerability patch has never been broken , For the company's website to use the dream weaving code , A lot of companies are using it , The more people use it , A lot of people will go to dig the loopholes of the website , Our website will be attacked if the vulnerability is mined out , Causing the website to be hacked , Hijack jump .
First connect to the FTP, Download the source code , Download the entire website code to our own computer , After downloading, the security of each code file should be checked carefully , Find some abnormal content or code to record , Take out the previous website backup files for comparison , You can find the problem . I found that the most obvious trace of tampering with the company's website is the front page of the website , title , describe , It's been tampered with as Beijing sai vehicle ,PK10,cai Contents of the ticket . Delete these codes , The site is back to normal , I thought there would be no problem , After less than a day was tampered with jump to other sites , Consulting some professional security technology , It's said that there are loopholes in our website , You only delete malicious code , No fix , It's like mending the knot after a sheep has been lost , That's what I realized , Yes dedecms Website vulnerability has been fixed , And check whether there is a website backdoor file , stay data Found in the directory 1.php, Open the back door of the Trojan horse . It is deleted .
The rest is the detailed security deployment , Background address of the website dede Changes have been made , because dede This directory is the default administrator background address , A lot of people know that , If the site exists sql The injection of the vulnerability will lead to the password disclosure of the administrator , Be maliciously logged into the background to raise rights .
Add a layer of security verification when logging in the background , In addition to the account password verification code , One more layer of security verification , It's a little more troublesome, but it can prevent attackers from even cracking your account password , You can't do it without a security code .
3. The upload function of the website is strictly security filtered , No uploading PHP Script file , Set the security permission of the picture directory , cancel PHP Execution rights of .
If you write your own website, it's OK to be familiar with it , I didn't write it myself , It is suggested to find a professional website security company to deal with the problem that the website is hacked , The problem of hijacking and jumping , And help you fix the site vulnerability , image Sinesafe, Green Alliance those who specialize in website security service providers to help .
Timely patch the website vulnerability , If you don't know how to repair it, it is recommended that professional website security company solve it . Another is the website background management account password set to letters + character + number + How to satisfy the case of 10 More than one bit is enough , It's not usually guessed . Back up the website regularly , Including code backup , And database backup .
Last but not least ： Regularly back up the data and source code of the website , And download to local save , And save and upload to the network disk in case of emergency .