如何防止网站被黑客攻击 [英] How to prevent website from hacking

问题描述

大家好，

希望你做得很好。



我的一个客户网站遭遇黑客攻击。

每次匿名用户都在我的网站主页上添加不需要的代码和超链接（default.aspx）。

这些超链接是我在default.aspx页面底部添加的。由于上面的代码网页出现编译错误。每天我都会从网页服务器的网页上删除这些不需要的代码。

我的网站在共享主机网络服务器上运行中等可信级别。

它具有以下用户的以下权限：

权限属性

Hi All,
Hope you are doing well.

I've suffering from hacker attack for one of my client website.
Each and ever time anonymous user adding unwanted code and hyperlink on my website home page(default.aspx).
These hyperlinks he added bottom of my default.aspx page.Due to above code web page getting compilation error.Every day I am removing these unwanted code from the webpage on webserver.
My web site is running Medium trusted level on shared hosting web server.
It has following permission for following user:
Permission attributes

--Full control
--Modified
--Read & Execute
--List Folder Content
--Read
--Write

用户组&姓名

User Groups & names

*Administrators
 --All permissions check
*System
 --All permissions check
*FTP accounts (ftp_subaccounts)  [No permission for this user]
 --Full control uncheck
 --Modified uncheck
 --Read & Execute uncheck
 --List Folder Content uncheck
 --Read uncheck
 --Write uncheck
*Plesk IIS Anonymous Account (IUSR_sadgutn8)
 --All permissions check
*Plesk IIS Worker Process Identity Account (IWPD_2677(sadgutn8))
 --All permissions check
Plesk FTP subaccount (sadguru)
 --Permission for "List Folder Contents" check
* Plesk Domain user (sadgutn8)
 --All permissions check

之前它拥有Everyone的权限（完整控制）但我删除了;我也改变了所有的C面板和FTP帐户密码。但是黑客仍然不断攻击。



任何人都可以建议我如何防止我的网站遭受这些攻击。



任何帮助都会非常感激。



以下代码最近添加：

Earlier it has permission for Everyone (full control) but I've removed that; also I've change all C panel and FTP account password.But still hacker continuously attack.

Can anyone please suggest me how can I prevent my website from these attacks.

Any help would much appreciate.

Following code he added recently:

<a href="http://www.ebk8.com/amdc/">网上赌åš</a>
<a href="http://www.ebk8.com/qxws/">全讯�/a>
<a href="http://www.ebk8.com/zqbf/">赌çƒç½?/a>
<a href="http://www.ebk8.com/pjdc/">澳门葡京赌场</a>
<a href="http://www.ebk8.com/ssc/">时时�/a>

推荐答案

要查找的主要内容是SQL注入攻击，以及可能是XSS，以及弱密码等其他问题。最终它是一个巨大的主题，太过于双g在这里。如果你是认真的，那么使用HP的Fortify之类的工具来扫描代码，还有其他的。您还可以对网站进行渗透测试或笔测试，即安全公司针对您的网站运行一系列常见攻击以查看是否可以访问。

The main things to look for are SQL Injection attacks, and possibly XSS, as well as other issues like weak passwords etc. Ultimately it's a massive subject, far too big for here. If you're serious then get the code scanned using a tool like HP's Fortify, and there will be others. You can also get the site penetration tested, or "pen tested", which is when a security firm runs a suite of common attacks against your site to see if they can gain access.

在社交媒体上找到昨天的帖子，这是很好的解释，也许它会对你有所帮助，只需阅读 http://bit.ly/1lhLnHh

Just find yesterday post on social media, it is good explanation and maybe it will be helpful for you, just readt http://bit.ly/1lhLnHh

Thanks for the help.
I have checked the vulnerabilities and removed all unwanted filed from the root directory and changed the all Access credentials of C Panel including FTP.
Currently site is safe.
Thanks.
Have a good day.

这篇关于如何防止网站被黑客攻击的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！