Don't hack the website. How to solve it? How to deal with the problem of website being hacked

One 、 What is a website “ Be black ”？

Website is hacked , It refers to the program that hackers use the website 、 Security vulnerabilities in settings, etc. or administrator Security Oversight （ Such as low password complexity ）, Not authorized by the Administrator , The website has been tampered with （ For example, add spam content or add other web pages ） Or inject malicious code into the website .

Two 、 How to know if “ Be black ”？

Analyze system logs 、 Server log , Check the number of pages on your site 、 Whether there is abnormal fluctuation of flow etc , Whether there is abnormal access or operation log

Check if there is any abnormal modification in the website file , Especially the home page and other key pages .

Whether the website page references the resources of the unknown website （ picture 、JS etc. ）, Whether the exception link of the outstation is placed .
IIS7 Website monitoring can prevent all kinds of website hijacking in advance 、 And it's free online 、 It is applicable to all station masters 、 Government website 、 School 、 company 、 Hospital and other websites . He can do it 24 Hourly timing monitoring 、 At the same time, it can let you know whether the website is hacked 、 Be invaded 、 Changed title 、 Black chain 、 Hijacked 、 Wall and quilt DNS Is it contaminated or not 、 It also has exclusive detection of the website's real full open time 、 Let you as stationmaster can know oneself website health condition clearly ！
Official picture

Official address ：IIS7 Website monitoring

Check whether the website has abnormally added files or directories .

Check whether there is non administrator packaged website source code in the website directory 、 Unknown txt Documents, etc. .

3、 ... and 、 How to deal with it “ Be black ”？
Step one: avoid the problem expanding

Shut down your website immediately to avoid infecting other websites （ If you have access to your own server, it is best to configure it to return 503 The status code ）.

Contact your own network hosting provider to see if you have taken steps to solve the problem .

Change passwords for all users and all accounts （ for example ,FTP Access password 、 Administrator account password 、 Content management system authorization account password ）.

Delete all pages changed by string or added maliciously , And through the platform of Sogou webmaster, through the dead chain submission, we are informed to delete the black data in Sogou search results .

Step 2 assess losses

Use the latest scanner to scan your computer , Find out any malicious code that may be added by hackers . Please be sure to scan everything , Instead of just scanning text-based files , Because malicious content tends to be embedded in images .

Delete the webpage or website that is blacked out . This prevents the system from providing users with a blacked out web page .

Report to us the web page of online deception （ sogou ：http://fankui.help.sogou.com/index.php/web/web/index?type=5 Baidu ：https://ziyuan.baidu.com/safe/index）

see antiphishing.org For the website being hacked （http://www.dingjianseo.com/zb_users/upload/2020/beihei.pdf ） Treatment method .

If you have other websites , Please check if they are also black .

Step 3 if you have access to your own server , Please continue with the following steps

Check if there are any open redirect URLs in your website that have been attacked .

According to the website platform used , Check .htaccess file (Apache) Or other access control mechanisms , To find out malicious changes .

Check the server logs , To see when the file was blacked （ remember , Hackers can change logs ）. Look for suspicious activity , For example, failed login attempts 、 command （ In particular, commands issued as root users ） History or unknown user account .

Step 4 clean up your website

Clean up your content , Delete all pages added by hackers according to virus scanner identification results 、 Garbage content and suspicious code . If you back up the content , Then consider deleting your content completely , Then replace with the latest known good backup （ It has been verified that there is no loophole and no black content in a backup ）.

Step 5 if you have access to your own server , Please continue with the following steps

Update all packages to the latest version . We recommend that you use a reliable source to completely reinstall the operating system , To ensure that all content tampered with by hackers is removed . in addition , If the blog platform is installed 、 Content management systems or any other type of third-party software , Be sure to reinstall it or update it accordingly .

Make sure your website doesn't contain any loopholes and change your password again .

Set the system to be publicly accessible . Change server configuration , Make it no longer return to 503 The status code , And take all other necessary measures to open its website to the public .

Step 6 apply for unblocking

When you follow the above tips to remove the exception carefully , Apply to unblock your website , Submitting an application without completely excluding all exceptions will not pass our inspection , And then there's no way to unblock .

The complaint processing cycle of the website is generally 20~30 A working day , The staff will check the content of your site , When all abnormal conditions are completely eliminated , Your site will be unblocked .

Four 、 How to prevent “ Be black ”？

Check the server log regularly to find problems , Check for suspicious access to non foreground pages .

Often check whether the website files have abnormal changes or additions .

Focus on the operating system , And the official website of the program used . Download the patch in time , Fix security holes ; If necessary, it is recommended to update to the latest version .

Modify the default file name of the key file of the open source program , Cheaters usually determine whether a program is used by automatically scanning the existence of certain files .

Modify the default administrator user name , Improve the password strength of the management background , Using letters 、 A combination of numbers and special symbols .

Shut down unnecessary services and ports

Turn off or restrict unnecessary Uploads .

Set up firewall and other security measures .

If problems recur , It is recommended to reinstall the server operating system , And re upload the backup website file .

Lack of professional maintenance personnel for the website , It is recommended to consult a professional safety company .