暫時(shí)關(guān)閉網(wǎng)站
Temporarily close the website
網(wǎng)站被黑客入侵后,常見(jiàn)的情況就是被植入木馬程序,為了保證瀏覽者的,必須先關(guān)閉網(wǎng)站,待處理完畢后再開(kāi)放。關(guān)閉時(shí)可以暫時(shí)將域名轉向其它地址,如建立一個(gè)網(wǎng)站的帖吧,或者放置一個(gè)說(shuō)明頁(yè)面。
The most common situation when a website is hacked is when it is implanted with a Trojan program. In order to ensure the safety of visitors, the website must be closed first and opened only after it is processed. When closed, the domain name can be temporarily redirected to other addresses, such as creating a website post or placing an instructional page.
使用備份恢復
Using backup recovery
如果網(wǎng)站文件被黑客破壞或刪除,假如事行過(guò)網(wǎng)站數據備份的話(huà),可以直接使用備份文件恢復。萬(wàn)一沒(méi)有對備份進(jìn)行備份,而數據又非常重要的話(huà),建議先不要進(jìn)行任何操作,立即請專(zhuān)門(mén)進(jìn)行數據恢復的公司嘗試恢復服務(wù)器硬盤(pán)中的數據。
If the website files are damaged or deleted by hackers, and if the website data has been backed up beforehand, the backup files can be directly used for recovery. If there is no backup done and the data is very important, it is recommended not to take any action for now. Please immediately ask a company specialized in data recovery to try to recover the data from the server's hard drive.
因為有些虛擬主機服務(wù)商會(huì )定時(shí)備份服務(wù)器中的數據,使用虛擬主機空間的用戶(hù),還可以聯(lián)系空間商獲取數據備份。
Because some virtual hosting services will regularly backup data from the server, users who use virtual hosting space can also contact the space provider to obtain data backups.
打補丁查漏洞
Patch and check for vulnerabilities
當程序漏洞被公布時(shí),程序的網(wǎng)站都會(huì )發(fā)布程序的補丁,只需要下載相應的文件,按照說(shuō)明上傳到網(wǎng)站空間覆蓋原文件即可。如果暫時(shí)沒(méi)有出現相關(guān)的補丁,則可以暫時(shí)禁用或刪除某些功能文件。
When program vulnerabilities are exposed, the official website of the program will release patches for the program. Simply download the corresponding files and follow the instructions to upload them to the website space to overwrite the original files. If there are no relevant patches currently available, certain feature files can be temporarily disabled or deleted.
接著(zhù)我們可以查看網(wǎng)站的訪(fǎng)問(wèn)日志,找出訪(fǎng)問(wèn)木馬程序的IP地址記錄,根據查詢(xún)到的IP地址,再次查看黑客還訪(fǎng)問(wèn)了哪些頁(yè)面,檢查這些頁(yè)面是否有其它漏洞。
Next, we can check the website's access logs, find the IP address records of accessing the Trojan program, and based on the queried IP addresses, check again which pages the hacker has visited and whether there are any other vulnerabilities on these pages.
木馬程序檢測
Trojan program detection
站長(cháng)可以根據網(wǎng)頁(yè)文件的修改時(shí)間來(lái)判斷是否被植入木馬,方法是察看所有被更改的文件的更改日期,由于是木馬修改了這些頁(yè)面,因此它們修改日期非常接近。然后查詢(xún)此日期近新建立的asp、aspx、asa文件,將異常文件進(jìn)行隔離或刪除。
Webmasters can determine whether a Trojan has been implanted based on the modification time of webpage files. The method is to check the modification dates of all modified files. Since these pages were modified by the Trojan, their modification dates are very close. Then query the newly created ASP, ASPX, and ASA files on this date, and isolate or delete the abnormal files.
使用PhpWind論壇程序的站長(cháng)還可以下載專(zhuān)用的網(wǎng)頁(yè)木馬檢測工具來(lái)進(jìn)行木馬的檢測和(下載地址:[url]http://www.phpwind.com/2.0/safe.zip[/url]),解壓后將文件全部上傳到論壇目錄中,如果服務(wù)器是Linux 或FreeBSD系統還需要設置論壇目錄為可讀寫(xiě)模式。接著(zhù)在瀏覽器中輸入safe.php文件的地址,程序將自動(dòng)檢測站點(diǎn)中的文件,檢測完成后將會(huì )顯示報告。
Webmasters who use the PhpWind forum program can also download dedicated web Trojan detection tools to detect and clear Trojans (download address: [URL]) http://www.phpwind.com/2.0/safe.zip After decompressing, upload all files to the forum directory. If the server is a Linux or FreeBSD system, you also need to set the forum directory to read-write mode. Next, enter the absolute address of the safe.php file in the browser, and the program will automatically detect the files in the site. After the detection is completed, a security report will be displayed.
我們也可以使用專(zhuān)門(mén)的網(wǎng)頁(yè)木馬檢測工具進(jìn)行檢查,下載一款“網(wǎng)站程序分析器”,接著(zhù)使用FTP軟件將網(wǎng)站文件全部下載到本地硬盤(pán),選擇文件所在的文件夾后點(diǎn)擊“掃描”按鈕即可。稍等片刻,軟件將顯示掃描到的木馬文件名稱(chēng),要注意的是,該軟件檢測比較苛刻,一些組件文件和后臺管理程序也會(huì )被列入危險文件,在使用時(shí)需要仔細鑒別。
We can also use specialized web Trojan detection tools to check, download a website program security analyzer, and then use FTP software to download all website files to the local hard drive. Select the folder where the files are located and click the "Scan" button. Wait a moment, the software will display the names of the scanned Trojan files. It should be noted that the software has strict detection requirements, and some component files and background management programs may also be listed as dangerous files. Careful identification is required when using it.
批量修復網(wǎng)頁(yè)
Batch repair of web pages
一般黑客侵入網(wǎng)站后都是在網(wǎng)頁(yè)中加入代碼進(jìn)行木馬的種植,從而使用戶(hù)在瀏覽網(wǎng)站時(shí)自動(dòng)打開(kāi)并下載木馬程序,一些木馬程序會(huì )自動(dòng)在所有的網(wǎng)頁(yè)文件后面添加一行代碼:,如果網(wǎng)站文件很多,手工一個(gè)個(gè)簡(jiǎn)直是不可能的事。這時(shí)可以使用數碼龍網(wǎng)頁(yè)批量修改器進(jìn)行惡意代碼的批量刪除。
After hacking into a website, hackers usually add code to the webpage for Trojan horse cultivation, so that users can automatically open and download Trojan programs when browsing the website. Some Trojan programs will automatically add a line of code after all webpage files: if there are many website files, it is impossible to manually clear them one by one. At this point, the Digimon web page batch modifier can be used to batch delete malicious code.
刪除網(wǎng)站空間中存在的木馬文件,接著(zhù)下載數碼龍網(wǎng)頁(yè)批量修改器,打開(kāi)軟件主程序后在“刪除字符”欄目中輸入檢測出的惡意代碼,然后選擇網(wǎng)站文件所在的文件夾,單擊“開(kāi)始”按鈕,軟件將自動(dòng)完成網(wǎng)頁(yè)的修復操作。當確認沒(méi)有惡意代碼后,將所有文件上傳到網(wǎng)站空間即可。
Firstly, delete the Trojan files that exist in the website space. Then, download the Digimon web page batch modifier, open the main program of the software, enter the detected malicious code in the "Delete Characters" column, select the folder where the website files are located, click the "Start" button, and the software will automatically complete the webpage repair operation. After confirming that there is no malicious code, upload all files to the website space.