The site was attacked by the black how to do

2.: the way to minimize the source and damage assessment


server log file is black, to view the time (remember, hackers can change log), search for suspicious activity, such as command failed login attempts, (especially a root user command) history or unknown user account.

A web site a few days before the The

had been black experience, there will be anti consciousness, develop cycle detection server logs, server operation and other basic maintenance of website security operation, to a certain extent can discover and deal with the Trojans, reflect a website operation level.

According to the

Trojan update time is generally the most recent date, and then query the latest date the new ASP, ASPX, ASA file, the file or delete the abnormal segregation. Of course, the method of direct comparison is with the Trojan query tool, it is fast, but at the same time will delete the security file as necessary, so we must pay attention to screening.


server log analysis, find out weak or hacker vulnerabilities. Had this experience being black, usually should develop in time to download the patch, patch security vulnerabilities, if necessary, directly update to the latest version.

is black according to the situation analysis, the site does not include routine places: unknown data, abnormal links, abnormal file directory, code, quickly find hacking "or preliminary code, delete, scan, to prevent the further spread of. After the station full scan processing, combined with the suggestion to view the, two clear

Check the

1. is the most direct way to close the site:

3. is the most comprehensive way: log analysis, patching, Trojan detection

According to the

company responsible for the operation of the website was hacked, in a week to recover some basic data website! Here is about how simple fast recovery by the black sites, to prevent hackers planted "the spread of the virus, influence to the visitor’s computer security.

The relative

data backup is occurred before the website was hacked, is relatively safe, the most efficient way is to restore the site operation, of course, according to their general data backup: Internet service provider virtual host data backup, the company website internal departments data backup, data backup professional outsourcing company. Look at the nature of the company’s choice of data backup fly, is the fastest way to restore the site operation.

This is

the significance of the treatment control to prevent the spread of the virus source. According to their specific measures include: the server configuration is 503; contact network service providers to understand the situation; temporarily change the user and password.

4. is the most thorough way to enable data backup: