What should you do if your company website is hacked? (Solution)

Many company websites have been hacked and attacked. The main thing involved is the development language of the website, including code language and database language. Most websites now use PHP, JAVA,. NET language development, the database uses mysql, oracle and other databases, so what should I do if the website is attacked? When running a website, it is common to be attacked. Especially some company websites and personal websites are not protected by full-time security technicians. As a result, the website is often attacked and often redirected to other websites. Some websites even fail. It has been hacked, and the title of the website's homepage has been repeatedly tampered with. Without professional security skills to protect it, facing such a problem can only be done in a hurry, and there is no good way. So our SINE security team will tell us how to deal with the problem of website being hacked.

The symptoms of a website being hacked are as follows:
#1. Now in 2019, the website has been hacked The most common symptoms of an attack are that opening a website will automatically jump to other websites. The homepage file of the website is often tampered with, and the title and description of the homepage will be tampered with. Some websites with severe attacks are even blocked by Baidu's URL Security Center. Dropped, bringing a very bad user experience to users who visit the website.
2. Malicious black links are inserted into the code of the website. You cannot see these black links when you open the website normally. You can only find these links by checking the source code, and they are often found. Added to the very bottom of the website's homepage, there are some friendly links with text descriptions. Some of them will also hide the font size of these black links and reduce them to the smallest size so that you cannot find them at all. The purpose of attacking the website is to implant some black links. To add the weight of other websites on Baidu and get some traffic.
3. There are also some websites that have been attacked. The number of snapshots of the website in Baidu has increased significantly. Some even have tens of thousands of snapshots of the website, all of which have nothing to do with the content of the website itself. For some entries, the website is basically hijacked. Clicking on it from Baidu jumps directly to other websites. If you check the source code in the server, you will find traces of the attack. Usually there are some special names in the root directory of the website. Files, as well as some HTML files, especially websites with higher weight and higher traffic will be hijacked and snapshots will be entered.
4. The website cannot be opened due to the attack. When opening the website, it is fast and slow. The server's CPU is occupied to 100%, and the website cannot be opened at all. The database process is occupied to 100%, and the server is stuck. It cannot be operated remotely. These are basically DDOS traffic attacks and CC attacks. They use G bandwidth to attack the IP of the server, causing network congestion and making the website unable to be opened. This attack method is often used by peers to compete and offend others. .
5. When opening the website, it prompts that the database cannot be connected. The database was maliciously deleted by the attacker, and the code files of the website were deleted. Some websites prompt that they cannot be connected when opening, and even some website codes If you are infected by a ransomware virus or a mining virus, you will have the above attack symptoms.
6. Some websites have been attacked, mainly by tampering with members’ bet orders, changing members’ account passwords, including malicious withdrawals, malicious transfers, and changing members’ bank cards. Such attacks are often In order to obtain benefits, some membership systems have many levels of channels, which often become the target of attacks. They tamper with the database and add coins to their accounts, causing greater economic losses to the membership channel system.
What should I do if my website is hacked? How to deal with it?

Regularly back up the website code and database. Some websites use Alibaba Cloud servers. You can enable Alibaba Cloud's snapshot backup function to perform regular backup snapshots of the entire website server to prevent website data from being deleted or tampered with. Snapshots can be used to restore the website to its latest state in real time. Use CDN to accelerate the website domain name, hide the real IP of the website, and prevent attackers from conducting DDOS and CC attacks on the website.
The website’s system will be upgraded, patches will be applied to correct website vulnerabilities, a comprehensive security check will be conducted on the website’s security, and the website’s Trojan backdoor will be checked frequently to see if a website Trojan has been uploaded, and PHP script Trojan. Repairing website vulnerabilities and eradicating Trojan backdoors requires a lot of professional knowledge, not just knowledge, but also a lot of experience accumulation. Therefore, from building a website to protecting the website and protecting the server, try to find a professional website security company to handle it. Question, domestic security companies such as Sine Security, Green Alliance, and Venus Dou are relatively professional.
If you know the server well, you can also make security arrangements for the folder permissions of the website, including some picture directories. , JS directory, and cache directory can all be set without script execution permissions. Some template folders can be set with read-only permissions to remove PHP's running permissions. Update the password of the server frequently, change the backend address of the website, do not use the default backend address named admin, manage, houtai, etc., strengthen the password of the administrator account of the website, and use a combination of numbers, letters, and uppercase letters.

Related tutorials: Website Construction Guide Video Tutorial

The above is the detailed content of What should you do if your company website is hacked? (Solution). For more information, please follow other related articles on the PHP Chinese website!