Since ASP itself is a tribute service function provided by the server, especially since the recent UPFile file has experienced vulnerability, its high concealment and difficulty check the killing properties have caused serious threats to the security of the website. Therefore, the prevention and clearance of the ASP Trojan has put forward higher technical requirements for network management personnel.
The following is the relevant content of 10 suggestions for the use of ASP for website development to prevent the ASP Trojan horses. The tutorial mainly describes some technologies and knowledge related to the development of the website of the website. For more content, please visit http://www.vevb.com , Get more latest tutorials, the following is the tutorial explanation:
Since ASP itself is a tribute service function provided by the server, especially since the recent UPFile file has experienced vulnerability, its high concealment and difficulty check the killing properties have caused serious threats to the security of the website. Therefore, the prevention and clearance of the ASP Trojan has put forward higher technical requirements for network management personnel.
Several large programs were found to have loopholes in uploading, and there were countless applets. The ASP Trojan occupied the mainstream and was widely used. Presumably, if you are a server, you must have a headache. In particular Users of virtual hosting have encountered the experience of web pages and deleted data. In addition to this behavior, many customers suffer from effective preventive measures without acting. In view of the invasion of most websites, the ASP Trojan is done, this article is close to this article so that ordinary virtual host users can better understand and prevent the ASP Trojan. Only space vendors and virtual host users can effectively prevent the ASP Trojan!
First of all, let's talk about how to prevent it. When it comes to preventing the principle of preventing the ASP Trojan, I don’t talk about the avenue. , And even some ASP Trojans were modified by the ASP website management program. For example, our common ASP webmaster assistant, etc.
It is not essentially different from other ASP programs. As long as it can run ASP space, it can run it. This nature makes the ASP Trojan very difficult to be found. The difference between it and other ASP programs is that the ASP Trojan is an ASP program that uploads to the target space and help the invaders to control the target space. Severely obtain the authority of the server administrator. If you want to prohibit the operation of the ASP Trojan, it is equivalent to prohibiting the operation of ASP. Obviously, this is not possible. This is why the ASP Trojan horses are rampant! Someone wants to ask if there is no way to ask if there is no way. Where, no, there is a way:
First: From the source, how does the invaders upload the ASP Trojan? Generally, there are several methods. Through the SQL injection method, obtain the administrator permissions, and write the ASP Trojan to the server through the function of backing the database. Or enter the background through the loopholes of the upload function of the ASP program, upload Trojan, and so on. Of course, under normal circumstances, these ASP programs that can upload files can be limited with permissions, and most of them also limit the upload of ASP files. (For example: you can upload pictures of pictures, picture management programs, and forum programs that can upload more types of files.) If we upload the ASP Trojan, we will find that the program will have a prompt that cannot be uploaded directly. However, due to the artificial ASP settings error and the loopholes of the ASP program itself, the invaders can take the opportunity to upload the ASP Trojan.
Therefore, the focus of preventing the ASP Trojan is how the virtual hosting users ensure the security of the ASP upload program in their space. If you use other people's procedures, try to use a more famous large program. And try to use the latest version as much as possible, and often go to the official website to view the new version or the latest patch, and the default path of those databases. The administrator's password is default. You must change it to form the safety of the habit of ensuring the procedure.
Then if you are a programmer, one thing I want to say is that we should also write as much as possible from a security perspective on the website program. The appear, involving the user name and password connected to the database should give the minimum permissions; the verified ASP page needs to be tracked on the file name of the previous page. Only the sessions transferred from the previous page can read this page. Prevent ASP homepage .inc File leakage problems; prevent the problem of editor such as UE and other editors from generating the problem of leakage such as SOME.ASP.BAK files, etc. In particular, pay special attention to the upload function
The above is only some requirements for customers, but because the space dealers cannot foresee what procedures will upload in their own sites, and whether each program has vulnerabilities. ASP Trojan's behavior. Space vendors can only prevent the invaders from using invasive sites to invade other sites on the same server. This also shows that it is necessary to prevent ASP Trojan, and virtual host users must strictly control their procedures!
For this reason, I summarized the top ten principles of the ASP Trojan for your reference:
1. It is recommended that users upload and maintain the webpage through FTP, and try not to install the upload program of ASP.
2. The call of the ASP upload program must be authenticated by identity, and only allows people who trust to use the upload program.
This includes various press releases, malls and forum programs, as long as the ASP that can upload files must be authenticated!
3. The username and password of the ASP program administrator must have a certain complexity, not too simple, but also pay attention to regular replacement.
4. Download the ASP program on the regular website. After downloading, the database name and storage path must be modified. The database file name must also be complicated. It is recommended that our company's customers use the database file extension of the .mdb, because our company's server sets the .mdb file to prevent download function.
5. Try to keep the program as the latest version.
6. Do not add the background management program to the page to log in to the page on the webpage.
7. In order to prevent the programs from unknown vulnerabilities, you can delete the login page of the background management program after maintenance, and then upload it through FTP next maintenance.
8. Back up important documents such as databases.
9. Maintain more daily, and pay attention to whether there are unknown ASP files in the space. Remember: a point of sweat, change a point of safety!
10. Once they are found to be invaded, unless they can identify all Trojan documents, all files are deleted.
Before uploading the files, all ASP program user names and passwords must be reset, and the program database name and storage path and the path of background management program must be re -modified.
To take the above preventive measures, your website can only be said to be relatively safe, and you must not neglect as a result, because invasion and anti -invasion are an eternal war!
Use ASP to develop a website to prevent 10 suggestions from the ASP Trojan horses. Here is here. Welcome to browse other contents of this site. Click here to return to the homepage