Internet’s official guideline for website hacking prevention released. A website being hacked is a common phenomenon in Internet searches. It usually manifests as a large number of similar gambling content not released by this website, or the website page directly jumps to the gambling page. So how to deal with the website standing hacked? And how to prevent the website from standing hacked?
Here are the articles to explain, how to deal with a Website being Hacked like WordPress or Else
Tonight, the Internet search resource platform sorted out some common processing methods, let’s take a look below.
Timely discovery and self-examination of the website being hacked
Monitor the display of search results
- By searching the core keywords of the website, pay attention to the display of the search results. If the website displays the risk warning words “Security Center Reminds You” in the Internet search results, there is a risk that the website has been hacked.
- Search the domain name of the site through the site grammar, combined with some common pornography and gambling vocabulary, the search results display illegal pages that do not belong to the website, illegal titles, abstracts, etc.
Monitor abnormal changes in website traffic
Pay attention to search resource platform tools [Index Volume], [Traffic and Keywords], whether there is a sudden increase or drop in data, and at the same time analyze keywords and links through [Traffic and Keywords] – Popular Keywords/Popular Pages, whether they involve gambling or pornography;
Locate traffic interception or abnormal jump
Due to a large number of Internet search users, some hacker attacks only target the Internet search engine, that is, abnormal jumps occur only when Internet searches. Normal access, whether there is an abnormal jump.
Quickly solve the problem of the website being hacked
The hacking of the website indicates that there may be serious loopholes in the security of the website itself, and technicians should quickly take measures to repair it to prevent it from standing hacked again.
At the same time, website operators also need to carry out some resource maintenance and prevention work:
Clean up the hacked content in time (very important)
Organize hacked website resources
Through the search resource platform [traffic and keywords] tool query, site grammar search, etc., at the same time, you can analyze and find out the possible hacking time, compare it with the file modification time on the server, and clean up the files uploaded and modified by hackers.
Note: The possible hacking time can determine from the access log. However, hackers may also modify the server’s access logs.
Set hacked pages to 404
Clean up all the hacked content found, and also set the hacked page as a 404 dead link. Hacked pages cannot redirect to the home page.
Submit dead link
The full amount of 404 dead link data stood submitted through the Internet search resource platform – [Broken Link Submission] tool and attention pay to the capture and effectiveness of dead links.
Involves page changes
If there is any page change on the website, it recommends using the [Link Submission] tool to submit the changed page data to Internet Search promptly.
Stop website service
If necessary, the website service can stop immediately to prevent users from standing affected and other sites.
Three safety protection suggestions
The website system frequently patches to keep the website
The latest version of the platform and software.
Nowadays, many information websites use content management systems (CMS) in their systems. The more common content management systems (CMS) have a problem, that is, vulnerabilities are relatively popular, because the source code is public, so it is easy to research. It is necessary to repair the vulnerability of the website program in time.
Security protection for the server
- Set the website permissions on the server and divide them reasonably
- Configure read, write and execute permissions, prohibit malicious modification of files, and hide or migrate background files outside the root directory.
- Ensure the security of server passwords to avoid issues such as weak administrator passwords.
It does not recommend using the default
The picture below is the robot file of an information site in a prefecture-level city. From the robots file, it can see that the website uses the Dreamweaving background, so hackers can use various software targeting Dreamweaving attacks to operate, or they can Scanning and target attacks on the common vulnerabilities of the Dreamweaving website.
Transform HTTPS to strengthen website security
HTTPS stands mainly composed of two parts: HTTP+ SSL / TLS, that is, a module for processing encrypted information added on top of HTTP. The information transmission of the server and the client will stand encrypted by TLS, so the transmitted data is all encrypted data.
The complex encryption mechanism of HTTPS effectively increases the security of the website. The encryption mechanism and authentication mechanism can reduce the risk of website hijacking and counterfeiting. Also, It recommended that webmasters can strengthen website security by doing HTTPS transformation.
Scan the code to view related information about HTTPS transformation:
Other security measures
- Close unnecessary ports as much as possible to prevent port intrusion. Turn off or limit unnecessary uploads.
- Install official and authoritative third-party server protection software, and set up security measures such as firewalls.
- Regularly check server logs to see if there is any suspicious access, and make relevant data backups.