In the operation and maintenance work, in order to ensure the normal operation of the business, the security of the system is strengthened, and the configuration of security products to resist external malicious attacks is a very important part of the operation and maintenance work. Hackers often use weak passwords and various system vulnerabilities, and software vulnerabilities penetrate the server remotely, resulting in business interruption, which may affect the operation of the whole company even more seriously.
So in the face of such a "rampant" Trojan virus, do we have any solutions? Of course! The following section introduces some general methods from the aspects of defense before poisoning and killing after poisoning, so as to avoid the harm of Trojan virus.
How to effectively defend against trojans
1. Secure the passwords of all accounts, mainly including the following passwords
It is recommended that the password length be no less than 8 characters and that the combination of uppercase letters, lowercase letters, numbers and special characters be used.
2. Reinforcement system
Hide the website background. Try to use a multi character website background directory name on the premise of ensuring the normal operation of the website. An example is shown below.
/mamashuomingziyaochangyidianheikecaizhaobudao/
Timely update the vulnerability repair patches of the operating system and applications.
3. If the business is deployed on the public cloud, it is recommended to configure certain security products
Take Alibaba Cloud for example:
It is recommended to configure the Anqi for host protection (the price is relatively cheap), which can help query the system vulnerabilities and give repair suggestions.
If the enterprise budget can be configured with a web application firewall, it can prevent hackers from using website application vulnerabilities to invade the server. Once new vulnerabilities are found, the protection rules will be updated immediately to prevent hackers from using new vulnerabilities to invade the website.
How to quickly kill the infected virus
After the server is confirmed to be invaded, do not mess up and take steps implement The following operations:
1. Modify the password of the system administrator account
It is recommended that the password length be no less than 8 characters, and that the combination of uppercase letters, lowercase letters, numbers, and special characters be used.
2. Modify the remote login port
Turn on the firewall to limit the IP addresses allowed to log in. The firewall only opens specific service ports. It is recommended to control the source IP access of FTP, database and other services that do not need to be open to all users.
3. Check whether there are open unauthorized ports
If so, close the unauthorized ports.
Windows operating system: On the CMD command line, enter the netstat/ano command to check the port.
Linux operating system: execute the netstat – anp command to view.
4. Check whether there are strange abnormal processes running
If yes, close the process and confirm with the server administrator whether the file used by the exception process can be deleted.
Windows operating system check: Select Start>Run, enter msinfo32, select Software Environment>Running Task, and check.
Linux system check: View by executing the ps - ef or top command.
5. Install anti-virus trojan software to scan and kill all viruses on the server
If you need to delete an unknown account in the system, the Windows system also needs to check whether the SAM key value in the registry has a hidden account.
If there is a web service, the access permission of the web running account to the file system is restricted, and only read-only permission is open.
