What if the purchased BGP server is attacked? How to deal with it? In the powerful BGP The server cannot avoid malicious attacks. Even if its own security is perfect, it may still be paralyzed by attacks. Not only large enterprises, but also many small and medium-sized enterprises are facing such problems. that As operation and maintenance personnel, in addition to routine operations such as maintaining system security and repairing known vulnerabilities, they also need to know what to do when and after an independent BGP server is attacked, so as to reduce possible losses and impacts. Then the purchased BGP The server What about being attacked? How to deal with it? To solve this problem, today's Micronet will take you to have a look, hoping to help you solve some server problems.
First of all, if we find that the BGP server has been invaded, we should immediately shut down all website services and suspend them for at least 4 hours. At this time, many webmaster friends may think, no, the website has been closed for several hours, so how much loss should it be? But you want to think, is it a phishing website that may be modified by hackers that will cause great losses to users, or is it a website that has been closed that will cause great losses? You can skip the website to a single page temporarily and write some announcements about website maintenance.
Secondly, Micronet recommends that you download the BGP server log for specific analysis and conduct a comprehensive anti-virus scan of the BGP server. This process takes about 1-2 hours, but it is a must. You must confirm whether the backdoor trojan program is installed on the BGP server. At the same time, you must analyze the system log to see which websites hackers have passed and which vulnerabilities have entered the BGP server. Find and confirm the source of the attack, and save the website where the hacker hangs his horse and the screenshot of the black webpage that has been tampered with, as well as the individuals that the hacker may leave behind IP or proxy IP address.
Next, the Windows system will have the latest patches, followed by MySQL or SQL database patches, PHP, IIS, serv-u, not to mention those things that often have vulnerabilities, and some virtual host management software used by IDC.
Next, we will close all suspicious system accounts, especially those with high privileges! Reset the permissions of all website directories, close the executable directory permissions, and perform unrestricted operations on image directories and non script directories.
After completing the above steps, you need to enter the administrator account password and database management password, especially the SQL The sa password and the root password of MySQL. You should know that these accounts have special permissions, and hackers can obtain system permissions through them!
The BGP server of the website usually intrudes through website vulnerabilities. You need to check the website program (combined with the above log analysis), strictly check and handle it, and upload and write All websites of the shell. If the attack mode used by the attacker cannot be completely determined, the system needs to be reinstalled to completely eliminate the attack source.
The following points are the summary of Micronet about how to deal with the attack on the purchased BGP server and how to deal with the attack. If you still don't know anything, please contact us. If you have more questions about BGP server, please consult Micronet. Micronet is an IDC service provider focusing on the rental and hosting of BGP servers. With more than 10 years of industry experience, it is safe, stable, reliable and reassuring. It is a leading enterprise in the domestic IDC industry. It helps thousands of enterprises to achieve network informatization, 7 * 24 hours of manual service, after-sales care free, and has a good reputation.
BGP server rental: hopechilam.com
