ASP Trojans and other ASP programs are not essentially different, as long as it can run ASP space can run it, this nature makes ASP Trojans very difficult to detect. Even good anti-virus software may not be able to detect whether it is an ASP Trojan or a normal ASP website program. To this end, to deal with this virus, can only take effective measures to prevent?
First: start from the source, how do intruders upload asp Trojans? Generally, several methods, through sql injection means, to obtain Administrator privileges, write the asp trojan to the server by backing up the database. Or enter the background through the asp program upload function vulnerabilities, upload Trojans, etc. Of course, under normal circumstances, these asp programs that can upload files are restricted, most of which limit the upload of asp files. (For example: news release, image management program, and forum programs that can upload more types of files, etc.) If we upload the asp trojan directly, we will find that the program will prompt you to upload it directly. However, due to the artificial asp setting error and the vulnerability of the asp program itself, the intruder can take advantage of the opportunity to upload the asp Trojan.
Therefore, the main point of preventing asp Trojan is how to ensure the security of the asp uploader in your space. If you use someone else's program, try to use a large-scale program that is famous. Less, and try to use the latest version, and often go to the official website to check the new version or the latest patch, and the default path of those databases, the administrator password default, must be changed, form a habit to ensure the security of the program .
So if you are a programmer, what I want to say is that we should try to write a program that involves usernames and passwords from a security perspective. It is best to package it on the server side, as little as possible. Appears in the ASP file, the user name and password connected to the database should be given the minimum permissions; need to verify the ASP page, can track the file name of the previous page, only the session from the previous page can read this page. Prevent ASP homepage .inc file leakage problem; prevent UE and other devices from generating some.asp.bak file leakage problems, etc. Especially the upload function must pay special attention to
The above is only some requirements for customers, but the space provider cannot foresee What kind of programs are uploaded by the virtual host users on their own sites, and whether each program has a vulnerability, so it cannot prevent the intruder from exploiting the behavior of the client itself in the site to upload the asp Trojan. Space providers can only prevent intruders from using the compromised site to re-invade other sites on the same server. This also shows that to prevent asp Trojans, virtual host users must strictly control their own procedures!
This small series summarizes the ten principles of ASP Trojan prevention for your reference:
1, recommended users through ftp To upload and maintain the webpage, try not to install the asp uploader.
2, the call to the asp upload program must be authenticated, and only allow trusted people to use the upload program. This includes various news releases, malls, and forum programs. As long as you can upload files, asp must be authenticated!
3, asp program administrator's user name and password must have some complexity, not too simple, but also Pay attention to regular replacement.
4, to the regular website to download the asp program, after downloading to modify the database name and storage path, the database file name must have a certain complexity. It is recommended that my company's customers use the database file extension of .mdb, because our company server has the .mdb file anti-download function.
5, try to keep the program is the latest version.
6, do not add a link to the background management program landing page on the page.
7, in order to prevent the program from unknown vulnerabilities, you can delete the login page of the background management program after maintenance, and then upload it via ftp during the next maintenance.
8, you should always back up important files such as the database.
9, daily maintenance, and pay attention to whether there are unknown asp files in the space. Remember: a sweat, change a safe!
10, once found to be invaded, unless you can identify all Trojan files, delete all files. Before re-uploading files, all asp program usernames and passwords must be reset, and the program database name and storage path and the path of the daemon should be re-modified.
Being the above precautionary measures, your website can only be said to be relatively safe, and you must not neglect it because the invasion and anti-invasion are an eternal war!