1 check the website’s code, check whether the hacker has placed a web page, Trojan horse and ASP Trojan, and whether there is a back door program in the website code.
2, check the security of the site code, check the presence of SQL injection vulnerabilities, upload file vulnerabilities and other common vulnerabilities to the site security vulnerabilities.
3 analyzes the logs of the server operating system, checks whether the system has been hacked, checks whether the Trojans have been installed, and what changes have been made to the system.
4, the server operating system on the latest patches, reasonable configuration and installation of common software applications (such as firewall, antivirus software and database), and server software updates for security, stability, good compatibility version.
5, the server operating system for rational allocation and optimization, off unnecessary system components, stop the risk of unnecessary services, disable dangerous ports, by running the minimum services to achieve maximum security.
6, the service port and prompt information for common applications are hidden and forged to prevent hackers from using scanner tools to obtain server information.
7, the reasonable configuration of
permissions, each site are equipped with independent Internet guest account, Internet guest account access is permitted only can read and execute operation of the site required procedures, only for Party A sites directory has read and write permissions, prohibit access to other directories, and limit the implementation of dangerous command, so even if hackers have to upload Trojans to a website directory, also cannot perform more, will not cause harm to the system.
Permission to run
8, lower SQL database and SERV-U FTP and other software services, stored procedure to remove unnecessary and dangerous MSSQL database, hackers use loopholes to prevent further invasion and enhance the authority, and through effective setup, to prevent overflow attack unknown.
note: the above maintenance items are only for servers on the windows operating system platform. The services involved in the installation of software, copyright issues resolved by the customer. Modify and write only the security aspects of the code involved in the customer’s website code, and do not modify and write any other part of the code on the client site.
server security maintenance project contact Q:976336