then we can access the web access log view, find out the Trojans IP address of record, according to the query to the IP address, once again see hackers also visited what pages, these pages check whether there are other loopholes.
general hacking site is adding code in the web page Trojan cultivation, allowing users to open automatically when browsing the site and download the Trojan program, some Trojans will automatically add a line of code behind all web documents: if the website, many documents, a clear hand is almost impossible. Then we can use "batch batch modify the software to delete the malicious code.
virtual host service timing backup server in the data association, if you are using virtual host the user space, you can also contact the space business data backup.
(4) Trojan detection
(3) patch vulnerabilities
(2) use the backup and recovery
check If the
file is damaged or deleted hacker website, if the advance through the website data backup, you can directly use the backup file to restore, in case there is no backup to backup data is very important, do not propose to conduct any operation, please immediately dedicated to data recovery company trying to restore the hard disk in the server data.
webmaster can modify the time according to the page file to determine whether it is implanted Trojan, is look at all the changed files change date, because it is a Trojan modify these pages, so they are very close to the date of change. Then query the latest date the new ASP, ASPX, ASA file, the file or delete the abnormal segregation. Program site file will automatically detect, after test will show the safety report.
first find sites that exist Trojan code, then download and unzip.
website was hacked, the most common situation is to be implanted Trojan, in order to ensure the safety of visitors, you must first close the site, to be processed after opening. When closed can temporarily turn to other domain name address, such as the establishment of a website now, or place a notification page.
when the program vulnerability was announced, the official program will release patch files, only need to program the official website to download the relevant documents, in accordance with the instructions uploaded to the web space coverage of the original documents. If do not appear to be related to the patch, you can temporarily disable or delete some files function.
can also use "Trojan detection tool specifically for inspection, some Trojans detection software need to pay attention to the more demanding, some components of the file and the backstage management procedures will also be included in the dangerous file, need to be carefully identified in use.
batch repair "
(1) to temporarily shut down the site