前几日网站被黑,小编清理之余总结了一套安全防护的方法。一个个文件清理黑链显然不现实,稍不留神就会漏掉一两个清理不干净。下载了数据库认真检查,幸好数据库没有问题。于是,我就重新安装了一个新的网站程序,连接原来数据库,再慢慢一步步恢复网站原来的设置。一共花了两天时间,才把三个网站恢复正常。而且我已经把三个网站分别放在不同IP地址的空间上,避免一旦网站被黑,连带牵连其余受到破坏的情况。
Several days before the site is black, a small series of clean-up summary of a set of safety protection method. A file to clean the black chain is clearly unrealistic, a little bit of the one or two will not be careful to clean up. Download the database carefully check, fortunately, the database is not a problem. So, I have to re install a new site program, connect to the original database, and then slowly step by step to restore the original site settings. It took two days to recover the three sites. And I have three sites on different IP address space, to avoid once the site is black, and the rest of the damage to the rest of the situation.
下面小编总结了几点,如何做好对网站的安全防护:
The following summary of a few points, how to do a good job on the site's security:
设置非默认后台登陆路径。尽量不要使用默认的后台登陆路径,登陆密码的组合尽量复杂,建议是大小写字母加数字加标点符号,登陆最好需要填验证码。
Set the default background landing path. As far as possible not to use the default background landing path, the combination of password, as far as possible, it is suggested that the size of the number of letters plus a number of punctuation, landing the best need to fill out the verification code.
做好网站的数据库和程序备份一定要养成良好的习惯。例如wordpress程序,可以安装自动备份插件,定时备份数据库和整站程序发送到你设定的电子邮箱。避免发生什么意外,你也可以通过备份恢复网站。这一点对于新手来说尤其疏忽,通常要经历一两次被黑站才会重视。
Do website database and program backup must develop good habits. For example, WordPress program, you can install the automatic backup plugin, timing backup database and ZhengZhan program to send to set your electronic mailbox. To avoid any accident, you can also restore the site through a backup. This is especially for the novice, it is usually going through one or two times to be black.
安装过滤插件和验证码插件过滤垃圾评论和恶意评论一些评论可能带有恶意代码,一旦直接提交到后台数据库而没有被过滤,****程序直接进入数据库,后果可想而知。
Installed filter plug-in and verification code plug-in filter spam and malicious comments on some of the comments may with malicious code, once submitted directly to the database and is not filtered, * * * * programs direct access to the database, the consequences can be imagined.
主机空间选择原则上,为了安全可靠问题。选择最贵的主机作为自己网站空间,大家心里都知道,便宜没好货,好货不便宜。一个几十块钱一年的空间和一个几十块钱一个月的空间差别可是相差甚远。无论是主机配置、打开速度、安全防护、客服反应处理问题的速度、主机商的诚信度,都直接体验在价格差异上。建议有能力的朋友选择价格高的主机。
Host space selection principle, in order to secure and reliable problem. Choose the most expensive host as their own web space, we know that the heart is not good, good goods are not cheap. A few dollars a year in space and a dozens of pieces of one month space but far difference. Whether the host configuration, open speed, security, customer service response processing speed, the host's integrity, are direct experience in price differences. Recommended by the ability of a friend to choose a high price of the host.
分散放置不同网站空间不要把所有网站都放在一个主机空间内,避免主机一旦被****入侵,整个主机上的网站都会被黑。分散在不同IP地区的主机放网站会比较安全,不要把所有鸡蛋都放在一个篮子里,这是保险的做法。
Scattered placed different website space don't put all sites within a host space, avoid once the host is * * * * intrusion. The host site will be black. Dispersed in different regions of the host IP site will be relatively safe, do not put all eggs in one basket, which is the practice of insurance.
域名解释的管理后台做好保密最好能有后台登陆的短信或邮件提醒。发现不正常的登陆可以马上制止避免域名被转移或泛解释。
Domain name to explain the management of the background to do a good job security is best to have the background of the landing SMS or e-mail reminder. Found abnormal landing can be stopped immediately to avoid domain name is transferred or pan interpretation.
就写上以上几点吧,其实对于网站安全防护来说远不止这些。但上述也是站长们容易做到却又经常被忽略的。切忌网站在发展上升高峰时,被自己疏忽的安全意识而导致网站遭殃。
To write more than a few, in fact, for the site security is far more than these. But the above is also easy to do the webmaster, but often overlooked. All sites in the rising peak, is safety awareness of their own negligence caused the site.
鲁公网安备 37010202002295号 版权所有