Recommended: ASP instance: Implement sending ordinary attachments and embedded attachments by email Many examples of JMail sending emails on the Internet do not write about how to send attachments, or do not write about how to send embedded attachments (such as embed attachment images into HTML letters). In fact, the most important thing is to comment out this sentence 'JMail.ContentType = te
Since ASP itself is a tribute service function provided by the server, the asp Trojan is highly concealed and difficult to detect and kill, posing a serious threat to the security of the website. Therefore, the prevention and removal of ASP Trojans has put forward higher technical requirements for network administrators.
Several large programs were found to have upload loopholes, and countless mini programs were even more numerous, which made the asp Trojans dominate the mainstream and widely used. I believe that if you are a server, you must have a headache about this. In particular, users of virtual hosts have encountered the experience of web pages being tampered with and data being deleted. In addition to hating such behavior afterwards, many customers have suffered from the lack of effective preventive measures. Given that most website intrusions are done using asp Trojans, this article is featured to enable ordinary virtual host users to better understand and prevent asp Trojans. Only when space providers and virtual host users take preventive measures together can they effectively prevent asp Trojans!
Let’s first talk about how to prevent it. When it comes to prevention, we naturally need to understand the principles of asp Trojans. I won’t talk about the main principles. Some online articles are, simply put, asp Trojans are actually website programs written in asp, and some asp Trojans are even modified by asp website management programs. For example, our common Asp webmaster assistant, etc.
It has no essential difference from other asp programs. As long as it can run asp space, it can run it. This property makes the asp Trojan very difficult to detect. The only difference between it and other asp programs is that the asp Trojan is an asp program that the intruder uploads to the target space and helps the intruder control the target space. In serious cases, it will obtain the permissions of the server administrator. To prohibit the operation of the asp trojan, it is equivalent to prohibit the operation of the asp. Obviously, this is not feasible. This is also the reason why the asp trojans are rampant! Someone is asking, is there no way? No, there is a way:
First: Starting from the source , how did the intruder upload the asp Trojan? There are several general methods: obtain administrator permissions through SQL injection, and write the asp Trojan to the server through the backup database function. Or enter the background to use the upload function of the asp program, uploading Trojans, etc. Of course, under normal circumstances, these asp programs that can upload files have permission restrictions, and most of them also limit the upload of asp files. (For example: a news release that can upload images, image management programs, and a forum program that can upload more types of files, etc.), if we upload an asp Trojan directly, we will find that the program will prompt that it cannot be uploaded directly. However, due to artificial asp setting errors and loopholes in the asp program itself, the intruders can take advantage of the opportunity to upload an asp Trojan.
Therefore, the key to preventing asp Trojans is how virtual host users ensure the security of asp upload programs in their space. If you are using other people's programs, try to use more famous large programs, so that there will naturally be fewer vulnerabilities, and try to use the latest version as much as possible. You should often go to the official website to view new versions or the latest patches, and the default paths of the database and the default administrator password, you must change it to form a habit to ensure the security of the program.
So if you are a programmer, I would like to say that we should also try to write programs involving usernames and passwords from a security perspective on the website program, and should be packaged on the server side, and should appear as little as possible in the ASP file. The usernames and passwords involved in the database connection should be given the minimum permissions; A verified ASP page can track the file name of the previous page, and only the session transferred from the previous page can read this page. Prevent the leak of ASP homepage.inc files; prevent the leak of some.asp.bak files from being leaked by UE and other editors, etc., especially the upload function.
The above is just some requirements for customers, but since space providers cannot foresee what kind of programs the virtual host user will upload on their site and whether each program has vulnerabilities, they cannot prevent intruders from using the vulnerabilities of the client program itself in the site to upload the asp Trojan. Space quotations can only prevent intruders from using the hacked site to hack other sites on the same server again. This also further shows that to prevent asp Trojans, virtual host users must strictly control their own programs! For this reason, I have summarized the top ten principles for ASP Trojan prevention for your reference:
Share: 10 experiences in ASP development After half a year, I completed the management information system of a bureau-level unit alone, and released a total of 29 BETA versions and 3 official versions. asp oracle environment, 285 ASP files, functions involve data entry, modification, fuzzy query, automatic statistics, data analysis and reporting.
2 pages in total Previous page 12 Next page