|
||||||||
|
||||||||
|
|
Công Cụ | Xếp Bài |
|
06-05-2014, 10:36 AM | #1 |
Guest
Trả Lời: n/a
|
Làm gì khi server của bạn bị Hacked, compromised?
Làm gì khi server của bạn bị Hacked, compromised? Working with a hacked or compromised serverArticle Contents
Remember that it is your responsibility to maintain the security of any scripts or applications you choose to install and use on your hosted service. For more details, please read our Statement of Support. Overview An exploited or hacked server is one that is no longer fully under your control. Someone else is now partially controlling your server and using it for their own purposes. Here are some common reasons to exploit a server:
How can my service be exploited? There are two primary ways a server may be compromised:
Many times, customers may not notice that they have been compromised until they are contacted by the (mt) Media Temple Abuse Department. However, if you follow our Advanced Guides regarding checking to see if your service has been compromised you may be able to see some of this activity yourself. What steps can I take to prevent my service from being hacked? Use Strong Passwords Be sure to use strong passwords. This would include passwords for the AccountCenter, Plesk, your root password, etc. The stronger the password the better protected your service will be. GRC (Gibson Research Corporation) provides a free tool that will generate strong passwords for you. Use Secure Protocols When connecting to your services, it is best to use secure connections whenever possible. This would include SSL connections for email, and using SFTP instead of the more common FTP protocol. You can learn more about using secure connections for these services by reading the following guides: Maintain Regular Backups Be sure to backup your data on a regular basis. If a domain, or your entire service, becomes compromised, it may go un-noticed for a while. You would not want to restore a compromised backup. You always want to restore from the last known clean backup. Harden your PHP Settings Just making a few changes to your php.ini file can greatly increase the security of your service. Here are a few settings we recommend: If you are not sure how to edit your php.ini file, you can use the following guides: If you want to set these configurations differently for each domain, you will want to use a .htaccess file: Working with third-party applications When you are working with third-party software such as Wordpress, Drupal, Joomla please consider these points. This is also very important with applications that rely on plug-ins for extended functionality.
Tham khảo: http://kb.mediatemple.net/questions/...ised+server#gs |
|
|