As an SEO practitioner, optimizing the website to the homepage is a criterion for testing our SEO level (keyword index that is too small does not count). However, we will encounter various situations when optimizing the website, such as: the website enters the sandbox period , the website is downgraded (Editor Feng Chao has mentioned this before), the website is hacked and attacked, etc. These are emergencies we will encounter when optimizing the website. Feng Chao also encountered this when he first started working in the SEO industry. A few days ago, someone said in the group, what should I do if my website has been hacked? After reading it, I remembered that when I was doing website optimization, I was also hacked by Trojan horse. So, editor Dongguan SEO Feng Chao plans to write an article about how to deal with website attacks and Trojan horse hacking? How to detect if a website is hacked? I hope this article can help you.

1. How to deal with a website being attacked and infected with Trojan horses?

1. First, change the folder permissions where the website is located to the minimum, that is, only retain the read and write permissions, and do not select other permissions for the time being (if you cannot change it yourself, please contact the space provider). Now you are dealing with the problem, as long as you can access it normally, it will be fine. After changing the folder permissions, hackers will not be able to tamper with your page again even if they leave a backdoor, which prevents new problems from arising before you solve old ones.

2. Find the page that has been infected with Trojan horse (there may also be backdoor files) and delete or replace it. The simplest way is to replace the current file with the file you backed up before. To ensure that every page can be replaced, you can clear the space before uploading. Some people may wonder why you need to clear the space first. One reason is that the hacker is likely to upload his own backdoor file, so even if you use the replacement method, it will be useless; the other reason is that the hacker is likely to lock the page where he has installed a Trojan horse, making it impossible for you to replace the file by overwriting it. Therefore, clearing the space first can not only delete possible backdoor files but also completely replace every page that may be infected with Trojans.

In fact, the best way is to directly change a space, so that when you upload the backup file, it will definitely not be infected by Trojans. If you are unlucky and don't have backup files, it will be very troublesome. You can use the prompt information of the antivirus software to find the pages that may be infected with Trojans. Of course, it is best to find a professional to help you deal with it. If you don't deal with it, it will be useless even if you change the space, because you are just changing the soup but not the substance. When you change the space, you will also bring the Trojan horse over.

3. Check whether your account password is too simple. The account password here includes any security-related account passwords such as space FTP, website background and database. Do not use the domain name directly or indirectly as the account and password. It is best to use a combination of uppercase and lowercase. If it is too simple and easy to crack, please change it immediately. After adjusting the account and password, check whether the website's management backend directory is the default. If it is the default, such as admin, please make changes to prevent hackers from invading from the backend.

2. In addition to website web pages being hacked, the website may also encounter other situations where the website is hacked. How to deal with it when the website is attacked and hacked?

1. Js file Trojan:

When I first started working in Internet SEO website optimization, because the company's website was copied from someone else's company, after modifying and processing the website template and going online for a few days, I found that when the website was opened (content page), it would automatically jump to the other party's website, resulting in the problem of jumping after the website was launched. It took a long time to investigate and finally found the jump content in a js file. If your website has a redirect problem and you can't find the redirect file in the web page source code, you can check the content of your js file. On most platforms that are attacked by websites, js files are mostly infected with Trojan horses and are not easily discovered by website operators.

2. Database intrusion: For platforms whose websites are attacked by databases, website database intrusion is a very troublesome problem. The only way to deal with it is to delete the invaded database content. However, for some optimization and operation personnel who have little knowledge of website programs and databases, it is more difficult to delete the invaded content in the website server. If the database is hacked, the optimization or operation personnel should contact the website's space host as soon as possible and ask the space host whether there is a backup file of the website. If there is a backup file, the host can restore the backup information. If there is no backup file, you will have to find a professional and experienced programmer to process the database content.

3. Traffic attack: For example, the DDoS distributed IP traffic attack that everyone is familiar with uses different terminal devices to access the website for a long time at the same time, causing the website's server to be unable to process the data information requests from various users to access the server at the same time, resulting in the crash of the website server, making the website unable to be accessed normally for a long time. Whether you are a webmaster or an operation and promotion personnel, when the website is attacked by traffic and cannot be opened, you should contact the hosting service provider as soon as possible to solve the problem of the website not being able to open.

3. How to detect whether the website is infected with Trojans? 5 tips to detect if your website is hacked:

1. Check your own domain name without 3W to see if it has been maliciously resolved.

2. Pay more attention to whether there are new abnormal articles generated in the root directory of the website (check by file modification time);

3. Use webmaster tools more often to check your own friendly links. If there are some extra links for no reason and they are not added by you, 90% of the time you have been hacked;

4. Look at the source code more often. Many low-level hacking methods such as black links can be seen in the source code;

5. There is a tool called broken link detection in the webmaster tools, which is very useful for detecting hidden links. If a link that cannot be seen in the source code is detected, 99% of it has been infected with Trojan horses.

5 common website Trojans:

1. Trojan horse in pictures;

2. Framework Trojan

3. JS Trojan

4. global.asa Trojan

5. IFRAME Trojan

Summary: Although the above briefly introduces four methods of dealing with website attacks and Trojan horse hacking and how to detect whether a website is hacked, as SEO website operators and promoters, we must have a good awareness of website security protection, avoid or reduce the direct economic losses caused by normal website visits due to website attacks or Trojan horse hacking, and strengthen security awareness for the website.

People who read this article also read:

Why was the website penalized? What should I do if my website is punished?

What are the common black hat SEO cheating methods?

Website login URL submission entry for major search engines