How should a server administrator respond to a web Trojan

all the time. For the web server administrator. The most headache is website vulnerabilities. By some so-called "hackers". Upload webshell (web Trojan). Then modify the website source. Hang Trojan. Lead to the site really browsing in the Trojan. Or be heavily pop. Serious will be downloaded exe executable file. Directly implanted Trojan. Let the real users to browse the website. So that web traffic greatly decreased.

for a web server. There have many websites. Users are already uploaded. The site has no loopholes in the.Web server administrator is not known. Even if each at the server site to create a new IIS account. This can avoid cross invasion. But there are flaws in the directory or site will be invaded.

recently a friend recommended a "sword son Trojan server monitor", can be good to avoid the invasion site horse. Let’s take a look at the overall screenshot of the software,


on the left, first add the site directory address you want to monitor. Because this software supports subdirectories. So you can choose the upper directory. If we put all the websites on the D:www server. So all of the sites in the WWW directory. We just need to add the D:www directory into the line. Then choose the right that all contain subdirectories under the WWW site will be protected. Select the directory monitoring, we should choose to find the Trojans the characteristics of sending mail "and" Trojan feature name protection ", the two is what mean.

1. found Trojan features to send mail.

is just in the monitored directory or subdirectory. Hackers upload files or modify the site source code, Trojan features. The software sends an email to the specified mailbox. Come and tell you. Now, the source code under your server’s Web site has been modified, with the characteristics of a Trojan horse. You’ll know for the first time.

2. found Trojan features renamed protection

Send mail from

above. So, if I don’t have the time, go to server processing right away. Check this out. As long as you find the modified source code, Trojan features. Will be renamed the XXX.txt suffix file, so even if the hacker in the source code to join the Trojan can not run. Because the source file has been renamed.Txt suffix.

, we can start clicking on the monitor,..

, let’s try the effect. As long as you find a Trojan horse, it will pop up a bubble prompt. Is it really good,.




, you see >