Website is linked to mining

1. First of all, check whether there are rendant fields in your database. If you keep linking, you can see which data is running. Then check whether there are rendant processes in the server. It is estimated that this situation is mostly caused by hanging horse or mining program.

2. The website has been hacked and the page has been changed
it's like one thing: a thief in your family has changed the content in your wallet, so the problem is

think about it, if you restore the number in your wallet, it will solve the problem
I think that's just a temporary plan to deal with the examination of daughter-in-law, right<
we all know that

in fact, the result is obviously the same as the reality.
the key is to search the whole family and check every corner.
analyze where the thief comes from.
where there are loopholes, back doors and secret organs, which are potentially dangerous.
of course, you don't know if someone else has your key.
so you don't even know The door locks have to be replaced
if you don't have the technology, you can find someone or a team with the technology to do the security check

even so, it may not be able to completely solve the hidden danger, is that the truth
think about it again
If I tell you that since you have been changed, you can change it back
just pretend you haven't been here
is that really OK

I wish you get rid of your troubles as soon as possible

3. Identify the black chain:
IIS7 website monitoring
test whether the website is hijacked, whether the domain name is blocked, website black chain and other information
black chain solutions
1. Modify the source code: these black chains have rich forms of expression, but they are always changing: they want to show their own websites. So, as long as you encounter a strange, messy website in the source code, you can ruthlessly delete them! Of course, if you are not sure, it is also feasible to ask the website procer to delete it
2. Stop inputting: contact the space provider, let the space provider set the company's website as non writable permission, and ask the other party to open it when it needs to be updated Use with caution, update is not easy)
3. Turn off FTP upload: ask the space provider to set "turn off FTP upload" on the host panel. Of course, it's OK to set it yourself, but use with caution, and it's troublesome to turn on the update again
4. Contact the space provider to make a detailed server security policy.

4. First of all, scan with anti-virus software, or use webmaster tools to detect, find out the location of the horse, and delete the malicious code
2. If you are familiar with the website code, you can check where the new code appears on the website, and then delete it. Website hanging horse is mainly for business interests, earning traffic, stealing game accounts and other purposes, in short, it is profitable. Generally, hackers will insert malicious code into the home page of the website, because the home page is the place with the most traffic. Log in to the website background, click the appearance, enter index.phop, check the code carefully, and compare with the source file of the database
3. Usually, we should form the habit of doing a good job in website database backup. When the website is attacked and cannot be protected, we can directly restore the database data. The website built by wodpress program is backed up by WP DB backcp plug-in, and needs to bind mailbox to receive website database information
4. Log in to the website with FTP tool, check the modification time of the website directory, and judge the hanging files by the time
5. If the above three methods can not detect malicious code, we can only use urlsnooper software to check and kill
6. The main common methods of hanging horse coding are frame type network hanging horse, that is, loading malicious code into each page through iframe statement. JS call type webpage mount JS mount is a kind of webpage Trojan horse hidden mount technology based on the principle of JS script file call. Picture camouflage hanging horse, camouflage call hanging horse.

5. After a period of time, you can always hear what websites are linked and what websites are hacked. It seems that invading and hanging horses is a very simple thing. In fact, the invasion is not simple, the simple thing is that the necessary security measures for your website are not well done. Conditional suggestions to find a professional website security sine security to do security maintenance. 1： Preventive measures: 1. It is suggested that users upload and maintain web pages through FTP, and try not to install ASP upload program. 2. The call of ASP upload program must be authenticated, and only trusted people are allowed to use the upload program. This includes a variety of news release, mall and forum programs, as long as you can upload files to the ASP must carry out identity authentication! 3. ASP program administrator's user name and password must have certain complexity, not too simple, but also pay attention to regular replacement. 4. To download the ASP program from the regular website, the database name and storage path should be modified after downloading, and the database file name should also have certain complexity. 5. Try to keep the program up to date. 6. Do not add a link to the landing page of the background management program on the web page. 7. In order to prevent the program from having unknown vulnerabilities, you can delete the login page of the background management program after maintenance, and then upload it through FTP ring the next maintenance. 8. Always back up the database and other important files. 9. Daily maintenance, and pay attention to whether there are unknown ASP files in the space. Remember: a sweat, for a safety! 10. Once found to be invaded, unless they can identify all Trojan files, or to delete all files. 11. Regular security detection of the site, the specific use of some online tools, such as sinesafe website hanging horse detection tool! 2： Hang horse recovery measures: 1. Modify the account password, whether it is commercial or not, the initial password is mostly admin. So the first thing you get from a website program is to "change your account password.". Do not use the account password before you are used to, for some special. Try to put the letters, numbers and symbols together. In addition, the password should be more than 15 digits. If you use SQL, you should use a special account password. Don't use admin, or you will be easily invaded. 2. Creating a robots.txt robots can effectively prevent hackers who use search engines to steal information. 3. Modify the background file step 1: modify the name of the verification file in the background. The second step: modify CONN.ASP to prevent illegal downloading. You can also modify CONN.ASP after encrypting the database. The third step: modify the acess database name, the more complex the better, if you can change the directory where the data is located. 4. Restrict login background IP this method is the most effective, every virtual host user should have a function. If your IP is not fixed, please change it every time. Security first. 5. The custom 404 page and the custom transmission of ASP error information 404 can let hackers batch search some important files in your background and check whether there are injection vulnerabilities in the web page. ASP error well, may be unknown to the other party want to send information. 6. Carefully choose the website program, pay attention to whether there are loopholes in the website program itself, you and I should have a balance in mind. 7. Careful upload vulnerability it is learned that upload vulnerability is often the simplest and most serious, which can make hackers or hackers easily control your website. You can disable or limit the types of files you upload. If you don't understand, you can find your website program provider. 8. Cookie protection when logging in, try not to visit other sites to prevent cookie leakage. Remember to exit when you close all browsers. 9. The administrator should set some important directory permissions to prevent abnormal access. For example, do not give the upload directory execution script permission and do not give the non upload directory write permission. 10. Self test now there are a lot of hacker tools on the Internet. You can find some to test whether your website is OK. 11. Routine maintenance A. backup data regularly. It's best to back up once a day. After downloading the backup file, you should delete the backup file on the host in time. b. Change the name of the database and the account secret of the administrator regularly. c. Through web or FTP management, check the volume of all directories, the last modification time and the number of files, check whether the files are abnormal, and check whether there are abnormal accounts. The website is hanged by hackers because the website program has loopholes or the server security performance is not up to standard. It is a common phenomenon that websites are hanged, but it is also the trouble of every website operator. Have you ever wanted to give up because your website and server are invaded every day? Have you delayed the operation of the website because you don't know much about the website technology? Do you feel as if you are impatient because your well-operated website is repeatedly invaded by some boring hackers. Conditional suggestions to find a professional website security sine security to do security maintenance.

6. You check the snapshot of your website, whether it has been tampered with, and whether the website program has been added malicious code, my website is hacked, uploaded the black chain Trojan horse, resulting in network reminder! Find a security company, clean up the site Trojan, repair site vulnerabilities, about three days to cancel the reminder. If you don't know about security, it is recommended to find a professional security company to solve it

7. 1. Check whether the website is linked. If it's a hang horse, it's likely that there are problems with the security and program of the server. At this time, you need to clean up the hang horse first to solve the security and program problems of the server
2. Use robots.txt to screen the directory and reject the external chain in batch
3. Whether the website is suspended or punished, regular and quantitative updating of articles is also indispensable
4, log in to the webmaster platform to feed back your situation.

8. 1. Modify the FTP login password
for convenience and good memory, many people set the password too simply, such as in the form of pure numbers, which is easy to be cracked by hackers. Therefore, the more complex our password is, the better. It's better to use a combination password with upper and lower case letters, numbers and punctuation marks. Although this is more complex and inconvenient to remember, it's not easy to use, This is the most secure form of password setting. Of course, after setting, it's better to and save it to U disk or other places, so as not to forget it at that time
2. Modify the administrator password
after modifying the FTP login password, we should also modify the login password of the website administrator, because since the hacker has a way to crack and log on your FTP tool, then your login password of the website administrator must also be cracked, so we need to modify the password of the website administrator in time
3. Upload the website template again
after modifying the FTP and the login password of the website administrator, we need to upload the website template again. If there is no backup, we can search the Internet for some batch modification tools and software, and repair these black chains and modified files in batch. Finally, the proction of HTML in the whole station is OK
4. Find other modified files
after we re upload the template file of the website, we will find other modified background template files, because, generally, the template file of the website foreground is modified, which is easy to find, but if it is some background files of the website, such as the template for storing pictures To store some template files such as database, it is necessary to find those background template files that have been maliciously tampered and modify them in time.

9. Find the linked file and delete it manually. In addition, you need to check how your site is linked by others, and do a good job in security protection

10.

I don't know if your problem has been solved. I think I have a lot of say in answering. Because I also had this phenomenon some time ago

you can see if the source code of your home page is as follows: the title, keywords and description of the website have changed, and there are more codes in the website as shown in the figure. This is the virus code, but after the deletion, there has been such a situation for some time. That's because the deletion is only temporary and does not solve the root cause of the website vulnerability

if all the above three points are done well, your website will not jump to other websites. Because of the prevention of "XSS", other people will not attack your website and add virus code in your website. I am a webmaster who loves to share. You can pay attention to me and make progress with me< br />