暫時(shí)關(guān)閉網(wǎng)站

Temporarily close the website

網(wǎng)站被黑客入侵后，常見的情況就是被植入木馬程序，為了保證瀏覽者的，必須先關(guān)閉網(wǎng)站，待處理完畢后再開放。關(guān)閉時(shí)可以暫時(shí)將域名轉(zhuǎn)向其它地址，如建立一個(gè)網(wǎng)站的帖吧，或者放置一個(gè)說明頁面。

The most common situation when a website is hacked is when it is implanted with a Trojan program. In order to ensure the safety of visitors, the website must be closed first and opened only after it is processed. When closed, the domain name can be temporarily redirected to other addresses, such as creating a website post or placing an instructional page.

使用備份恢復(fù)

Using backup recovery

如果網(wǎng)站文件被黑客破壞或刪除，假如事行過網(wǎng)站數(shù)據(jù)備份的話，可以直接使用備份文件恢復(fù)。萬一沒有對(duì)備份進(jìn)行備份，而數(shù)據(jù)又非常重要的話，建議先不要進(jìn)行任何操作，立即請(qǐng)專門進(jìn)行數(shù)據(jù)恢復(fù)的公司嘗試恢復(fù)服務(wù)器硬盤中的數(shù)據(jù)。

If the website files are damaged or deleted by hackers, and if the website data has been backed up beforehand, the backup files can be directly used for recovery. If there is no backup done and the data is very important, it is recommended not to take any action for now. Please immediately ask a company specialized in data recovery to try to recover the data from the server's hard drive.

因?yàn)橛行┨摂M主機(jī)服務(wù)商會(huì)定時(shí)備份服務(wù)器中的數(shù)據(jù)，使用虛擬主機(jī)空間的用戶，還可以聯(lián)系空間商獲取數(shù)據(jù)備份。

Because some virtual hosting services will regularly backup data from the server, users who use virtual hosting space can also contact the space provider to obtain data backups.

打補(bǔ)丁查漏洞

Patch and check for vulnerabilities

當(dāng)程序漏洞被公布時(shí)，程序的網(wǎng)站都會(huì)發(fā)布程序的補(bǔ)丁，只需要下載相應(yīng)的文件，按照說明上傳到網(wǎng)站空間覆蓋原文件即可。如果暫時(shí)沒有出現(xiàn)相關(guān)的補(bǔ)丁，則可以暫時(shí)禁用或刪除某些功能文件。

When program vulnerabilities are exposed, the official website of the program will release patches for the program. Simply download the corresponding files and follow the instructions to upload them to the website space to overwrite the original files. If there are no relevant patches currently available, certain feature files can be temporarily disabled or deleted.

接著我們可以查看網(wǎng)站的訪問日志，找出訪問木馬程序的IP地址記錄，根據(jù)查詢到的IP地址，再次查看黑客還訪問了哪些頁面，檢查這些頁面是否有其它漏洞。

Next, we can check the website's access logs, find the IP address records of accessing the Trojan program, and based on the queried IP addresses, check again which pages the hacker has visited and whether there are any other vulnerabilities on these pages.

木馬程序檢測

Trojan program detection

站長可以根據(jù)網(wǎng)頁文件的修改時(shí)間來判斷是否被植入木馬，方法是察看所有被更改的文件的更改日期，由于是木馬修改了這些頁面，因此它們修改日期非常接近。然后查詢此日期近新建立的asp、aspx、asa文件，將異常文件進(jìn)行隔離或刪除。

Webmasters can determine whether a Trojan has been implanted based on the modification time of webpage files. The method is to check the modification dates of all modified files. Since these pages were modified by the Trojan, their modification dates are very close. Then query the newly created ASP, ASPX, and ASA files on this date, and isolate or delete the abnormal files.

使用PhpWind論壇程序的站長還可以下載專用的網(wǎng)頁木馬檢測工具來進(jìn)行木馬的檢測和（下載地址：[url]http://www.phpwind.com/2.0/safe.zip[/url]），解壓后將文件全部上傳到論壇目錄中，如果服務(wù)器是Linux 或FreeBSD系統(tǒng)還需要設(shè)置論壇目錄為可讀寫模式。接著在瀏覽器中輸入safe.php文件的地址，程序?qū)⒆詣?dòng)檢測站點(diǎn)中的文件，檢測完成后將會(huì)顯示報(bào)告。

Webmasters who use the PhpWind forum program can also download dedicated web Trojan detection tools to detect and clear Trojans (download address: [URL]) http://www.phpwind.com/2.0/safe.zip After decompressing, upload all files to the forum directory. If the server is a Linux or FreeBSD system, you also need to set the forum directory to read-write mode. Next, enter the absolute address of the safe.php file in the browser, and the program will automatically detect the files in the site. After the detection is completed, a security report will be displayed.

我們也可以使用專門的網(wǎng)頁木馬檢測工具進(jìn)行檢查，下載一款“網(wǎng)站程序分析器”，接著使用FTP軟件將網(wǎng)站文件全部下載到本地硬盤，選擇文件所在的文件夾后點(diǎn)擊“掃描”按鈕即可。稍等片刻，軟件將顯示掃描到的木馬文件名稱，要注意的是，該軟件檢測比較苛刻，一些組件文件和后臺(tái)管理程序也會(huì)被列入危險(xiǎn)文件，在使用時(shí)需要仔細(xì)鑒別。

We can also use specialized web Trojan detection tools to check, download a website program security analyzer, and then use FTP software to download all website files to the local hard drive. Select the folder where the files are located and click the "Scan" button. Wait a moment, the software will display the names of the scanned Trojan files. It should be noted that the software has strict detection requirements, and some component files and background management programs may also be listed as dangerous files. Careful identification is required when using it.

批量修復(fù)網(wǎng)頁

Batch repair of web pages

一般黑客侵入網(wǎng)站后都是在網(wǎng)頁中加入代碼進(jìn)行木馬的種植，從而使用戶在瀏覽網(wǎng)站時(shí)自動(dòng)打開并下載木馬程序，一些木馬程序會(huì)自動(dòng)在所有的網(wǎng)頁文件后面添加一行代碼：，如果網(wǎng)站文件很多，手工一個(gè)個(gè)簡直是不可能的事。這時(shí)可以使用數(shù)碼龍網(wǎng)頁批量修改器進(jìn)行惡意代碼的批量刪除。

After hacking into a website, hackers usually add code to the webpage for Trojan horse cultivation, so that users can automatically open and download Trojan programs when browsing the website. Some Trojan programs will automatically add a line of code after all webpage files: if there are many website files, it is impossible to manually clear them one by one. At this point, the Digimon web page batch modifier can be used to batch delete malicious code.

刪除網(wǎng)站空間中存在的木馬文件，接著下載數(shù)碼龍網(wǎng)頁批量修改器，打開軟件主程序后在“刪除字符”欄目中輸入檢測出的惡意代碼，然后選擇網(wǎng)站文件所在的文件夾，單擊“開始”按鈕，軟件將自動(dòng)完成網(wǎng)頁的修復(fù)操作。當(dāng)確認(rèn)沒有惡意代碼后，將所有文件上傳到網(wǎng)站空間即可。

Firstly, delete the Trojan files that exist in the website space. Then, download the Digimon web page batch modifier, open the main program of the software, enter the detected malicious code in the "Delete Characters" column, select the folder where the website files are located, click the "Start" button, and the software will automatically complete the webpage repair operation. After confirming that there is no malicious code, upload all files to the website space.