What if, one day, when you open your own website, pornographic content suddenly appears? That would certainly be alarming. The presence of pornographic content on a website clearly indicates that it has been compromised, typically by hackers exploiting vulnerabilities to implant malicious code and hijack user access.
So, how can this problem be resolved?
First, it is necessary to identify and remove the malicious code to address the hijacking issue. Then, implement security measures to prevent further hacker intrusions.
Initially, we should inspect the webpage source code for any malicious code (which can only be detected through visual inspection). Next, we check dynamic scripts (such as PHP) and JS files for malicious code.
If no malicious code is found in these areas, it is highly likely that malicious components have been implanted in the WebServer (a common occurrence with IIS). In this case, an analysis of the WebServer components is required. The "MagiAegis - Defense System" can be used to quickly identify security vulnerabilities. As shown in the following figure, the "System Audit" module can swiftly pinpoint security threats on the server, with "Website Security Audit" being the key area of concern.
(System security audit)
Once identified, the solution is straightforward: simply delete the modules flagged as dangerous in the "IIS-Modules" section.
After resolving the hijacking issue, the next step is to prevent future hacker hijackings.
If the hijacking was implemented through tampering with the webpage source code by hackers, then implementing tamper protection for the website will suffice. If hackers implanted malicious components in the WebServer, then comprehensive server security measures must be taken.
Let's first discuss how to enhance server security.
Undoubtedly, the first step is to update all patches to the latest version (this can be done through "MagiAegis - Defense System - Security Audit - Patch Updates" and it can also be configured to automatically update patches daily without manual intervention).
Next, protect remote desktop logins to prevent hackers from accessing the server and implanting malicious components. The "Remote Protection - Client IP/Region Protection" feature of "MagiAegis - Defense System" can be used to restrict remote logins to your city only (As shown in the following figure). The likelihood of a hacker being in the same city as you is extremely low, and this does not affect your ability to log in remotely.
(Remote Desktop Protection)
The remote protection module is highly powerful, allowing restrictions on computer names, IP/regions, and login times for remote login terminal devices. It enables online enabling and disabling of remote login functions, prevents brute-force attacks, and sends login notification messages to promptly detect security threats.
Finally, in the "Firewall" module of "MagiAegis - Defense System," only essential ports should be opened (it is recommended to only open ports 80 and 443).
By following these steps, server security issues are largely resolved. The next step is to reinforce website security.
Website reinforcement primarily focuses on two aspects: webpage tamper protection and website injection prevention.
Again, the "Tamper Protection" and "Website Protection" features of "MagiAegis - Defense System" can be utilized to address these issues.
MagiAegis - Defense System comes with built-in tamper protection rules for most CMS platforms, which are highly effective and have no side effects. Simply use the "Tamper Protection - Add CMS Protection" feature, fill in the website directory and backend address, select a security template, and you can quickly configure website tamper protection (As shown in the following figure). These rules are compiled by our security team, which can effectively prevent hackers from tampering with web pages without affecting the normal operation of the website.
(Quickly add website tamper-proof rules)
Website injection prevention can be addressed through the "Website Protection - Anti-Injection" module. As shown in the following figure, this module can defend against various SQL injection and XSS cross-site scripting attacks.
(Against SQL Injection and XXS Cross-site Script Attacks)
By implementing the above measures, both server and website security issues can be swiftly resolved, eliminating concerns about illegal content appearing on your website.