How are websites hijacked?

Network security is becoming increasingly severe. Webmaster friends have more or less encountered the experience of being hacked and hijacked. For friends who are honest and conscientious about their website, they have finally made some achievements. Once hijacked, it is back to before liberation. In this issue, we will discuss what are the common methods for websites to be hacked and hijacked? How to prevent and repair these risks?
Open iis7 Website Monitoring to detect Whether the website has been hijacked, DNS is polluted, whether the website has been hacked, attacked, had its title changed, or been linked to black links are all areas that we need to check.
　1. Traffic hijacking
　1.1 Whole site redirection
This type of hijacking is relatively direct and easy to detect. Usually, this type of hijacker will load js into the page or implant code into the web server. To achieve global hijacking, but generally speaking they will only hijack the traffic coming from the search engine to prevent the webmaster from noticing and repairing it immediately.
Patch & prevention methods:
1.1.1 It is recommended to install third-party protection software and regularly check source code changes.
　1.1.2 Pay attention to the server logs and troubleshoot abnormal logins.
　1.1.3 Change IP to search in other areas and click to view.
　1.2 Keyword Jump
This hijacking method will be relatively subtle and will only jump to a part of the key individually. This is the upgrade type of the first method and requires regular inspection of the site.
　1.3 Frame hijacking
This method is more common. When the website is loaded, js is added directly to the source code, hiding the original page body, and displaying some unknown advertisements or page content. Most of them also limit the source to search. The engine is triggered.
　1.4 Snapshot hijacking
The method of snapshot hijacking is to replace your page with a page with specific keywords when the search engine crawls it, and use the advantages of crawling and database building of the site itself to achieve undetected Ranking.
Repair & prevention methods:
This method requires the webmaster to pay more attention to your inclusion and display on Baidu pages.
　1.5 DNS hijacking
DNS hijacking is currently the most advanced method. It can be controlled at any time without contact. The operator directly hijacks your site and jumps to some XXX websites. Now the upgraded version is still available. Specific users, specific areas, etc. use user portraits to screen out user hijacking. In addition, such advertisements are more random and smaller. Generally, it is difficult for webmasters to detect them unless users complain. Even if they are aware, it is more difficult to obtain evidence and report them.
　Repair & Prevention Methods:
　1.5.1 Obtaining evidence is very important. Time, location, IP, dial-up account, screenshot, URL address, etc. must be available.
　1.5.2 You can make complaints and feedback to the telecom operators in the hijacked area.
　1.5.3 If the complaint feedback is invalid, go directly to the Ministry of Industry and Information Technology to complain. Generally speaking, your domain name will be whitened.
　1.6 Third-party plug-in hijacking
Part of the reason for the recent Beacon Fire algorithm is that some advertising alliances hijacked Baidu search through site js and hijacked the result page address of Baidu search. This kind of alliance is extremely scary if you think about it, secretly I don’t know how many similar things have been done. Of course, some of them may also be done by telecom operators.
What everyone must pay attention to here is: advertising alliances and statistical tools.
　Repair & prevention methods:
　1.6.1 Try to use regular manufacturers (of course regular manufacturers also have the risk of being hacked)
　1.6.2 Since you can’t help but pay attention to the news.
　1.6.3 If there is an https version, try to use the https version.
　2. Weight hijacking
　2.1 Spider hijacking
This method is theoretically the same as snapshot hijacking, but has a different purpose. By loading some links, the spider can discover more pages that the hijacker needs to crawl.
　2.2301 Weight Transfer
This kind of hijacker is relatively dark. After obtaining the shell, it directly performs 301 weight transfer. However, simple 301 is slow to take effect and will usually be revised through the webmaster platform. Therefore, everyone must bind your mobile phone email address to log in to the platform regularly and pay attention to platform information. In addition, this type of method is normal for user access and will only give a 301 status when search engines come to crawl it.
　2.3 Black links
Many of my friends must have encountered this kind of thing. Hanging a batch of black links on the site, both visible and invisible, but in general, fewer and fewer people do this now. , just scan your source code a few times if you have nothing to do.
　2.4 Black pages (pan-parsing, reverse generation)
Automatic reproduction and reverse proxy. In fact, the principles of many of the above methods are the same, but there are slight differences in form and implementation.
　2.5 Search Caching
This kind of hijacking behavior broke out in the past few years. Many people took advantage of the site's search caching mechanism to create a large number of pages and leave contact information. We won’t discuss it in depth here.
　3. Advertising hijacking
The purpose of this type of hijacking is relatively simple. It is to replace the site's advertising alliance or the site's original advertising display plan to achieve the purpose of using your traffic to make other money. Also the main hijackers: operators, attackers.
　4. Other hijacks (browser, routing)
Mirroring is a relatively popular hijacking method recently. The hijacker uses high-quality domain names and high-quality front-end resources to directly mirror the target site, making it difficult for search engines to distinguish who is real and who is fake. Of course, in most cases, the hijacker makes a profit, and the target site disuse. In response to this method, the site can also fight back. After knowing the hijacker's domain name and crawling IP, it can return some XXXX information alone, etc., and let it fend for itself.
Browser and route hijacking are basically relatively small-scale hijackings. Browser hijacking basically installs some illegal plug-ins on the user's computer to hijack traffic and display advertisements. Route hijacking is mainly used in places such as shopping malls. Users are hijacked after accessing free networks. For route hijacking, doing a good job of https can prevent a large part of it.

The above is the detailed content of How are websites hijacked?. For more information, please follow other related articles on the PHP Chinese website!