When the Blackmail virus invades ，how to reinforce your “China shared hosting” server
This year an unprecedented network virus attack has hit the world， affecting nearly 30， 000 Chinese institutions. So， how do we reinforce the China shared hosting intrusion before we get under attack？
1. Different security thoughts：
Server security first， as we all know， from the safety of the operating system （OS）， the invasion of the first line of defense is protection， if the operating system‘s security is very good， there will be no follow-up questions. However， the current popular operating systems， desktop Windows， Linux， workstation Unix， Aix， embedded vxWorks， mobile phone android.。. Every day when a lot of loopholes， the key is unknown to the public the so-called “0Day”， more and more countries because of the need of war， the need of safe because the company has competitive， hackers have because of the need of interests.。. Anyway， the leaks are just a small part of it.
Server consolidation is for operating system security mechanism of the introduction of “third party”， the invasion of the hackers used channel to increase monitoring means， hackers generally in view of the operating system vulnerabilities， bypass the security mechanisms of an operating system itself.However the hackers did not know the mechanism of “third party” on the server， invasion is not so easy to get.
2. Kinds of ways of security reinforcement：
Server security reinforcement （also known as server against the invasion of reinforcement） idea is against hacking in the process of gradually established， so far， it should be said has experienced three stages of development： strengthening phase configuration; Stage of compliance reinforcement; Anti-control reinforcement phase.
2-1. Configuration reinforcement phase：
the so-called configuration reinforcement is the security configuration of the operating system to reinforce and upgrade， and improve the security protection level of the server. Common practice has the following aspects：
①The number of login times that restrict the number of consecutive password errors is an important means to counter the password violent cracking.
②To break up the administrator of the system and cancel the superadministrator， thus restricting the intruder’s access to the administrator account;
③Remove unnecessary accounts and avoid being exploited by attackers;
④Turn off unwanted service ports. One is to reduce the intruder‘s intrusion point. The second is to avoid being used as a backdoor by the intruder.
⑤To limit the permissions of remote logers， especially system administration;
2-2. Compliance strengthening stage：
People who do information security are familiar with one word： mandatory access control. Is when the user access to data， not only check the identity of visitors， confirm his access， as well as view the safety of the accessed data level， whether to match with the security level of the visitor， if does not conform to the stipulations of the security policy， also refuse access.
2-3.The stage of Anti-control reinforcement ：
anti-control is to clearly put forward the requirements for the management of the server， which is the guarantee of the safe bottom line. Anti-control has several implications：
①Control control： the control of the server is the ability to control the service’s resources to meet its own needs， such as installing a scanner， scanning the holes of other computers in the network. If you install an attack tool， attack other targets directly. There are several important links to server control：
A. administrator account login： various services can be deployed directly;
B. remote desktop process： remote direct manipulation of management server;
C. upload tool software： without these tools， a hacker is like a tiger without a pawn. Installing tools and software on the server is a necessary stage to turn the server into an attack tool.
②If the hacker is to control the server， he must try to hide himself. Once he is found， the manager can clear it immediately， and all the efforts of the hacker will be wasted. There are many ways to hide your skills.
A .process injection： hidden in the system process， users are hard to identify;
B.don’t start： there are hundreds of thousands of files inside the server. It‘s easy to hide. It doesn’t start， and you won‘t be able to catch it. Of course， by means of timing or remote call， the intruder’s intention can be completed when needed.
C.Rootkit： the replacement system driver， of course， hides the activation code， or the monitoring code.
③cut off the way of home： home invasion is different from the virus， the invaders in order to control your server， you need to contact his “boss”， receiving the order， back to send information， control it “home connection”， to cut off the intruder control channel， no one can make those hidden control “fool”。 There are many kinds of techniques to go home.
A） secretly visit its “hometown” website while you are surfing the Internet.
B） disguised as an upgrade of various software （such as anti-virus， etc.）， of course， the software should be tested first;
C） send mail;
D） transfer of mobile media;
E） the back door service;