What to do when detecting hackers attack websites?

In less than 15 days in early June, 249 Vietnamese websites were attacked by hackers, most of them with a change of interface.

This is a large-scale network attack, the target hackers target is the important and official websites of state agencies (more than 50 gov.vn domain name websites).

What to do when detecting hackers attack websites? Picture 1

Wide area attack

About 20 hours on June 9, electronic newspaper Petro Times of Vietnam Oil and Gas Group suffered two consecutive attacks from hackers, including a malicious denial of service and intrusion attacks. material.

Earlier, many websites of ministries and branches of Vietnam were also attacked by hackers.

Talking to Vietnam + reporter, Mr. Nguyen Minh Duc, Director of Network Security Division of Bkav Internet Security Company, said that from the beginning of 2011, this unit has recorded about 100 websites per month. Water is attacked by hackers.

However, only since the beginning of June, 249 websites of Vietnam have been attacked by cybercriminals, mostly with the method of changing the interface and denying services. Often hackers will leave messages in Chinese or English.

Mr. Duc said that the fact that Vietnam 's websites were attacked a lot by the level of interest in security and information security is not high.

' Bkav's statistics show that many websites were attacked several times in a year, but the agency did not offer remedial measures for that vulnerability ,' Duc said.

In fact, security issues for websites in Vietnam have been alarmed for a long time, especially when the news of VietNamNet e-news was attacked.

In a reply to Vietnam +, Dr. Vu Quoc Khanh, Director of VNCERT Computer Emergency Rescue Center (Ministry of Information and Communications) once said that after investigating large and important websites, With investment potential, VNCERT saw about 30% of this website was attacked by hackers in 2010.

' Only in the electronic portals of the central cities, provinces and ministries have more than 20% not used log files (recorded for checking). Nearly 30% of websites do not have people in charge of information management for the system , 'Khanh said.

What to do when being 'hit'?

In the face of increasingly complex network security, network administrators are loose and weak, Mr. Duc said that the administrator needs to check the server vulnerability, see where the hacker attacks to know how to close the vulnerability. . Also, see if a hacker has installed malicious code to monitor or destroy data in the system to know how to handle it.

In the long term, website administrators must regularly review their websites to detect vulnerabilities and fix them in time. In addition, there must be strict information security regulations.

Mr. Nguyen Pho Son, Director of CisLab (belonging to CMC Information Security Security Joint Stock Company), said in addition to reviewing and updating patches for applications, network administrators need to set up firewall configuration and detection machines prevent attacks against web servers.

Besides, it is necessary to review the configuration for the server running the website, update the patches for the operating system and the applications on the server as well as turn on the log [record for checking-pv] and regularly check Check log to detect abnormalities.

In case of detecting your website being hacked, experts recommend that network administrators need to issue a notification [such as a pause message to upgrade the website .- pv]. After that, pause the website's operation (disconnect from the Internet connection) to review the system and repair.

In addition, network administrators need to use anti-virus software to remove backdoor types left by hackers, notify authorities or security companies to find ways to overcome.

In the website operation process, data backup is essential. For informational websites such as e-newspapers, experts recommend parallel backup or 10 minutes / time to be able to restore the website's activities quickly on another server. However, if the backup is not proper, the hacker can also delete this copy.