As a webmaster, how to avoid the [pagoda loophole] accident

process

Some time ago, a serious high-risk security vulnerability appeared in the pagoda panel. Attackers can directly obtain server data by using this vulnerability, which poses a serious threat to webmasters.

At the same time, Alibaba Cloud, Tencent Cloud, etc. blocked the 888 port of the pagoda panel. At the same time, the pagoda developers have responded quickly. I still want to give you a thumbs up to all cloud vendors and software developers!

How to avoid it?

Security incidents like this are endless. As webmasters, how can we avoid such incidents from happening again?

1. Don't use the default configuration

The default software system settings, default system ports, and default website settings may be exploited by unscrupulous persons at the first time when a vulnerability occurs. Modifying the default system configuration can avoid such risks to a great extent.

2. Principle of least privilege

The least privilege, that is, when giving a software privilege, avoid using the privilege such as root, which can largely ensure that the entire operating system is threatened when a system vulnerability occurs.

At the same time, different software uses different user names for isolation when configuring the database, which can avoid the tragedy of one website being attacked and all websites suffering.

3. Don't use weak passwords

For the convenience of system management (or laziness), many people often set administrative passwords like 123456 and admin. Such passwords are easily scanned by brute force software.

4. Do not use systems from unknown sources

Website operators often download and install systems from unknown sources on different websites. Such systems are likely to be maliciously left as backdoors by criminals, which will cause great threats. It is necessary to purchase and download genuine software from formal channels to avoid such a tragedy.

5. Please professional technical maintenance

Many webmasters have multiple jobs, and it is impossible to be proficient in all areas of technology, so it is likely to cause security incidents caused by improper configuration. In the actual operation process, we will also encounter the question "is there a loophole in your system that caused our server to be attacked". As a system developer, we use our ability to standardize technology development to ensure the user's system security to the greatest extent. However, if the system is even more secure, there will be serious security incidents due to improper server configuration. Therefore, if conditions permit, please professional people to maintain your website is a good choice

Little Green Elephant Software Studio, a one-stop software solution, let your ideas land quickly!