After the server reports the broiler processing step

Processing steps:

First, execute

1. Change the password of the system administrator account. The password length is not less than 8 digits and the uppercase letters are lowercase. Alphanumeric special character combination;

2, change the remote login port and enable the firewall to limit the IP that is allowed to log in. The firewall configuration only opens a specific service port and does not need to be open to all users, such as FTP and database. Perform source IP access control;

3. Check if the unauthorized port is open: Ø windows enter nestat/ano on the CMD command line to check the port; if there is an open port, delete the corresponding path according to the PID check process. File (according to PID check process steps: Start-->Run--> Enter“msinfo32” Software Environment--> Running Tasks) Ø linux Enter the command netstat –anpView

4, delete the unknown account in the system, windows system also needs to check whether the SAM key in the registry has a hidden account;

5, if there is a WEB service, limit the web operation The account has access to the file system and only the read-only permission is open.

Second, the late defense

1, windows check login event audit policy has been turned on, you can view the login log in the windows log after opening (open steps: start -> run -->Enter“gpedit.msc”-->windows settings-->local policy-->audit strategy); 2, windows system should update system patch in time;

3, limit The access rights of the WEB Server running account to the file system are generally only open read-only permissions;

4. Access rights such as database and FTP services can be restricted by the firewall.