Windows server 2012 host, a Trojan program, the Trojan all cleared, and remove the hidden account, also to modify the account password, but the next day the host are hanging a horse, and do this have what method to detect, run autoruns, d shield etc.

CodePudding user response:

What you run services, opening the port, the unused port sealing off, if there are loopholes in web services will also examine relevant code

CodePudding user response:

If reshipment system, antivirus, etc, has repeatedly been hang horse, should consider whether can exist by using a loophole in the no patch, advice on all kinds of patch in time,
It is operating system patches, 2 it is all kinds of application software patches, such as WEB, database, FTP and patches, redo system, can download several holes detection
Tool detection, more targeted play all kinds of patches, comprehensive antivirus again, general of the underlying, hardware class should be able to remove, really not line, on the safe side,
Only change the new machine,

CodePudding user response:

First is the system patch, as server must update all kinds of patches, followed by the port, the last is all kinds of security policy and security application deployment, this screening is more trouble, come on, one by one