All Products
Search
Document Center

How to block trojan attacks on ECS

Last Updated: Jan 09, 2020

Overview

This article describes how to block trojan attacks on ECS.

 

Description

This article describes solutions to trojan attacks on ECS and virus prevention measures.

 

Solutions to trojan attacks

You can use the following methods to block trojan attacks on ECS:

  1. Modify the password of the system administrator. The password must be at least eight characters in length and contain the following character types: lowercase letters, uppercase letters, digits, and special characters.
  2. Modify the remote logon port.
  3. Enable the firewall to control which IP addresses can access ECS and to open only specified service ports. For services that do not need to be available to all users such as FTP and databases, we recommend that you control which source IP addresses can access the services.
  4. Check whether any unauthorized port is opened. If yes, close the unauthorized port.
    • Windows operating system: Run the netstat /ano command in CMD to check ports.
    • Linux operating system: Run the netstat -anp command to check ports.
  5. Check whether any unusual process is running. If yes, terminate the process. Check with the server administrator whether the files used by the process can be deleted.
    • Windows operating system: Choose Start > Run.... Enter msinfo32. Choose Software Environment > Running Tasks.
    • Linux operating system: Run the ps -ef or top command.
  6. Install an anti-malware program and perform full scanning and removal. We recommend that you install Server Guard of Alibaba Cloud Security.
    • If unknown accounts in the system need to be deleted, you must view the SAM value in the Windows Registry to check whether hidden accounts exist.
    • If Web services exist, you must control access to the file system from Web accounts and only grant these accounts read-only permissions.

 

Trojan prevention measures

You can take the following trojan prevention measures:

  1. Start Server Guard of Alibaba Cloud Security and use the following major features to protect ECS:
    • Precaution – Vulnerabilities: Complete vulnerability management features minimize possible risks to your assets.
    • Intrusion Detection – Abnormal Logon: All logon information is recorded and realtime alerts are sent for unusual logon acts. You can configure frequent logon locations.
    • Intrusion Detection – Webshell: Webshell programs on servers can be detected in real time.
    • Intrusion Detection – Server Exceptions: Abnormal network connections such as malicious processes and malicious download URLs can be detected and alerted in real time.
  2. The following protection features of Alibaba Cloud Security also can be used:
    • Web Application Firewall: can prevent attackers from intruding servers with application vulnerabilities. Professional security teams focus on security events within Mainland China. When a new vulnerability is discovered, the security teams add prevention rules to block website intrusion that occurs when attackers exploit the new vulnerability.
    • Security Center: provides security detection for cloud services such as ECS, RDS, and SLB. This feature helps you improve security visibility and manage security events of cloud assets in a centralized manner.
    • Managed Security Service: Alibaba Cloud security experts provide users with all-round security technologies and consulting services. The experts establish and optimize security protection systems for cloud users to safeguard their business security.
  3. Modify passwords for all accounts, especially the following types of passwords. We recommend that you use passwords that must be at least eight characters in length and contain the following character types: lowercase letters, uppercase letters, digits, and special characters.
    • Server logon passwords
    • Database connection passwords
    • Website background logon passwords
    • FTP passwords
    • Passwords for other server management programs
  4. Implement system security hardening.
    • Try to hide website background. Use background directory names that contain many characters on the condition that websites run normally. Example:
      /mamashuomingziyaochangyidianheikecaizhaobudao/
    • Update patches of operating systems and applications in a timely manner.

 

Application scope

  • ECS

 

If the problem persists, you can receive a free consultation in Alibaba Cloud Community or submit a ticket to contact Alibaba Cloud technical support personnel.