All Products
Search
Document Center

Security Center:Defend against trojan attacks

Last Updated:Jun 04, 2026

Trojan attacks can cause data leaks and asset losses. Defend against these attacks by applying security measures across your network, operating systems, databases, and applications.

What is a trojan attack

A trojan attack (also called a horse attack) injects malicious code into a server or website by disguising it as legitimate software. Attackers trick users into downloading or executing the code through iframes, JavaScript, HTML bodies, CSS, or other methods.

Common attack vectors include system vulnerabilities, SQL injection, and file upload vulnerabilities.

Impact of trojan attacks

A successful trojan attack gives the attacker access to your website and sensitive data such as user accounts, passwords, and business data. Visitors to the compromised website may also be infected, exposing their bank accounts, social media credentials, and other personal data.

Trojans can also destroy disk data, causing significant information loss. Overall, trojan attacks damage your website reputation, damage user systems, and leak user data.

Defend against trojan attacks

Fix vulnerabilities on your website and web servers promptly. Attackers exploit vulnerabilities in tampered web pages, browsers, and operating systems to inject trojans, then download and run additional malicious programs to expand the attack scope.

Protect your website with a layered security architecture as shown below.

image

Apply security measures at the following levels:

  • Network security level

  • Host system level

    • Use Bastionhost to manage ECS logon methods and grant O&M personnel only necessary permissions.

    • Configure strong passwords for your Alibaba Cloud account (at least 8 characters with mixed case, digits, and special characters) and change them every few months. Use multi-factor authentication (MFA) or SSH keys to log on to ECS instances.

    • Obtain security vulnerability information and regularly detect and fix vulnerabilities on your website and web servers. Install patches to operating systems and applications promptly.

    • Activate Security Center to detect and handle security risks, configuration risks, OS vulnerabilities, and middleware vulnerabilities on your servers.

    • Restrict file system access to only necessary permissions. Limit access to sensitive directories and restrict script execution.

  • Database level

    • Do not use web-based tools to manage databases or expose your database management system to the Internet.

    • Allow only application servers to access database services. Block database ports from the Internet.

    • Configure strong passwords for the database services.

  • Application security level

    • Harden web application middleware.

    • Perform code security tests and white-box tests before deploying to production.

    • Use Security Center vulnerability management to scan for and fix vulnerabilities before deploying your web system.

    • Fix program vulnerabilities promptly. Youcan use Web Application Firewall (WAF) to protect your web applications from external attacks.

Detect and remove trojan files

Use Security Center to automatically detect and remove trojan files. Manual identification among the large number of OS and application files is impractical.

Methods to remove trojan files:

References