Recently, there are many user feedback, due to the server password or database password setting is too simple, resulting in data stolen by hackers, or even deleted, resulting in serious consequences.

Information security is an invisible but very important job. Since most small and medium-sized enterprises do not have special information security administrators, but we run our software on the cloud and deal with our business, information security is unavoidable.

This article does not do too much explanation of information security, in the recent we understand the situation, please users friends must do the following two jobs:

First, change your weak password to a strong one!

Weak passwords Are passwords that are easy to decrypt. They are mostly simple combinations of numbers, combinations of numbers in the same account, adjacent keys on the keyboard, or common names, such as 123456, abc123, and Michael.

Most of the common passwords in our mirror factory Settings are 123456, which is a typical weak password. Although we emphasized that users should change by themselves on the product initialization page, some users still ignore this change, leading to tragic data security accidents.

The 25 weak passwords commonly used by Chinese netizens include:

000000, 111111, 11111111, 112233, 123123, 123321, 123456, 12345678, 654321, 666666, 888888, abcdef, abcabc, abc123, a1b2C3, aaa111, 123q We, qwerty, qweasd, admin, password, p@ssword, passwd, Iloveyou, 5201314, ASDFGHjKL, 66666666, 88888888.

A Strong password is a password that is not easy to guess or crack. A strong password should have the following characteristics:

  • A strong password must be at least 8 characters long.
  • Does not contain all or part of the user account name;
  • Contains at least three of the following four types of characters: uppercase letters, lowercase letters, digits, and keyboard symbols such as! @, #);
  • Not found in the dictionary;
  • Not a command name, not a name, not a user name, not a computer name;
  • There is no regular combination of uppercase and lowercase letters, digits, and symbols. Some login systems support full-angle symbols and special symbols such as Chinese and other languages.
  • Not easy to guess passwords (e.g. 1qaz@WSX qazwsxedc iloveyou).

Second, set up the server automatic backup (snapshot backup), nip in the bud!

Users with experience in server operation and maintenance understand that “an information system cannot maintain a 100% stable state for a long time. Any system may fail, but the probability of failure is different and the damage degree is different”.

  1. A few days of work was mistakenly deleted, how to recover?
  2. The website is hacked beyond recognition, can it be restored?
  3. The content of the website has been changed disorderly, want to restore a normal state?

When a fault occurs, we first seek professional help to quickly diagnose and handle the fault, but unfortunately, some faults cannot be smoothly resolved within the expected time period, or even cannot be resolved. Obviously, having a backup is extremely important, as it guarantees that in the event of a failure the system can be restored to a normal state using the existing backup files, which means you can avoid a huge loss if you cannot recover.

Make sure you get into the habit of backing up. Don’t take chances.

All cloud platforms provide global automatic backup. The basic principle is based on disk snapshot: a snapshot is a snapshot of a server’s disk, which can record all the data on the disk at a specified point in time, back it up, and achieve one-click recovery.

- Backup scope: The operating system, running environment, database, and applications. - Backup effect: very good. - Backup frequency: Backup can be performed by hour, day, or week. - Recovery mode: One-click recovery for cloud platforms. - Skill requirement: Very easy. - Automatic: Automatically backs up data after the policy is set.Copy the code

For details, see Cloud Platform Backup Solution.

In addition, we will complete the update of all the mirrors before April 15, 2019. The latest version of the image no longer lists the password in the document, but uses a random password generated with the user starting up, which can fundamentally solve the problem of weak passwords.

This article is originally published by Websoft9.