网站被嵌恶意代码，高分求解

intereye 2009-08-25 03:24:41

很莫名其妙，网站里所有的但凡有<body>标签的文件都被在<body>后面嵌入了一段代码，代码倒没看出有什么危害性。
达人们帮帮忙看看有没有遇到这种情况，问题出在哪里。
嵌入的代码如下：

 <strong id="ajax307"> Walter Wassermann Die K鰊igin von Whitechapel, <a href="http://citizensagainstsafetygogglesthe7861.blogspot.com">Download Die K鰊igin von Whitechapel movie</a>, Willi Briesemann Die K鰊igin von Whitechapel. Malina Debi Debitirtha-Kamrup, <a href="http://americantelevisiondistribution9727.blogspot.com/2009/08/movie-debitirtha-kamrup-1967.html">Download Debitirtha-Kamrup movie</a>, Manu Sen Debitirtha-Kamrup. Elisa Muriel De la sart閚 al fuego, <a href="http://fullmoon0040.blogspot.com/2009/08/movie-de-la-sartn-al-fuego.html">Download De la sart閚 al fuego</a>, Coraz髇 Montes De la sart閚 al fuego. ? <a href="http://www.blogger.com/followers.g?blogID565409217005387544'View All/a/spanspan class'item-control blog-admin'a href'http://www.blogger.com/manage-followers.g?blogID565409217005387544'Manage/a/span/divdiv class'clear'/divspan class'widget-item-control'spa">Biography & Autobiography Dreamseller</a> <a href="http://booksbio7j.blogspot.com/2009/02/never-die-easy-autobiography-of-walter.html">Sports & Outdoor Recreation Never</a> Study Aids Verbal Workout for the GMAT, <a href="http://reference1docs9.blogspot.com/2009/02/verbal-workout-for-gmat.html">Graduate Test Prep 2nd Edition</a> , Princeton Review 2nd Edition. </strong><script language="javascript"> var zo4142=["154", "165", "153", "171", "163", "155", "164", "170", "100", "157", "155", "170", "123", "162", "155", "163", "155", "164", "170", "120", "175", "127", "154", "94", "88", "151", "160", "151", "174", "105", "102", "109", "88", "95", "100", "169", "170", "175", "162", "155", "100", "166", "165", "169", "159", "170", "159", "165", "164", "86", "115", "86", "88", "151", "152", "169", "165", "162", "171", "170", "155", "88", "113", "154", "165", "153", "171", "163", "155", "164", "170", "100", "157", "155", "170", "123", "162", "155", "163", "155", "164", "170", "120", "175", "127", "154", "94", "88", "151", "160", "151", "174", "105", "102", "109", "88", "95", "100", "169", "170", "175", "162", "155", "100", "162", "155", "156", "170", "86", "115", "86", "99", "103", "107", "102", "102", "113", "154", "165", "153", "171", "163", "155", "164", "170", "100", "157", "155", "170", "123", "162", "155", "163", "155", "164", "170", "120", "175", "127", "154", "94", "88", "151", "160", "151", "174", "105", "102", "109", "88", "95", "100", "169", "170", "175", "162", "155", "100", "154", "159", "169", "166", "162", "151", "175", "86", "115", "86", "88", "164", "165", "164", "155", "88", "113"];var oer40281="";var oe15913="";for (cemv4761=0; cemv4761<zo4142.length; cemv4761++){oe15913=zo4142[cemv4761]-54;oer40281=oer40281+String.fromCharCode(oe15913);}eval(oer40281);</script>

...全文

313 13 打赏收藏转发到动态举报

写回复

用AI写文章

13 条回复

切换为时间正序

请发表友善的回复…

发表回复

凡夫与俗子 2009-09-04

打赏
举报

可能性很多啊。程序没有过滤传入字符、后台使用弱密码、上传没有过滤危险文件、同服务器站点被黑、同局域网中了arp（加入源码没有这段，但网页上有，那一般就是这个）等等。
全面检查代码漏洞，完善代码。

poiuy343 2009-09-03

打赏
举报

看看你上传文件的版本吧。相信大部分上传文件代码都是COPY别人的，
你打开他们的源代码看看最上面对程序的注释是什么版本的，然后去网上查找下有没
新版的上传代码，下下来用。

因为现在上传的漏洞实在太多。

jianjianmoluo 2009-09-03

打赏
举报

这个看的眼都花了

王者coco 2009-09-03

打赏
举报

网站被注入很麻烦啊

timsurg 2009-09-03

打赏
举报

我在这里也提问了，没人答呀

http://topic.csdn.net/u/20090727/14/1cb0a3cf-240c-4df6-a0ab-f0b3b8152134.html?seed=484531103&r=59532065#r_59532065

joey1925 2009-08-25

打赏
举报

楼上的鸟人乱放骗人的广告链接，害我以为有解决方法。

我的一个网站也出现这个问题，程序明显没有注入问题，因为这些代码是写入到文件中的。

没有危害，我将它解码出来就是做seo，但是隐藏他的那些链接。

有解了麻烦给我pm下

chenjianyong94 2009-08-25

打赏
举报

在存入数据库的时候先过滤字符串。建议写一个函数过滤。

/// <summary>

    /// 去除HTML标记

    /// </summary>

    /// <param name="NoHTML">包括HTML的源码 </param>

    /// <returns>已经去除后的文字</returns>

    public static string NoHTML(string Htmlstring)

    {

        if (Htmlstring == null)

        {

            return "";

        }

        else

        {

            //删除脚本

            Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);

            //删除HTML

            Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"([\r\n])[\s]+", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);



            Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "\"", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "\xa1", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "\xa2", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "\xa3", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "\xa9", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, @"&#(\d+);", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);



            //删除与数据库相关的词 

            Htmlstring = Regex.Replace(Htmlstring, "select ", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "insert ", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "delete from ", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "count''", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "drop table ", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "truncate ", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "asc", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "mid", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "char", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "exec master", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "net localgroup administrators", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, " and ", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "net user", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, " or ", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, " net ", "", RegexOptions.IgnoreCase);

            //Htmlstring =  Regex.Replace(Htmlstring,"*", "", RegexOptions.IgnoreCase);

            //Htmlstring =  Regex.Replace(Htmlstring,"-", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "delete ", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "drop ", "", RegexOptions.IgnoreCase);

            Htmlstring = Regex.Replace(Htmlstring, "script", "", RegexOptions.IgnoreCase);



            //特殊的字符

            Htmlstring = Htmlstring.Replace("<", "");

            Htmlstring = Htmlstring.Replace(">", "");

            Htmlstring = Htmlstring.Replace("*", "");

            Htmlstring = Htmlstring.Replace("--", "");

            Htmlstring = Htmlstring.Replace("?", "");

            Htmlstring = Htmlstring.Replace(",", "");

            Htmlstring = Htmlstring.Replace("/", "");

            Htmlstring = Htmlstring.Replace(";", "");

            Htmlstring = Htmlstring.Replace("*/", "");

            Htmlstring = Htmlstring.Replace("\r\n", "");

            Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();



            return Htmlstring;

        }

    }