今天晚上,我的服务器被黑了,屏幕如下图示,后面是我被修改的主页文件,请高手给看看,他怎么进来的,我的漏洞是什么?
index.php
<title>#Hacked By Ramzi Null#</title><link href="http://hacker-newbie.org/favicon.ico" rel="shortcut icon" type="image/x-icon" /><style type='text/css'>
body,td,th {
font-family: Impact;
font-size: 13px;
color:#00FF00;
}
body {
background-color:#121214;
}
a:link {color: #FFFFFF; text-decoration: none; }
a:active {color: #FFFFFF; text-decoration: none; }
a:visited {color: #FFFFFF; text-decoration: none; }
a:hover {color: #00FF00; text-decoration: none; }
</style>
<script type="text/javascript">
<!--//
function tb9_makeArray(n){
this.length = n;
return this.length;
}
tb9_messages = new tb9_makeArray(4);
tb9_messages[0] = "#Hacked By Ramzi Null";
tb9_messages[1] = "#Tunisia Hackers";
tb9_messages[2] = "..................";
tb9_messages[3] = "|";
tb9_messages[4] = "<========== | ==========>";
tb9_messages[5] = " <===== | =====> ";
tb9_rptType = 'infinite';
tb9_rptNbr = 5;
tb9_speed = 75;
tb9_delay = 2000;
var tb9_counter=1;
var tb9_currMsg=0;
var tb9_timerID = null
var tb9_bannerRunning = false
var tb9_state = ""
tb9_clearState()
function tb9_stopBanner() {
if (tb9_bannerRunning)
clearTimeout(tb9_timerID)
tb9_timerRunning = false
}
function tb9_startBanner() {
tb9_stopBanner()
tb9_showBanner()
}
function tb9_clearState() {
tb9_state = ""
for (var i = 0; i < tb9_messages[tb9_currMsg].length; ++i) {
tb9_state += "0"
}
}
function tb9_showBanner() {
if (tb9_getString()) {
tb9_currMsg++
if (tb9_messages.length <= tb9_currMsg) {
if ((tb9_rptType == 'finite') && (tb9_counter==tb9_rptNbr)){
tb9_stopBanner();
return;
}
tb9_counter++;
tb9_currMsg=0;
}
tb9_clearState()
tb9_timerID = setTimeout("tb9_showBanner()", tb9_delay)
}
else {
var tb9_str = ""
for (var j = 0; j < tb9_state.length; ++j) {
tb9_str += (tb9_state.charAt(j) == "1") ? tb9_messages[tb9_currMsg].charAt(j) : "___"
}
document.title = tb9_str
tb9_timerID = setTimeout("tb9_showBanner()", tb9_speed)
}
}
function tb9_getString() {
var full = true
for (var j = 0; j < tb9_state.length; ++j) {
if (tb9_state.charAt(j) == 0)
full = false
}
if (full) return true
while (1) {
var num = tb9_getRandom(tb9_messages[tb9_currMsg].length)
if (tb9_state.charAt(num) == "0")
break
}
tb9_state = tb9_state.substring(0, num) + "1" + tb9_state.substring(num + 1, tb9_state.length)
return false
}
function tb9_getRandom(max) {
var now = new Date()
var num = now.getTime() * now.getSeconds() * Math.random()
return num % max
}
tb9_startBanner()
</script>
<center><pre><font size="6">
#Tunisia Hackers #Hacked by Ramzi Null
</center></pre></font><br>
<center>
<style type="text/css">
#image{
}
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="http://jqueryrotate.googlecode.com/svn/trunk/jQueryRotate.js"></script>
<script type="text/javascript" src="http://www.p0wersurge.com/js/jquery-css-transform.js"></script>
<script type="text/javascript" src="http://www.p0wersurge.com/js/rotate3Di.js"></script>
<body>
<a href="http://forum.anonymous-tunisia.org"><img src='http://globalvoicesonline.org/wp-content/uploads/2012/04/anon_logo.png' id='image'></a>
<script type="text/javascript">
var open = function(){
$("#image").animate({height:223},{ duration: 2000, queue: false });
$("#image").animate({width:240},{ duration: 2000, queue: false });
}
var rotation = function (){
$("#image").rotate({
duration:3000,
angle:0,
animateTo:1080,
});
}
var rotation2 = function (){
$("#image").rotate3Di(360, 1000);
setTimeout('rotation2()', 3500)
}
rotation();
open();
setTimeout('rotation2()', 4800)
</script>
<pre>[+]-------------------------------------------------[ Greetz To ]-----------------------------------------------------[+]
+ <MARQUEE align="center" direction="left" scrollamount="2" width="75%">The Commender | Yassine Owner | Tn_Scorpion | CapoO_TunisiAnoO | xtobi | Younes Injector (DZ) | And All Muslim Hackers </MARQUEE> +
[+]---------------------------------------------------------------------------------------------------------------[+]
<br><br>
E-Mail: [email protected]<br><br>
Facebook: <a href="https://www.facebook.com/Ramzi.Pascal"><font color="00FF00"><u>fb/Ramzi.Pascal</a><br><br>
<embed name="MediaPlayer" pluginspage="http://www.microsoft.com/Windows/Downloads/Contents/Products/MediaPlayer/" src="http://k003.kiwi6.com/hotlink/n8q6t817dk/safri_duo_-_played_a_live.mp3" width="20" height="15" type="application/x-mplayer2" ? autostart="True" showcontrols="1" showstatusbar="1" loop="True" enablecontextmenu="0" displaysize="0" hidden><noembed>Ramzi Null</noembed></html>
index.php
<title>#Hacked By Ramzi Null#</title><link href="http://hacker-newbie.org/favicon.ico" rel="shortcut icon" type="image/x-icon" /><style type='text/css'>
body,td,th {
font-family: Impact;
font-size: 13px;
color:#00FF00;
}
body {
background-color:#121214;
}
a:link {color: #FFFFFF; text-decoration: none; }
a:active {color: #FFFFFF; text-decoration: none; }
a:visited {color: #FFFFFF; text-decoration: none; }
a:hover {color: #00FF00; text-decoration: none; }
</style>
<script type="text/javascript">
<!--//
function tb9_makeArray(n){
this.length = n;
return this.length;
}
tb9_messages = new tb9_makeArray(4);
tb9_messages[0] = "#Hacked By Ramzi Null";
tb9_messages[1] = "#Tunisia Hackers";
tb9_messages[2] = "..................";
tb9_messages[3] = "|";
tb9_messages[4] = "<========== | ==========>";
tb9_messages[5] = " <===== | =====> ";
tb9_rptType = 'infinite';
tb9_rptNbr = 5;
tb9_speed = 75;
tb9_delay = 2000;
var tb9_counter=1;
var tb9_currMsg=0;
var tb9_timerID = null
var tb9_bannerRunning = false
var tb9_state = ""
tb9_clearState()
function tb9_stopBanner() {
if (tb9_bannerRunning)
clearTimeout(tb9_timerID)
tb9_timerRunning = false
}
function tb9_startBanner() {
tb9_stopBanner()
tb9_showBanner()
}
function tb9_clearState() {
tb9_state = ""
for (var i = 0; i < tb9_messages[tb9_currMsg].length; ++i) {
tb9_state += "0"
}
}
function tb9_showBanner() {
if (tb9_getString()) {
tb9_currMsg++
if (tb9_messages.length <= tb9_currMsg) {
if ((tb9_rptType == 'finite') && (tb9_counter==tb9_rptNbr)){
tb9_stopBanner();
return;
}
tb9_counter++;
tb9_currMsg=0;
}
tb9_clearState()
tb9_timerID = setTimeout("tb9_showBanner()", tb9_delay)
}
else {
var tb9_str = ""
for (var j = 0; j < tb9_state.length; ++j) {
tb9_str += (tb9_state.charAt(j) == "1") ? tb9_messages[tb9_currMsg].charAt(j) : "___"
}
document.title = tb9_str
tb9_timerID = setTimeout("tb9_showBanner()", tb9_speed)
}
}
function tb9_getString() {
var full = true
for (var j = 0; j < tb9_state.length; ++j) {
if (tb9_state.charAt(j) == 0)
full = false
}
if (full) return true
while (1) {
var num = tb9_getRandom(tb9_messages[tb9_currMsg].length)
if (tb9_state.charAt(num) == "0")
break
}
tb9_state = tb9_state.substring(0, num) + "1" + tb9_state.substring(num + 1, tb9_state.length)
return false
}
function tb9_getRandom(max) {
var now = new Date()
var num = now.getTime() * now.getSeconds() * Math.random()
return num % max
}
tb9_startBanner()
</script>
<center><pre><font size="6">
#Tunisia Hackers #Hacked by Ramzi Null
</center></pre></font><br>
<center>
<style type="text/css">
#image{
}
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="http://jqueryrotate.googlecode.com/svn/trunk/jQueryRotate.js"></script>
<script type="text/javascript" src="http://www.p0wersurge.com/js/jquery-css-transform.js"></script>
<script type="text/javascript" src="http://www.p0wersurge.com/js/rotate3Di.js"></script>
<body>
<a href="http://forum.anonymous-tunisia.org"><img src='http://globalvoicesonline.org/wp-content/uploads/2012/04/anon_logo.png' id='image'></a>
<script type="text/javascript">
var open = function(){
$("#image").animate({height:223},{ duration: 2000, queue: false });
$("#image").animate({width:240},{ duration: 2000, queue: false });
}
var rotation = function (){
$("#image").rotate({
duration:3000,
angle:0,
animateTo:1080,
});
}
var rotation2 = function (){
$("#image").rotate3Di(360, 1000);
setTimeout('rotation2()', 3500)
}
rotation();
open();
setTimeout('rotation2()', 4800)
</script>
<pre>[+]-------------------------------------------------[ Greetz To ]-----------------------------------------------------[+]
+ <MARQUEE align="center" direction="left" scrollamount="2" width="75%">The Commender | Yassine Owner | Tn_Scorpion | CapoO_TunisiAnoO | xtobi | Younes Injector (DZ) | And All Muslim Hackers </MARQUEE> +
[+]---------------------------------------------------------------------------------------------------------------[+]
<br><br>
E-Mail: [email protected]<br><br>
Facebook: <a href="https://www.facebook.com/Ramzi.Pascal"><font color="00FF00"><u>fb/Ramzi.Pascal</a><br><br>
<embed name="MediaPlayer" pluginspage="http://www.microsoft.com/Windows/Downloads/Contents/Products/MediaPlayer/" src="http://k003.kiwi6.com/hotlink/n8q6t817dk/safri_duo_-_played_a_live.mp3" width="20" height="15" type="application/x-mplayer2" ? autostart="True" showcontrols="1" showstatusbar="1" loop="True" enablecontextmenu="0" displaysize="0" hidden><noembed>Ramzi Null</noembed></html>
有两点建议:
仔细观察访问日志,找出那些频繁出现404 400错误的请求IP。可能这个黑客是靠蜘蛛分析批量作业,而不是只针对你
关闭web目录一般用户的可写权限,可以是 0444另,你还没告诉服务器环境,独立服务器还是虚拟主机,运行模式