网站被攻击,表中数据被删了 我的网站用的是ASP+MS SQL。前两天“新闻”表中的数据全被删了。我加了sql防注入代码,但今天早晨打开网站发现所有新闻又被删了。我对安全技术了解很少,想向大家请教一下,我应该如何防范此类攻击?怎样才能查到攻击者的操作记录(我是租的空间,服务商说没有任何记录,只有web日志又看不出什么问题)?请不吝赐教,多谢! 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 1.常备份2.肯定要查iis日志3.换服务商如果能确定程序没有注入,就是服务商的问题。 谢谢perfectaction!怎么才能查明究竟是如何被攻击的?像新闻数据表中记录全部被删除这种情况会是注入造成的吗?IIS日志我也看不出个所以然来啊。有个123.112.50.7的IP有很多操作,不知道是否有关。附 IIS日志(一段):备注:(1)122.102.6.221 是我网站空间服务器的IP。(2)网站应该是在凌晨0:00-6:00被攻击的。#Software: Microsoft Internet Information Services 6.0#Version: 1.0#Date: 2008-05-29 00:00:01#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status sc-bytes 2008-05-29 00:00:01 W3SVC441 122.102.6.221 GET /back.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 404 0 2 14682008-05-29 00:00:01 W3SVC441 122.102.6.221 GET /Database_2.asp id=1617 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0 411292008-05-29 00:00:04 W3SVC441 122.102.6.221 GET /back.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 404 0 2 14682008-05-29 00:00:04 W3SVC441 122.102.6.221 GET /Database_2.asp id=1438 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0 448002008-05-29 00:00:06 W3SVC441 122.102.6.221 GET /manage/product/managepro.asp page=3&newstype=&txtitle= 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 856902008-05-29 00:00:07 W3SVC441 122.102.6.221 GET /back.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 404 0 2 14682008-05-29 00:00:08 W3SVC441 122.102.6.221 GET /Database_2.asp id=1416 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0 1001422008-05-29 00:00:10 W3SVC441 122.102.6.221 GET /back.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 404 0 2 14682008-05-29 00:00:10 W3SVC441 122.102.6.221 GET /Database_2.asp id=1447 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0 302052008-05-29 00:00:13 W3SVC441 122.102.6.221 GET /manage/product/editpro.asp id=884 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 129182008-05-29 00:00:13 W3SVC441 122.102.6.221 GET /back.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 404 0 2 14682008-05-29 00:00:13 W3SVC441 122.102.6.221 GET /manage/news/editor/ewebeditor.asp id=zhaiyao&style=standard_3d1 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 148292008-05-29 00:00:13 W3SVC441 122.102.6.221 GET /manage/news/editor/ewebeditor.asp id=content&style=standard_3d1 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 148292008-05-29 00:00:13 W3SVC441 122.102.6.221 GET /manage/news/editor/ewebeditor.asp id=content1&style=standard_3d1 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 148302008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /manage/news/editor/css/office3d/Editor.css - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 29892008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /Database_2.asp id=1418 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0 874632008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /manage/news/editor/include/table.js - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 106022008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /manage/news/editor/include/editor.js - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 291762008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /manage/news/editor/include/menu.js - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 150202008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/italic.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 3302008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/underline.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 3372008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/bold.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 3252008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/strikethrough.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 3332008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/superscript.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 3312008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/subscript.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 3302008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/JustifyLeft.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 3212008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/JustifyCenter.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 321 123.112.50.7的还有好多,此外还有个76.177.97.185 的也很多。请问从哪儿可以查IP对应的详细信息(详细区域、公司等)?2008-05-29 22:56:47 W3SVC441 122.102.6.221 GET /Database_2.asp id=1381 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 395712008-05-29 22:56:47 W3SVC441 122.102.6.221 GET /back.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 404 0 2 14682008-05-29 22:56:49 W3SVC441 122.102.6.221 GET /style.css - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 211472008-05-29 22:56:49 W3SVC441 122.102.6.221 GET /images/bj-image.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 2962008-05-29 22:56:49 W3SVC441 122.102.6.221 GET /images/etavenue_top3.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 34862008-05-29 22:56:51 W3SVC441 122.102.6.221 GET /images/car_03.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 12582008-05-29 22:56:51 W3SVC441 122.102.6.221 GET /images/behome.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 3312008-05-29 22:56:51 W3SVC441 122.102.6.221 GET /images/find_1.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 11312008-05-29 22:56:51 W3SVC441 122.102.6.221 GET /images/rssicon.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 10032008-05-29 22:56:52 W3SVC441 122.102.6.221 GET /images/top_nav2.jpg - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 64542008-05-29 22:56:52 W3SVC441 122.102.6.221 GET /images/line_delimiter.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 3482008-05-29 22:56:53 W3SVC441 122.102.6.221 GET /images/ad/162x90_hengtai.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 149482008-05-29 22:56:53 W3SVC441 122.102.6.221 GET /images/row_icon.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 3032008-05-29 22:56:53 W3SVC441 122.102.6.221 GET /images/ad-effect-word.JPG - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 29722008-05-29 22:56:53 W3SVC441 122.102.6.221 GET /images/TradeLead3.jpg - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 59682008-05-29 22:56:57 W3SVC441 122.102.6.221 GET /policy_3.asp id=42 80 - 74.6.22.108 Mozilla/5.0+(compatible;+Yahoo!+Slurp;+http://help.yahoo.com/help/us/ysearch/slurp) 200 0 0 31380 在日志中搜delete,看看有没有相关url提交 日志里含有delete的记录格式如下:(1)2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/delete.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 3462008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/RemoveFormat.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 347备注:此外还有近100个这样的,都是这个IP(123.112.50.7)。(2)2008-05-29 10:06:04 W3SVC441 122.102.6.221 GET /robots.txt - 80 - 202.179.180.45 Mozilla/4.0+(compatible;+NaverBot/1.0;+http://help.naver.com/delete_main.asp) 404 0 2 14682008-05-29 10:06:15 W3SVC441 122.102.6.221 GET /Index.asp - 80 - 202.179.180.45 Mozilla/4.0+(compatible;+NaverBot/1.0;+http://help.naver.com/delete_main.asp) 200 0 0 90782备注:就这两条。 这两个都不是。。是查看删除数据这段时间的日志吗?如果是注入,iis日志里应该有记录的。 用log_explore查看數據庫操作日志 我不确定是不是注入。问题就是新闻表里的记录被删除了。26号被删除过一次,日志里没有别的含delete的记录。今天被删除了一次,还没有日志。前几天的日志我都查了,里边都没有url后带“delete”的。 log_explore是个工具吗?还是命令?别见笑,我对sql了解不多。我的空间服务商说只有IIS日志,没有其它的,也不知道是真的,还是怕麻烦。被攻击两次了,连怎么死得都不知道,郁闷啊。 Lumigent Log Explorer 是个软件不会是人为删除的吧 -_- sql问题in子句传递参数问题 SQLServer 如何添加sa用户 sqlserver2000分页的小问题,大家帮帮忙啊? 从access数据库表中按照奇偶查询 求存储过程写一个中序遍历 我的SQL-SERVER中无法打开表,只有在导入或导出数据后才能打开表。而我表中的数据却乱掉了,一条记录复制了好几条记录,不知道是什么原因。 十万火急,基础问题!!!!!!!! 请教高手sql语句 SQL 与ORACLE 关于内含各种联接的视图怎么写!符合条件者拿分就是! 安装SQL 2005时出错 怎样达到达到这种效果
2.肯定要查iis日志
3.换服务商如果能确定程序没有注入,就是服务商的问题。
备注:
(1)122.102.6.221 是我网站空间服务器的IP。
(2)网站应该是在凌晨0:00-6:00被攻击的。#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2008-05-29 00:00:01
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status sc-bytes
2008-05-29 00:00:01 W3SVC441 122.102.6.221 GET /back.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 404 0 2 1468
2008-05-29 00:00:01 W3SVC441 122.102.6.221 GET /Database_2.asp id=1617 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0 41129
2008-05-29 00:00:04 W3SVC441 122.102.6.221 GET /back.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 404 0 2 1468
2008-05-29 00:00:04 W3SVC441 122.102.6.221 GET /Database_2.asp id=1438 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0 44800
2008-05-29 00:00:06 W3SVC441 122.102.6.221 GET /manage/product/managepro.asp page=3&newstype=&txtitle= 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 85690
2008-05-29 00:00:07 W3SVC441 122.102.6.221 GET /back.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 404 0 2 1468
2008-05-29 00:00:08 W3SVC441 122.102.6.221 GET /Database_2.asp id=1416 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0 100142
2008-05-29 00:00:10 W3SVC441 122.102.6.221 GET /back.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 404 0 2 1468
2008-05-29 00:00:10 W3SVC441 122.102.6.221 GET /Database_2.asp id=1447 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0 30205
2008-05-29 00:00:13 W3SVC441 122.102.6.221 GET /manage/product/editpro.asp id=884 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 12918
2008-05-29 00:00:13 W3SVC441 122.102.6.221 GET /back.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 404 0 2 1468
2008-05-29 00:00:13 W3SVC441 122.102.6.221 GET /manage/news/editor/ewebeditor.asp id=zhaiyao&style=standard_3d1 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 14829
2008-05-29 00:00:13 W3SVC441 122.102.6.221 GET /manage/news/editor/ewebeditor.asp id=content&style=standard_3d1 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 14829
2008-05-29 00:00:13 W3SVC441 122.102.6.221 GET /manage/news/editor/ewebeditor.asp id=content1&style=standard_3d1 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 14830
2008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /manage/news/editor/css/office3d/Editor.css - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 2989
2008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /Database_2.asp id=1418 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0 87463
2008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /manage/news/editor/include/table.js - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 10602
2008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /manage/news/editor/include/editor.js - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 29176
2008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /manage/news/editor/include/menu.js - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 15020
2008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/italic.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 330
2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/underline.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 337
2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/bold.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 325
2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/strikethrough.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 333
2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/superscript.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 331
2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/subscript.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 330
2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/JustifyLeft.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 321
2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/JustifyCenter.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 321
2008-05-29 22:56:47 W3SVC441 122.102.6.221 GET /back.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 404 0 2 1468
2008-05-29 22:56:49 W3SVC441 122.102.6.221 GET /style.css - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 21147
2008-05-29 22:56:49 W3SVC441 122.102.6.221 GET /images/bj-image.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 296
2008-05-29 22:56:49 W3SVC441 122.102.6.221 GET /images/etavenue_top3.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 3486
2008-05-29 22:56:51 W3SVC441 122.102.6.221 GET /images/car_03.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 1258
2008-05-29 22:56:51 W3SVC441 122.102.6.221 GET /images/behome.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 331
2008-05-29 22:56:51 W3SVC441 122.102.6.221 GET /images/find_1.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 1131
2008-05-29 22:56:51 W3SVC441 122.102.6.221 GET /images/rssicon.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 1003
2008-05-29 22:56:52 W3SVC441 122.102.6.221 GET /images/top_nav2.jpg - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 6454
2008-05-29 22:56:52 W3SVC441 122.102.6.221 GET /images/line_delimiter.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 348
2008-05-29 22:56:53 W3SVC441 122.102.6.221 GET /images/ad/162x90_hengtai.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 14948
2008-05-29 22:56:53 W3SVC441 122.102.6.221 GET /images/row_icon.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 303
2008-05-29 22:56:53 W3SVC441 122.102.6.221 GET /images/ad-effect-word.JPG - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 2972
2008-05-29 22:56:53 W3SVC441 122.102.6.221 GET /images/TradeLead3.jpg - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 5968
2008-05-29 22:56:57 W3SVC441 122.102.6.221 GET /policy_3.asp id=42 80 - 74.6.22.108 Mozilla/5.0+(compatible;+Yahoo!+Slurp;+http://help.yahoo.com/help/us/ysearch/slurp) 200 0 0 31380
(1)
2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/delete.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 3462008-05-29 00:00:15 W3SVC441 122.102.6.221
GET /manage/news/editor/buttonimage/standard/RemoveFormat.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 347备注:此外还有近100个这样的,都是这个IP(123.112.50.7)。(2)
2008-05-29 10:06:04 W3SVC441 122.102.6.221 GET /robots.txt - 80 - 202.179.180.45 Mozilla/4.0+(compatible;+NaverBot/1.0;+http://help.naver.com/delete_main.asp) 404 0 2 14682008-05-29 10:06:15 W3SVC441 122.102.6.221 GET /Index.asp - 80 - 202.179.180.45 Mozilla/4.0+(compatible;+NaverBot/1.0;+http://help.naver.com/delete_main.asp) 200 0 0 90782备注:就这两条。
是查看删除数据这段时间的日志吗?如果是注入,iis日志里应该有记录的。