Website is hanged Global.asa Trojan's harm and solution

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

This time found a few cases of customer Web site was hacked, and these several sites appear in the site root directory is more than one file, the name is Global.asa. Below we will do a special analysis Global.asa Trojan:

One, the website is hanged Global.asa Trojan's harm

Website if be hanged Global.asa Trojan, if for a do not understand network marketing, do not understand the site optimization of the people, basically no impact, because the Global.asa Trojan generally will not affect the normal operation of the site, hackers generally use Global.asa Trojan is not to destroy the site's operation, they and the site black chain similar, is generally the site search The engine contains very bad effects. Often performance search engine contains a lot of inexplicable site title, and these titles are definitely not the content of their own site, click on the link to enter the site is still the page, but the title is different, click Baidu Snapshot found Baidu hint: "Sorry, you see the page does not allow Baidu to save its snapshots, You can directly access So-and-so URL, yes! This shows that your site has been recruited! It is the direct result of the site in the search engine rankings decline or completely disappear, serious will also allow visitors to visit your site when the computer poisoning!

Second, why the hacker uses Global.asa to name the Trojan file

To figure out why hackers use Global.asa to name Trojan files, we must first understand what Global.asa files are. We can see in Baidu Encyclopedia is the introduction of experts: Global.asa file is an optional file, it can contain the ASP application in each page access to the object, variable, and method declarations. All legitimate browser scripts can be used in Global.asa. In Global.asa, we can tell the creator and the session object what to do at the start and end. The code that completes this task is placed in the event operator.

From the above introduction, we should be able to draw the conclusion: Global.asa Trojan is actually a kind of script Trojan horse. Then why does the hacker use Global.asa to do the Trojan horse? This is precisely because Global.asa file is a very special file, he can invoke a lot of programs, hackers can visit the site when visitors realize the call to the Jump command function.

Three, the realization principle of Global.asa Trojan horse

We understand that global.asa files are accessed primarily based on session-level events and are invoked in the following three cases:

1 when Application_OnStart or Application_OnEnd events are triggered.

2 when Session_OnStart or Session_OnEnd events are triggered.

3, when referencing an object that is instantiated in a Global.asa file.

Because the Global.asa file is a Web site-initiated file, when the site is accessed by users, the content of the Application_Start code snippet is executed, and when a user accesses the first time, it executes the content of the Session_Start code snippet, So a lot of Global.asa file's function is when the visit automatically download Trojan content, also reached the effect of the jump URL.

Iv. how to solve the Global.asa Trojan

1, thoroughly check their own web site FTP, clean out the FTP global.asa files (there may be some virtual host users can not delete the site, you can contact the technical staff for your deletion)

2, contact service providers, inform service providers of the risk of the server, usually hackers will not upload a website Global.asa Trojan, but by scanning the entire server batch upload Global.asa Trojan, if your site recruit, then the entire server must also have other sites also recruit !

3, strengthen the Web site FTP restrictions, prohibit the FTP write function, do not use FTP, directly prohibit FTP usage.

4, check their web site procedures for vulnerabilities and risks, here I particularly stressed that, do not covet cheap to download some free source code and templates, some hackers are using you like to take advantage of the psychological, and deliberately in the site source code left behind the backdoor program, and then released to a variety of resources to download the site, This is a time bomb! There is no free lunch, you take away the source code is bound to return one day, and then you pay will be a painful price! Even the very cheap source that Taobao sells is not credible!

I Xu Shaoyu engaged in website construction industry has more than 7 years, in Hefei, where the Network Technology Co., Ltd., the website operation and optimization has great interest, this time on the Global.asa Trojan event is also due to the United States of Hefei air conditioning repair site http://www.hfmeidi.com/ To optimize the site and found this problem, welcome like-minded friends to discuss and Exchange website Operation topic. In addition, this article is an original article, starting in the A5 webmaster Network, if reproduced please keep the URL, thank you!