How to handle the site is implanted malicious code caused by the computer room interception prompt

Recently received customer's website was xxx*** caused by tampering with some malicious code, the following specific tips:

The following responses were received from customers:

Customer said: The site was implanted malicious code, such as some XXX website content, how to deal with the server now detected that the site was stopped.

Blocking Information tips:

Dear User Hello: You visit the site by the computer room security management system interception, there may be the following causes:

Your site is not filed, or the original record number is canceled, click to enter the fast and free record channel.

Your site has not been added to the whitelist, click on the Quick Add website whitelist. If added, wait for the whitelist to take effect.

Your website exists violation, illegal content, please contact our 7*24h hour on-duty customer service, or consulting Enterprise QQ. Dev:. 224.87 domain:www

The customer site is phpcms v9 system +aspx Enterprise Integration System, Aspx+sql2005+php+mysql hybrid architecture, the entire station data size in 10G size, including attachments and programs and two databases.

We sinesafe the Site security Response Department immediately to the site conducted a comprehensive security testing and code audit, found that the site of dozens of large back door, due to the number of customer site visits and the weight of Baidu is relatively high, the customer therefore requested to resolve this security problem as soon as possible, After the code audit found that the site has SQL injection vulnerability and upload bypass vulnerability, the specific details will not be disclosed, send a few Web sites are redirected to the code page map:

This code is for the search engine to do the judgment, if it is through Baidu search click in the direct jump to the specified malicious address.

Emergency Solutions:

Processing method: First the suspicious file view under the modified time comparison of their local backup files if there are redundant files if there are some deleted, and then see if the ERE page has been modified to replace the upload with a backup, but only to resolve the moment or will be repeatedly tampered with, the symptoms of the site from the log to check the signs, and the home page of the code to see if there are some encrypted code: see the META name tag in the Deion there are some character code encryption, such as: encrypted code we directly removed, and the site code for security checks, check whether there is malicious XXX code, or backdoor code , the site exists to repair and strengthen the vulnerability to prevent later by the XXX, (if the site code is not too understand, it is recommended to find a professional website security company to deal with, domestic security companies like Sine, as well as the Green Alliance, are more professional security companies)

How to handle the site is implanted malicious code caused by the computer room interception prompt