Search these two files, remove the user group and powers group, and leave only Administrators and system permissions. If there are other groups
Please remove all. This will prevent this Trojan list all the physical path of the site ...
The ASP program recently ran into an upload image, but if the Upload Image folder gave IIS executable script permission, then he uploaded. jpg
The picture is also able to perform ASP Trojan. Oh
The format of the upload is: xxx.asp;_200.jpg
Note that he is uploading in a. jpg format, but there is. asp in the middle, which can also execute scripts and should also be a bug for IIS.
Workaround:
One, can upload the directory to IIS does not allow the execution of script permissions.
Second, the use of other files with the protection of software to prevent *.asp;*.jpg write files.
Third, all directories are allowed to read, as long as the folder is written in IIS please change the script to none. If there is no friend of the server, it is transmitted
There's no way to do that, unless you can coordinate with the space trader to help you with these operations.
The ASP Trojan changed to the suffix name jpg file, uploaded to the website, and then through the Backup database method, restore JPG format for ASP trojan. thereby controlling the website. Usually if only upload jpg asp trojan, is not a destructive effect.
If you pay attention to the recent news, you will find that there is a loophole in the frequency of more photogenic. Yes, it is Microsoft's latest JPEG Image Vulnerability (ms04-028).
You can not be misunderstood is a JPEG file problem, in fact, is not the JPEG format itself has problems, can only blame Microsoft programmer, unexpectedly let people in the operating system GDI + components found a resolution of malformed JPEG file buffer overflow problem. The vulnerability is very extensive and harmful. Users are infected by browsing pictures in a variety of ways, while making their machines run other malicious code, including various viruses, illegal control code, causing Trojans and worms to invade the local computer illegally.
I would like to teach you how to use JPEG vulnerability to make a picture of a Trojan horse, it can be a picture of the Trojan Horse sent to the forum, as long as others browse the post will be in the Trojan. Only by understanding the principle of attack, our prevention can be done methodically.
First of all to recommend a relatively simple production of the picture Trojan tool--jpg Trojan Horse generator (JPEG downloader). Before making, we have to use the Trojan server to generate a configuration file, upload to their homepage.
Directly execute the JPG trojan generator, will pop up a dialog box to ask you to enter a filename, this file is we just configured the Trojan file. Choose their own configuration of the Trojan file click to generate, so that in this directory generated a file named Mypicture.jpg, it is our protagonist.
Then casually choose a forum, select the post, in the content to add (of course, your own home page space in the file address), and then a seductive name, and then wait for someone else to come into it.
Postscript
The test JPEG vulnerability is only effective for Windows XP SP1 and Windows 2003, and does not work for each version of Windows 2000.
Microsoft Official Vulnerability Repair Program http://www.microsoft.com/china/security/Bulletins/200409_jpeg.mspx
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
