The characteristics of the server ARP virus and its protection instructions _ outside the star virtual host
Source: Internet
Author: User
Recently, some users reflect that all Web sites on the server have been inserted into the virus code, but these virus codes
In the server's source file can not be found, therefore, network management to clean up the virus can not start, this is what
Why is it caused?
A: This is a recent popular ARP virus caused by.
Specifically, there are hundreds of servers in the computer room where your server is located, including a suit
Server has been hacked and installed ARP virus, although not your own servers were invaded,
But it can also seriously affect other servers including your own.
For example: if one of the servers in the engine room is compromised, it will go to the same machine
Room other servers broadcast such deceptive information: "I am the gateway, we contract
Just through Me ", the other server receives this information will automatically the normal data
Sent to this "poisonous server", this "poisonous server" will be in the normal
The data (generally the Web page) inserts the virus code, when you use IE in the remote access
Your own server Web site, you will find your own server on all sites inexplicable
The wonderful is inserted into the "Virus code", but you can not find the source files in the server
To these "virus codes".
Solution:
1. From the above analysis you can know that if you want to fundamentally solve this problem,
You must first locate the poisoned server in your computer room, and then interrupt this poison-carrying
Network of servers and antivirus.
2. If the room does not help you solve the problem, you can force your own clothing
Server to use "static Gateway", set up, even if you receive a poison servers
The broadcast message: "I am the gateway, everyone to the contract through me", as not
will be affected.
The Setup method is as follows:
1. On your server desktop,
2. A new BAT format batch file called "Prevent Arp.bat" is established.
The contents of the document are as follows:
arp-d *
Arp-s 192.168.0.1 03-00-0f-07-a0-0c
(where 192.168.0.1 this IP is to be changed to your server gateway IP,
This IP you can ask the room to get.
(where 03-00-0f-07-a0-0c is to be changed to your server gateway
MAC address, you can also ask the room to get the address.
Note: If the computer room does not tell you the MAC address, you can also on the server
Run the ARP-A command, and you will also see the MAC address of the gateway.
Reminder: If there is an ARP virus, this MAC address may be wrong, you need to
Consult your room for confirmation
3. After the batch file is set up, you can double-click it to run it, and it will be strong
Row to set its own server to use "static gateway". So that we can solve
ARP virus attack problem.
Note: You will need to rerun this batch after each reboot of the server
Pieces "to take effect. You can also add this "batch file"
In the startup item or in the operating system's scheduled tasks,
So he could run it himself.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.