Site poisoning, with Phpweb, and now has been unable to find, trouble master to help see,
Reply to discussion (solution)
I didn't see anything wrong.
I didn't see anything wrong.
Find in the source code! Some!
The virus Trojan is here
You're a very strange man.
You those friendship connection, who knows is not your own?
You're a very strange man.
You those friendship connection, who knows is not your own?
That's the Trojan Horse! ~~
If your site does not, there may be other sites in the server that are horses out, and you are scanned to match the
If your site does not, there may be other sites in the server that are horses out, and you are scanned to match the
Is put a friendship connection, hang a lot of URLs, and then Jinshan browser, every time you open this site on the prompt virus. That pile of URLs is hanging on the home page!
grep xargs SED is replaced directly, if it is added automatically, do a program to monitor the read and write of the file
grep xargs SED is replaced directly, if it is added automatically, do a program to monitor the read and write of the file
I suspect is hanging code into the database inside, because JS and compiled have been checked, can not find!
Find out where the data is coming from.
You wrote the website yourself ...
Find out where the data is coming from.
You wrote the website yourself ...
Too many tables, more trouble
Find out where the data is coming from.
You wrote the website yourself ...
Too many tables, more trouble
Please use FTP to see the file modification date, download the IIS log of the day, for that time, you can see what he has done?
General upgrade patches, a few days in a row to observe the IIS logs, you can quickly identify problems.
Mysql
Find out where the data is coming from.
You wrote the website yourself ...
Too many tables, more trouble
Mysqldump Convert the contents of the database to a text file, and then grep to find it.
1. Since the suspect is hanging in the database, look at the corresponding table, first from the program to see the link which block is the reading of which table ... Even if there are too many tables, you will not open the data by opening the table. Find out after the management of this piece of relevant code there is a loophole, if not see first clear
2. After clearing, open the log, watch to see if it is hung again, see the corresponding time log, see if you can find clues
I've had problems like this before. Do you write your program yourself or CMS? If it is a CMS I suggest to look at the data file inside the file will generally inject inside the program
1. Since the suspect is hanging in the database, look at the corresponding table, first from the program to see the link which block is the reading of which table ... Even if there are too many tables, you will not open the data by opening the table. Find out after the management of this piece of relevant code there is a loophole, if not see first clear
2. After clearing, open the log, watch to see if it is hung again, see the corresponding time log, see if you can find clues
Eldest brother, I am exactly what you said, a open check, see the eyes are tired. I was on the Internet to check the software library software, and then connect to check, the connection failed!
I've had problems like this before. Do you write your program yourself or CMS? If it is a CMS I suggest to look at the data file inside the file will generally inject inside the program
I am using phpweb, not my own writing program, I only understand PHP simple, complex do not understand! I've also checked the data.
Mysql
Find out where the data is coming from.
You wrote the website yourself ...
Too many tables, more trouble
Mysqldump Convert the contents of the database to a text file, and then grep to find it.
Thank you, but PHP has a lot of tables Ah, I first save him under the SQL mode look!
If you can't find it, please consider the network problem ....
Thank you for your help answer, I passed 1. SQL backup format, and then find the keyword to see the hang code is inside the database! I only have to delete now
field, but I don't know if the virus was injected into that watch. How does this look?
phpMyAdmin has a search function, why don't you use it?
phpMyAdmin has a search function, why don't you use it?
phpMyAdmin This senior management does not, I checked, only the above they answer the suggestion with the text is practical!
How could it not? You're going to search for a piece of text (like a wine device)
Besides, when you export SQL for the entire library export, one table export does not know in that table?