With the Phpweb program, is now hanging code, check out 2 days to find out, we help to see what is the reason! Thank you

Source: Internet
Author: User
Tags phpmyadmin
Site poisoning, with Phpweb, and now has been unable to find, trouble master to help see,




Reply to discussion (solution)

I didn't see anything wrong.

I didn't see anything wrong.



Find in the source code! Some!



The virus Trojan is here

You're a very strange man.
You those friendship connection, who knows is not your own?

You're a very strange man.
You those friendship connection, who knows is not your own?



That's the Trojan Horse! ~~

If your site does not, there may be other sites in the server that are horses out, and you are scanned to match the

If your site does not, there may be other sites in the server that are horses out, and you are scanned to match the



Is put a friendship connection, hang a lot of URLs, and then Jinshan browser, every time you open this site on the prompt virus. That pile of URLs is hanging on the home page!

grep xargs SED is replaced directly, if it is added automatically, do a program to monitor the read and write of the file

grep xargs SED is replaced directly, if it is added automatically, do a program to monitor the read and write of the file



I suspect is hanging code into the database inside, because JS and compiled have been checked, can not find!

Find out where the data is coming from.
You wrote the website yourself ...

Find out where the data is coming from.
You wrote the website yourself ...



Too many tables, more trouble


Find out where the data is coming from.
You wrote the website yourself ...



Too many tables, more trouble


Please use FTP to see the file modification date, download the IIS log of the day, for that time, you can see what he has done?

General upgrade patches, a few days in a row to observe the IIS logs, you can quickly identify problems.

Mysql


Find out where the data is coming from.
You wrote the website yourself ...



Too many tables, more trouble


Mysqldump Convert the contents of the database to a text file, and then grep to find it.


1. Since the suspect is hanging in the database, look at the corresponding table, first from the program to see the link which block is the reading of which table ... Even if there are too many tables, you will not open the data by opening the table. Find out after the management of this piece of relevant code there is a loophole, if not see first clear
2. After clearing, open the log, watch to see if it is hung again, see the corresponding time log, see if you can find clues

I've had problems like this before. Do you write your program yourself or CMS? If it is a CMS I suggest to look at the data file inside the file will generally inject inside the program

1. Since the suspect is hanging in the database, look at the corresponding table, first from the program to see the link which block is the reading of which table ... Even if there are too many tables, you will not open the data by opening the table. Find out after the management of this piece of relevant code there is a loophole, if not see first clear
2. After clearing, open the log, watch to see if it is hung again, see the corresponding time log, see if you can find clues



Eldest brother, I am exactly what you said, a open check, see the eyes are tired. I was on the Internet to check the software library software, and then connect to check, the connection failed!

I've had problems like this before. Do you write your program yourself or CMS? If it is a CMS I suggest to look at the data file inside the file will generally inject inside the program



I am using phpweb, not my own writing program, I only understand PHP simple, complex do not understand! I've also checked the data.

Mysql



Find out where the data is coming from.
You wrote the website yourself ...



Too many tables, more trouble


Mysqldump Convert the contents of the database to a text file, and then grep to find it.



Thank you, but PHP has a lot of tables Ah, I first save him under the SQL mode look!

If you can't find it, please consider the network problem ....

Thank you for your help answer, I passed 1. SQL backup format, and then find the keyword to see the hang code is inside the database! I only have to delete now

field, but I don't know if the virus was injected into that watch. How does this look?

phpMyAdmin has a search function, why don't you use it?

phpMyAdmin has a search function, why don't you use it?



phpMyAdmin This senior management does not, I checked, only the above they answer the suggestion with the text is practical!

How could it not? You're going to search for a piece of text (like a wine device)
Besides, when you export SQL for the entire library export, one table export does not know in that table?

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.