Some time ago, one of the company's websites was constantly posted by hackers with friendly links from their hacker network. It was not too annoying to replace it and add it, because the website ranking dropped a lot (because I guess it was when I first discovered it). It’s been many days). Later, I took some measures, and now it has finally stopped. I will talk about my detailed steps below.
First, determine whether it is an intrusion from the background, an ftp intrusion, or a database intrusion. If you lack the knowledge to interpret it, then don't judge and take all countermeasures directly.
1. Log in to the space control panel, select Advanced Functions, find the column "How to send ASP error information to the client", click "Send predetermined text error message to the client", the default is "Send detailed error message to the client", This is very important, as it provides a convenient channel for database intrusion.
2. The password for modifying the space and background login should be long and complex, including a mixture of underscores and letters and numbers.
3. Modify the database name, change the mdb suffix to asp, and correspondingly change the database path in conn.
4. The last step, and the most important step, is to insert the following code into conn, which should be inserted above the reading database, which is the beginning of the page.
The following is the quoted code:
<%
'--------Definition part------------------
Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr
'Customize the strings that need to be filtered, separated by "maple"
Fy_In = "and maple exec maple insert maple select maple delete maple update maple count maple * maple chr maple mid maple master maple truncate maple char maple declare"
Fy_Inf = split(Fy_In,"Maple")
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
Response.Write "<Script Language=javaScript>alert('Prompt↓nnPlease do not include illegal characters in the parameters when trying to inject, QQ: your QQ number!nYour company name');</Script >"
Response.Write "Illegal operation! The system made the following records↓<br>"
Response.Write "Operation IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
Response.Write "Operation time:"&Now&"<br>"
Response.Write "Operation page:"&Request.ServerVariables("URL")&"<br>"
Response.Write "Submission method: POST<br>"
Response.Write "Submit parameters:"&Fy_Post&"<br>"
Response.Write "Submit data:"&Request.Form(Fy_Post)
Response.End
End If
Next
Next
End If
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
Response.Write "<Script Language=Javascript>alert('System promptnPlease do not include illegal characters in the parameters and try to inject!nQQ:1351298933');</Script>"
Response.Write "<div style='height:auto; overflow:hidden; color:#C00; width:300px; margin:20px auto; font-size:12px; line-height:22px; font-weight:400'> "
Response.Write "Illegal operation! The system has made the following record for you↓<br>"
Response.Write "Operation IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
Response.Write "Operation time:"&Now&"<br>"
Response.Write "Operation page:"&Request.ServerVariables("URL")&"<br>"
Response.Write "Submission method: GET<br>"
Response.Write "Submit parameters:"&Fy_Get&"<br>"
Response.Write "Submit data:"&Request.QueryString(Fy_Get)
Response.Write "<div>"
Response.End
End If
Next
Next
End If
%>
After completing the above four steps, it is not possible to 100% prevent hackers from intruding, but at least it can block most hackers who only use tools. This article is original. Please keep http://www.6868sky.com for reprinting. Thanks to chinaz.
Thank you Mingrui for your contribution