账号通
    

账号  

密码  

30652

查看

80

回复
主题:[公告]针对此次挂马事件官方已联合部分受害用户报警!请广大站长参与! [收藏主题] 转到:  
7256504 当前离线

617

主题

1

广播

0

粉丝
添加关注
级别:六年级

用户积分:6143 分
登录次数:538 次
注册时间:2007/3/15
最后登录:2018/9/7
7256504 发表于:2009/9/16 1:11:00   | 显示全部帖子 查看该作者主题 楼主 
科汛在线商城系统(NET)
嵌套的_Script_块 是什么意思?
 
  支持(0) | 反对(0) 回到顶部顶端 回到底部底部
7256504 当前离线

617

主题

1

广播

0

粉丝
添加关注
级别:六年级

用户积分:6143 分
登录次数:538 次
注册时间:2007/3/15
最后登录:2018/9/7
7256504 发表于:2009/9/15 16:27:00   | 显示全部帖子 查看该作者主题 沙发 
科汛在线考试系统(NET)
以下是引用xcqs在2009-9-15 15:28:00的发言:

2009-09-14 14:58:16 W3SVC311 210.52.223.69 POST /UploadFiles/C00N.asp - 80 - 222.245.220.131 - 200 0 0 275
2009-09-14 14:58:17 W3SVC311 210.52.223.69 POST /KS_Editor/fckeditor/editor/css/images/help.asp;.jpg - 80 - 222.245.220.131 - 200 0 0 199
2009-09-14 14:58:38 W3SVC311 210.52.223.69 POST /Template/rss.asp nor=0&en=0&asp=0&dot=1 80 - 222.245.220.131 - 200 0 0 389

 

站名:秀衣阁

网址:www.xiuyige.com

QQ:64272435,xiuyige@qq.com

 

临时结觉方法:删除源程序,本地修改。临时放置HTML代码

 

 

IP222.245.220.131 和攻击我的是一样的。

 
  支持(0) | 反对(0) 回到顶部顶端 回到底部底部
7256504 当前离线

617

主题

1

广播

0

粉丝
添加关注
级别:六年级

用户积分:6143 分
登录次数:538 次
注册时间:2007/3/15
最后登录:2018/9/7
7256504 发表于:2009/9/15 13:56:00   | 显示全部帖子 查看该作者主题 藤椅 

他总在鼓捣我的网站!

 

2009-09-14 15:23:18 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /bbs/boke/Images/sex/help.asp;.jpg - 80 - 222.245.220.131 HTTP/1.1 - - http://www.cds12355.com/bbs/boke/Images/sex/help.asp;.jpg www.cds12355.com 200 0 0 218 307 234
2009-09-14 15:23:43 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /Template/rss.asp nor=0&en=0&asp=0&dot=1 80 - 222.245.220.131 HTTP/1.1 - - http://www.cds12355.com/Template/rss.asp?nor=0&en=0&asp=0&dot=1 www.cds12355.com 200 0 0 417 8055 24187

 

传了很多help.asp;.jpg!!!

 
  支持(0) | 反对(0) 回到顶部顶端 回到底部底部
7256504 当前离线

617

主题

1

广播

0

粉丝
添加关注
级别:六年级

用户积分:6143 分
登录次数:538 次
注册时间:2007/3/15
最后登录:2018/9/7
7256504 发表于:2009/9/15 13:53:00   | 显示全部帖子 查看该作者主题 板凳 
科汛在线商城系统(NET)

接上楼:

 

2009-09-14 11:37:41 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /bbs/Dv_plus/flashget/help.asp;.jpg - 80 - 222.245.213.129 HTTP/1.1 - - http://www.cds12355.com/bbs/Dv_plus/flashget/help.asp;.jpg www.cds12355.com 200 0 0 218 309 218

 

还是222.245.213.129 湖南省怀化市 电信

 
  支持(0) | 反对(0) 回到顶部顶端 回到底部底部
7256504 当前离线

617

主题

1

广播

0

粉丝
添加关注
级别:六年级

用户积分:6143 分
登录次数:538 次
注册时间:2007/3/15
最后登录:2018/9/7
7256504 发表于:2009/9/15 13:50:00   | 显示全部帖子 查看该作者主题 报纸 

1:iis日志:

2009-09-14 02:06:26 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /admin/rfmashell.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 115 46
2009-09-14 02:06:26 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /admin/shell.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 111 46
2009-09-14 02:06:26 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /admin/shell.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 111 46
2009-09-14 02:06:27 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /maxhdiy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 107 46
2009-09-14 02:06:27 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 103 46
2009-09-14 02:06:27 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 103 31
2009-09-14 02:06:27 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /admin/fgiydiy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 113 31
2009-09-14 02:06:27 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /admin/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 109 31
2009-09-14 02:06:27 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /admin/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 109 31
2009-09-14 02:06:27 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /inc/ecbgdiy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 111 31
2009-09-14 02:06:27 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /inc/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 107 31
2009-09-14 02:06:30 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /inc/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 107 2984
2009-09-14 02:06:51 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upload/tdwndiy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 114 15
2009-09-14 02:06:51 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upload/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 110 31
2009-09-14 02:06:51 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upload/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 110 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upfile/dvrcdiy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 114 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upfile/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 110 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upfile/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 110 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /uploadfiles/splmdiy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 119 62
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /uploadfiles/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 115 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /uploadfiles/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 115 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /bbs/loadtree1.asp boardid=79&rootid=379&action=1 80 - 203.208.60.19 HTTP/1.1 Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html) - - www.cds12355.com 200 0 0 3286 278 93
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /inc/aqgzposha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 113 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /inc/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 109 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /inc/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 109 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /english/aiodposha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 117 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /english/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 113 31
2009-09-14 02:06:55 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /english/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 113 3078
2009-09-14 02:06:55 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upload/bdbdposha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 116 31
2009-09-14 02:06:55 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upload/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 112 31
2009-09-14 02:06:55 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upload/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 112 31
2009-09-14 02:06:56 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upfile/myuaposha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 116 31
2009-09-14 02:06:56 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upfile/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 112 31
2009-09-14 02:06:56 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upfile/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 112 31
2009-09-14 02:06:56 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /uploadfiles/unxqposha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 121 31
2009-09-14 02:06:56 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /uploadfiles/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 117 31
2009-09-14 02:06:56 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /uploadfiles/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 117 31
2009-09-14 02:16:46 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /Template/rss.asp - 80 - 222.245.220.112 HTTP/1.1 - - http://www.cds12355.com/Template/rss.asp www.cds12355.com 200 0 0 294 297 250
2009-09-14 02:16:47 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /bbs/boke/Images/manage/inedx.asp - 80 - 222.245.220.112 HTTP/1.1 - - http://www.cds12355.com/bbs/boke/Images/manage/inedx.asp www.cds12355.com 200 0 0 294 305 312
2009-09-14 02:16:47 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /bbs/boke/Edit_Plus/FCKeditor/editor/plugins/placeholder/lang/bottum.asp - 80 - 222.245.220.112 HTTP/1.1 - - http://www.cds12355.com/bbs/boke/Edit_Plus/FCKeditor/editor/plugins/placeholder/lang/bottum.asp www.cds12355.com 200 0 0 294 383 265
2009-09-14 02:16:47 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /bbs/boke/Skins/dvskin/C00N.asp - 80 - 222.245.220.112 HTTP/1.1 - - http://www.cds12355.com/bbs/boke/Skins/dvskin/C00N.asp www.cds12355.com 200 0 0 294 301 156
2009-09-14 02:16:48 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /bbs/boke/Edit_Plus/FCKeditor/editor/_source/help.asp;.jpg - 80 - 222.245.220.112 HTTP/1.1 - - http://www.cds12355.com/bbs/boke/Edit_Plus/FCKeditor/editor/_source/help.asp;.jpg www.cds12355.com 200 0 0 218 355 203
2009-09-14 02:16:50 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET / t=6761 80 - 222.245.220.112 HTTP/1.1 - - - www.cds12355.com 200 0 0 50867 49 1375
2009-09-14 02:16:50 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /houtai t=157 80 - 222.245.220.112 HTTP/1.1 - - - www.cds12355.com 200 0 0 395 54 109
2009-09-14 02:16:50 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /houtai/ t=157 80 - 222.245.220.112 HTTP/1.1 - - - www.cds12355.com 200 0 0 2536 55 265
2009-09-14 02:17:14 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /Template/rss.asp nor=0&en=0&asp=0&dot=1 80 - 222.245.220.112 HTTP/1.1 - - http://www.cds12355.com/Template/rss.asp?nor=0&en=0&asp=0&dot=1 www.cds12355.com 200 0 0 412 8055 23687

 

攻击ip一:222.35.142.77 (北京市 铁通)可疑!是否在试探我的目录?

攻击ip:222.245.220.112 (湖南省怀化市 电信)在论坛里上传了一个help.asp;.jpg 文件,但是我刚才看的时候是0字节,不知为何?

目前网站已经广泛被挂马。。。打不开了

2、常德市12355青少年服务台

3、www.cds12355.com

4、qq:9777597

 

其它日志消息正在查找。。。

 
  支持(0) | 反对(0) 回到顶部顶端 回到底部底部
7256504 当前离线

617

主题

1

广播

0

粉丝
添加关注
级别:六年级

用户积分:6143 分
登录次数:538 次
注册时间:2007/3/15
最后登录:2018/9/7
7256504 发表于:2009/9/15 12:17:00   | 显示全部帖子 查看该作者主题 地板 
科汛在线商城系统(NET)
如何查看iis日志?我是虚拟主机用户
 
  支持(0) | 反对(0) 回到顶部顶端 回到底部底部
<上一主题 | 下一主题 >
Powered By KesionCMS Version X1
厦门科汛软件有限公司 © 2006-2016 页面执行0.12500秒 powered by KesionCMS 9.0