瑞星卡卡安全论坛

首页 » 技术交流区 » 入侵防御(HIPS) » WEB服务器的网站目录常写入文件,怎办?
天意被占用 - 2011-5-3 17:33:00
<title>{ ~ !_H釩K镽-T殁M_! ~ }</title>
<html>
<head>
<meta http-equiv="Content-Language" c>
<meta http-equiv="Content-Type" c>
<title>GrupRadaR ...</title>
</head>
<div id="image2" style="position:absolute; overflow:hidden; left:540px; top:441px; width:64px; height:46px; z-index:3"><img src="http://img1.loadtr.com/k-558024-hack.gif" ust="" title="" border=0 width=64 height=46></div>
<body text="#FFFFFF" bgcolor="#000000" style="text-align: center">
<BODY bgColor=black>


每个文件夹下都被写入:
default.htm
<htmL xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type c>
<meta name=ProgId content=Word.Document>
<meta name=Generator c>
<meta name=Originator c>
<link rel=File-List href="index_dosyalar/filelist.xml">
<link rel=Edit-Time-Data href="index_dosyalar/editdata.mso">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<title>!_H釩K镽-T殁M_!</title>
<!--[if gte mso 9]><xml>
<o:DocumentProperties>
  <o:Author>@.Net</o:Author>
  <o:Template>Normal</o:Template>
  <o:LastAuthor>@.Net</o:LastAuthor>
  <o:Revision>4</o:Revision>
  <o:TotalTime>8</o:TotalTime>
  <o:Created>2008-05-20T06:32:00Z</o:Created>
  <o:LastSaved>2011-02-06T12:21:00Z</o:LastSaved>
  <o:Pages>1</o:Pages>
  <o:Words>152</o:Words>
  <o:Characters>867</o:Characters>
  <o:Lines>7</o:Lines>
  <o:Paragraphs>2</o:Paragraphs>
  <o:CharactersWithSpaces>1017</o:CharactersWithSpaces>
  <o:Version>11.9999</o:Version>
</o:DocumentProperties>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:ValidateAgainstSchemas/>
  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
  <w:IgnoreMixedContent>false</w:IgnoreMixedContent>
  <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:162;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:1627421319 -2147483648 8 0 66047 0;}
@font-face
{font-family:Impact;
panose-1:2 11 8 6 3 9 2 5 2 4;
mso-font-charset:162;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:647 0 0 0 159 0;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;
mso-font-charset:162;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:-536861953 -1073733541 9 0 479 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
p
{mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;
mso-header-margin:35.4pt;
mso-footer-margin:35.4pt;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normal Tablo";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]--><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="3074"/>
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1"/>
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=black lang=TR link=blue vlink=purple style='tab-interval:35.4pt'>
<div class=Section1>
<p class=MsoNormal align=center style='margin-bottom:14.0pt;text-align:center'><span
style='font-size:28.0pt;font-family:"Segoe UI";color:red'>!_<span class=SpellE>H釩K镽</span>-<span
class=SpellE>T殁M</span>_!</span><b style='mso-bidi-font-weight:normal'><span
style='font-size:18.0pt'> <script>

 

browserName        = navigator.appName 
browserVersion      = parseInt(navigator.appVersion) 

document.onmousedown = checkforRightMouseButtonClick; 
if (browserVersion<5 && browserName=="Netscape") 

    window.onmousedown = checkforRightMouseButtonClick; 


function rightClickPressed() 

  alert(" insanlarin Bayragina vatanina Dinine Saygi G鰏termeyi Ne Zaman 鰃reniceksiniz ! "); 


function checkforRightMouseButtonClick(mouseEvent) 

if ( ((browserName=="Microsoft Internet Explorer") && (event.button >1)) || 
      ((browserName=="Ne tscape") && (mouseEvent.which > 1)) ) 
    { 
      rightClickPressed() 
      return false; 
    } 
else 
  return true; 

</script><br>
</span></b><img width=300 height=250 id="_x0000_i1026"
src="http://img377.yukle.tc/images/3722asker_ve_bayrak.jpg" border=0><br>
<b><span style='mso-spacerun:yes'>?/span></b><span style='font-size:26.0pt;
font-family:"Segoe UI";color:red'>!_?/span><span class=SpellE><span
lang=EN-US style='font-size:26.0pt;font-family:"Segoe UI";color:red;mso-ansi-language:
EN-US'>_耮暄</span></span><span lang=EN-US style='font-size:26.0pt;font-family:
"Segoe UI";color:red;mso-ansi-language:EN-US'>哶!?/span><b><span
style='font-size:24.0pt;font-family:Impact;color:mintcream'><br>
</span></b><b><span style='font-size:13.5pt;font-family:Tahoma;color:white'>Tek
謓derimiz Hazreti MUHAMMED (sav)</span></b><b><span style='font-size:24.0pt;
font-family:Impact;color:mintcream'> <br>
</span></b><b><span style='font-size:13.5pt;font-family:Tahoma;color:red'>T黵kish
islamic Hacking Secruty Birligi ( Vurucu Team )</span></b><b><span
style='font-size:24.0pt;font-family:Impact;color:mintcream'> </span></b><b><span
style='font-size:13.5pt;font-family:Tahoma;color:white'>|<span class=SpellE>By</span>_<span
class=SpellE>uMuT</span> |</span></b><b><span style='font-size:24.0pt;
font-family:Impact;color:mintcream'> </span><o:p></o:p></b></p>
<div class=MsoNormal align=center style='text-align:center'><b><span
style='font-size:24.0pt;font-family:Impact;color:mintcream'>
<hr size=5 width="100%" noshade color=red align=center>
</span></b></div>
<p class=MsoNormal><b><span style='font-size:24.0pt;font-family:Impact;
color:mintcream'><o:p> </o:p></span></b></p>
<p align=center style='text-align:center'><b><span style='font-size:14.0pt;
font-family:Arial;color:red'>Biz kimsenin kutsal de餰rlerine karmad齥 hakaret
etmedik.<br>
屈nki Biz T黵k Ulusuyuz Kimsenin kutsal de餰rlerine hakaret etmeyiz.<br>
Ama siz K黵t pkk Yandaslari k鰌ekler<br>
T黰 T黵k黱 kutsal Bayragina Askerine Develetine Hakaret B鰈點黮黭 Ve<br>
K黵t Acilimi Altinda Yapdiniz Eylemlerden dolayi <br>
T黰 T黵k halki Ve Aziz Sehidlerimiz Adina Sitenize el konulmusdur..!!<br>
Hem Bu Vatanin ekmegini yiyin suyunu icin Hemde ihaned Edin Yok 鰕le is<br>
Ya susdururuz Yada Kan kusdururuz <span class=GramE>?</span><span
class=SpellE>xD</span><o:p></o:p></span></b></p>
<div class=MsoNormal align=center style='text-align:center'><b><span
style='font-size:24.0pt;font-family:Impact;color:mintcream'>
<hr size=5 width="100%" noshade color=white align=center>
</span></b></div>
<p align=center style='text-align:center'><span class=SpellE><b><span
style='font-size:22.0pt;font-family:Arial;color:red'>WwW</span></b></span><b><span
style='font-size:22.0pt;font-family:Arial;color:red'>.SaDeCe2mizZ.Com <br>
<br>
<a href="mailto:AsKim@SaDeCe2mizZ.Com">[email=AsKim@SaDeCe2mizZ.Com]AsKim@SaDeCe2mizZ.Com</a[/email]> </span></b><b><span
style='font-size:22.0pt;color:mintcream'><o:p></o:p></span></b></p>
<p class=MsoNormal align=center style='text-align:center'><b><span
style='color:white'><img border=0 width=99 height=99 id="_x0000_i1029"
src="http://img377.yukle.tc/images/4219sol_bayrak.gif" style='left:0px;
position:absolute;top:0px' alt=T
_fcksavedurl="http://80.190.202.79/pic/h/htmlkod/sag_bayrak.gif"><img border=0
width=99 height=99 id="_x0000_i1030"
src="http://img377.yukle.tc/images/5594sag_bayrak.gif" style='position:absolute;
right:0px;top:0px'
_fcksavedurl="http://80.190.202.79/pic/h/htmlkod/sag_bayrak.gif"></span><span
style='color:mintcream'><o:p></o:p></span></b></p>
<div name=mediaspace id=mediaspace>
<p class=MsoNormal align=center style='text-align:center'><b><span
style='color:mintcream'><script  type="text/javascript" src="http://www.muzikdinlemex.net/swfobject2.js">
</script></span></b><span class=SpellE><b><span style='font-size:24.0pt;
font-family:Impact;color:mintcream'>Flash</span></b></span><b><span
style='font-size:24.0pt;font-family:Impact;color:mintcream'> Player Y黭l?
De餴l!<o:p></o:p></span></b></p>
</div>
<p class=MsoNormal><b><span style='font-size:24.0pt;font-family:Impact;
color:mintcream'><script  type="text/javascript">

        var so = new SWFObject("https://ujimedia.googlecode.com/svn/branches/ujimedia.swf", "main", "380", "28", "8", "#000000");
  so.addParam("allowFullScreen", "false");
  so.addVariable("MediaLink", "http://www.youtube.com/watch?v=gbSCThOjWG8");
  so.addVariable("image", "http://i1.ytimg.com/vi/gbSCThOjWG8/0.jpg");
  so.addVariable("playOnStart", "true");
  so.addVariable("autoHideVideoControls", "false");
  so.addVariable("onStartShowControls", "true");
  so.addVariable("showPlayButton", "true");
  so.write("mediaspace");
</script></span></b><o:p> </o:p></p>
</div>
</body>
</html>

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; QQPinyinSetup 620; .NET CLR 2.0.50727)

附件: swf.rar
networkedition - 2011-5-4 9:17:00
设置只读权限吧,或者指定的用户组访问web目录。还有就是查找网站服务器是否有后门,可以尝试使用杀毒软件进行全盘杀毒。查找网页页面漏洞,修补漏洞等等吧。
Gothack - 2011-5-17 22:35:00
web目录权限设置不对,再看看是不是有什么漏洞
1
查看完整版本: WEB服务器的网站目录常写入文件,怎办?