我怎样才能知道*如何*我的网站被黑了?如何查找网站漏洞? [英] How Can I Find Out *HOW* My Site Was Hacked? How Do I Find Site Vulnerabilities?
问题描述
我的一个自定义开发的 ASP.NET 网站今天遭到黑客攻击:被黑客入侵By Swan(请停止战争!...)"它使用 ASP.NET 和 SQL Server 2005 以及 IIS 6.0 和 Windows 2003 服务器.我没有使用 Ajax,我想我在连接到数据库的任何地方都在使用存储过程,所以我认为它不是 SQL 注入.我现在已经删除了文件夹的写权限.
One of my custom developed ASP.NET sites was hacked today: "Hacked By Swan (Please Stop Wars !.. )" It is using ASP.NET and SQL Server 2005 and IIS 6.0 and Windows 2003 server. I am not using Ajax and I think I am using stored procedures everywhere I am connecting to the database so I dont think it is SQL injection. I have now removed the write permission on the folders.
我怎样才能知道他们做了什么来入侵网站以及如何防止它再次发生?
How can I find out what they did to hack the site and what to do to prevent it from happening again?
服务器已更新所有 Windows 更新.
The server is up to date with all Windows updates.
他们所做的是将 6 个文件(index.asp、index.html、index.htm 等)上传到网站的主目录.
What they have done is uploading 6 files (index.asp, index.html, index.htm,...) to the main directory for the website.
我应该上传哪些日志文件?我有来自这个文件夹的 IIS 日志文件:c:\winnt\system32\LogFiles\W3SVC1.我愿意把它展示给你们中的一些人,但不认为在互联网上发布是好的.有人愿意看吗?
What log files should I upload?
I have log files for IIS from this folder: c:\winnt\system32\LogFiles\W3SVC1.
I am willing to show it to some of you but don't think it is good to post on the Internet. Anyone willing to take a look at it?
我已经在 Google 上搜索过,但我唯一发现还有其他网站被黑了 - 我没有看到任何关于它的讨论.
I have already searched on Google but the only thing I find there are other sites that have been hacked - I haven't been able to see any discussion about it.
我知道这与编程并没有严格的关系,但这对程序员来说仍然是一件很重要的事情,很多程序员都被这样黑过.
I know this is not strictly related to programming but this is still an important thing for programmers and a lot of programmers have been hacked like this.
推荐答案
对您网站的攻击似乎是 SWAN 在 2008 年 11 月 21 日针对运行 IIS 6.0 的 Windows 2003 和 Windows 2000 机器进行的大规模破坏的一部分.这里的其他人提出了一些建议.我只想补充一点,每当您决定打开网站时,请格式化盒子并从头开始重新安装.一个盒子一旦被破坏,它就无法被信任,无论你如何清洁和净化它.
It appears that the attack on your website was part of a mass defacement carried out by SWAN on 21 November, 2008 against Windows 2003 and Windows 2000 boxes running IIS 6.0. Others here have suggested a number of things. I would only add that whenever you decide to bring up the website, please format the box and reinstall from scratch. Once a box is compromised, it cannot be trusted, at all, however you clean and purify it.
这篇关于我怎样才能知道*如何*我的网站被黑了?如何查找网站漏洞?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
