took over a picture website some time ago and found that there were many places worth improving, so many functions were added to the program, so it was very convenient to use. But so was to rival the stinkeye, because our website is outside the chain and browse together, set free and collected one of the album.
got up on Tuesday and opened the website as usual, but found a window suddenly popped up, while antivirus software jumped out. I was horrified to find a reality I didn’t want to accept: the website was hung up! Ha ha. Immediately called the programmer, that the site was linked to horse, to immediately clear, consider to bring a lot of inconvenience to the user to browse the site, so a silent battle is about to start.
I first open FTP, found inside the file has not been modified, the most general is linked to the horse is hacked into the program file in the code inside. But this time it’s strange, and the modification time of the inside files has never changed before. At this point, the programmer feedback to the news, is likely to be SQL injection. So I immediately opened the SQL database, and found that many of the fields were densely packed.
follows the following references:
code, this is the legendary SQL injection, ha ha, finally found the reason, and then use SQL statement batch replace these code.
The following references are
; /script> ” ”)
note that the underscore section is the database table name and field name. Please replace them flexibly.
said it was injected more, it still didn’t take much time to delete in batches. The site has returned to normal, but I can’t afford it, because I can’t find the root cause. Does anyone know my background code? Does anyone know my SQL password or did someone upload a program with a Trojan or upload malicious code?
after a careful investigation, finally ruled out before three, we finally found the website program, many send, BBS, and modify the data album place can send this script statements. What a careless mistake! Common sense is wrong. So called the programmer to put all the text documents in the place (hackers can use this upload malicious code) are patched, blocked the loopholes, cited a classic line: safety first. The method is very simple, just filter out this >