我刚刚更新了我正在开发的一个网站,不幸的是,一些我没有创建的链接突然出现在其中一个 Angular 落。我真的可以使用一些关于如何清理网站并删除所有内容的指导。
我上传到服务器的唯一文件是一些引导 css 文件、index.html 和一张背景图像。我已经对所有这些文件运行了 aVast,但它们都干净了,尽管我不确定这是否是足够的扫描。 所有文件均使用 filezilla FTP 上传。
我在加载网页时在 chrome 中打开了检查元素,在资源下它显示正在加载的文件不是我的并且我无法在服务器上找到。具体来说,一个是 URL 指向 acint(dot)net 的图像文件,另一个是名为 aci.js 的脚本,位于 acint(dot)net/aci.js(代码如下)
(function(n){n(window,"undefined"===typeof window._acic?{}:window._acic,"undefined"===typeof window._aci_debug?!1:window._aci_debug)})(function(n,f,t){function k(){if(!(this instanceof k))return new k;this.version="0.0.9";this.urlHit="//www.acint.net/hit/";this.urlJump="//www.acint.net/jump/";this.uid="";this.config={dataProvider:"",allowExtLinksTrack:!0,customData:null}}var v=!!t,s={};"object"==typeof JSON&&"function"==typeof JSON.stringify?s.stringify=function(a){return JSON.stringify(a)}:function(){function a(a){function b(a){return 10>
a?"0"+a:a}if(a&&"object"==typeof a){if(a instanceof Date)return isFinite(a.valueOf())?a.getUTCFullYear()+"-"+b(a.getUTCMonth()+1)+"-"+b(a.getUTCDate())+"T"+b(a.getUTCHours())+":"+b(a.getUTCMinutes())+":"+b(a.getUTCSeconds())+"Z":null;if(a instanceof String||a instanceof Number||a instanceof Boolean)return a.valueOf()}return a}function c(a){e.lastIndex=0;return e.test(a)?'"'+a.replace(e,function(a){var b=h[a];return"string"===typeof b?b:"\\u"+("0000"+a.charCodeAt(0).toString(16)).slice(-4)})+'"':'"'+
a+'"'}function d(e,u){var h,r,f,k,n=b,p,m=u[e],m=a(m);"function"===typeof q&&(m=q.call(u,e,m));switch(typeof m){case "string":return c(m);case "number":return isFinite(m)?String(m):"null";case "boolean":case "null":return String(m);case "object":if(!m)return"null";b+=g;p=[];if("[object Array]"===Object.prototype.toString.apply(m)){k=m.length;for(h=0;h<k;h+=1)p[h]=d(h,m)||"null";f=0===p.length?"[]":b?"[\n"+b+p.join(",\n"+b)+"\n"+n+"]":"["+p.join(",")+"]";b=n;return f}if(q&&"object"===typeof q)for(k=
q.length,h=0;h<k;h+=1)r=q[h],"string"===typeof r&&(f=d(r,m))&&p.push(c(r)+(b?": ":":")+f);else for(r in m)Object.prototype.hasOwnProperty.call(m,r)&&(f=d(r,m))&&p.push(c(r)+(b?": ":":")+f);f=0===p.length?"{}":b?"{\n"+b+p.join(",\n"+b)+"\n"+n+"}":"{"+p.join(",")+"}";b=n;return f}}var e,b,g,h,q;"function"!==typeof s.stringify&&(e=/[\\\"\x00-\x1f\x7f-\x9f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,h={"\b":"\\b","\t":"\\t","\n":"\\n","\f":"\\f","\r":"\\r",
'"':'\\"',"\\":"\\\\"},s.stringify=function(a,c,e){var h;g=b="";if("number"===typeof e)for(h=0;h<e;h+=1)g+=" ";else"string"===typeof e&&(g=e);if((q=c)&&"function"!==typeof c&&("object"!==typeof c||"number"!==typeof c.length))throw Error("JSONStub.stringify");return d("",{"":a})})}();var e={generateUUID:function(){return"xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g,function(a){var c=16*Math.random()|0;return("x"==a?c:c&3|8).toString(16)}).toLowerCase()},stringTrimLimit:function(a){a=a.replace(/\s+/gmi,
" ").replace(/^\s+|\s+$/g,"");1E3<a.length&&(a=a.substr(0,1E3));return a},getTimeZoneOffsetIso8601:function(){var a=function(a){return 10>a?"0"+a:a},c=(new Date).getTimezoneOffset();return(0<c?"-":"+")+a(Math.floor(Math.abs(c)/60))+":"+a(Math.abs(c)%60)},isObject:function(a){return"object"===typeof a&&"[object Object]"===Object.prototype.toString.call(a)},isArray:function(a){return"undefined"!==typeof Array.isArray?Array.isArray(a):"[object Array]"===Object.prototype.toString.call(a)},isEmptyObject:function(a){for(var c in a)return!1;
return!0},isString:function(a){return"string"===typeof a||a instanceof String},encodeUriParam:function(a){a=""+a;return encodeURIComponent instanceof Function?encodeURIComponent(a):escape(a)},implodeUriParams:function(a){var c,d=[];for(c in a)a.hasOwnProperty(c)&&d.push(c+"="+a[c]);return d.join("&")},makeRequestUri:function(a,c){return a+"?"+e.implodeUriParams(c)},makeRequestImage:function(a){(new Image).src=a},addEventListenerCrossBrowser:function(a,c,d){a.addEventListener?a.addEventListener(c,
d,!1):a.attachEvent?a.attachEvent("on"+c,d):"function"==typeof a["on"+c]&&(a["on"+c]=d)},addReadOnlyProperty:function(a,c,d){Object.defineProperty(a,c,{value:d,writeable:!1,enumerable:!0,configurable:!1})},fireEventCrossBrowser:function(a,c){var d,e=document;if(e.createEvent){var b=null;switch(c){case "click":case "dblclick":case "mousedown":case "mouseup":case "mouseover":case "mousemove":case "mouseout":case "mouseenter":case "mouseleave":b="MouseEvent";break;case "wheel":b="WheelEvent";break;case "load":case "unload":case "abort":case "error":case "select":case "resize":case "scroll":b=
"UIEvent";break;case "focus":case "focusin":case "focusout":case "blur":b="FocusEvent";break;case "beforeinput":case "input":b="InputEvent";break;case "keydown":case "keyup":b="KeyboardEvent";break;case "compositionstart":case "compositionupdate":case "compositionend":b="CompositionEvent"}try{d=e.createEvent(b)}catch(g){try{d=e.createEvent("HtmlEvents")}catch(h){try{d=e.createEvent("Event")}catch(q){throw Error("Cannot create event object for specified event: "+c);}}}d.initEvent(c,!0,!1);a.dispatchEvent(d)}else if(e.createEventObject)d=
e.createEventObject(),d.eventType=c,a.fireEvent("on"+c,d);else if("function"==typeof a["on"+c])a["on"+c]()},fireSameEventCrosBrowser:function(a,c,d){var e=document,b;if(e.createEvent)try{b=new d.constructor(c,d),a.dispatchEvent(b)}catch(g){b=e.createEvent("MouseEvent"),b.initMouseEvent(d.type,!0,!0,window,0,d.screenX,d.screenY,d.clientX,d.clientY,d.ctrlKey,d.altKey,d.shiftKey,d.metaKey,d.button,d.relatedTarget||null),a.dispatchEvent(b)}else if(e.createEventObject)b=e.createEventObject(d),b.eventType=
c,a.fireEvent("on"+c,b);else if("function"==typeof a["on"+c])a["on"+c]()},bindOnReady:function(a){function c(){e||(e=!0,a())}function d(){if(!e)try{h.doScroll("left"),c()}catch(a){setTimeout(d,10)}}var e=!1,b=window,g=document,h=g.documentElement;if(g.addEventListener)g.addEventListener("DOMContentLoaded",c,!1);else if(g.attachEvent){try{var q=null!=b.frameElement}catch(l){}h.doScroll&&!q&&d();g.attachEvent("onreadystatechange",function(){"complete"===g.readyState&&c()})}else if(b.addEventListener)b.addEventListener("load",
c,!1);else if(b.attachEvent)b.attachEvent("onload",c);else{var f=b.onload;b.onload=function(){f&&f();c()}}}};k.prototype.init=function(){if(!this.isAlreadyLoaded()){var a=this,c,d=document;this.uid=e.generateUUID();this.parseConfig();c=e.makeRequestUri(this.urlHit,this.collectDataOnInit());e.makeRequestImage(c);if(!0===this.config.allowExtLinksTrack){var f=function(b){var d=window,c=!1,f;b=b||d.event;var l=b.target||b.srcElement,k=l;if(!("tagName"in l&&"a"==l.tagName.toLowerCase())){for(c=l.parentNode;c;){if("tagName"in
c&&"a"==c.tagName.toLowerCase()){f=c;break}if("parentNode"in c)c=c.parentNode;else break}if(f)l=f;else return}if("href"in l&&/^(http:|https:|)\/\/.+/.test(l.href)&&!("hostname"in l&&l.hostname===d.location.hostname)){if(b.shiftKey||b.altKey||b.ctrlKey||b.metaKey)c=!0;c=!0;l.hasOwnProperty("_delayClick")?!1===l.hasOwnProperty("_canSkipDelay")?"preventDefault"in b?b.preventDefault():b.returnValue=!1:(delete l._canSkipDelay,delete l._delayClick):(d=e.makeRequestUri(a.urlJump,a.collectDataOnClick(b,l)),
e.makeRequestImage(d),!1===c&&(l._delayClick=!0,setTimeout(function(){l._canSkipDelay=!0;e.fireSameEventCrosBrowser(k,"click",b)},200),"preventDefault"in b?b.preventDefault():b.returnValue=!1))}};"interactive"==d.readyState||"complete"==d.readyState?e.addEventListenerCrossBrowser(d.body,"click",f):e.bindOnReady(function(){e.addEventListenerCrossBrowser(d.body,"click",f)})}}};k.prototype.isAlreadyLoaded=function(){if("object"==typeof n._acil&&"function"==typeof n._acil.isLoaded)return!0;"undefined"!==
typeof Object.defineProperty?(e.addReadOnlyProperty(n,"_acil",{}),e.addReadOnlyProperty(n._acil,"isLoaded",function(){return!0})):n._acil=function(){return{isLoaded:function(){return!0}}}();return!1};k.prototype.parseConfig=function(){if(e.isObject(f)&&!e.isEmptyObject(f)&&(f.hasOwnProperty("dataProvider")&&(this.config.dataProvider=isNaN(parseInt(f.dataProvider,10))?"":Math.abs(parseInt(f.dataProvider,10))),f.hasOwnProperty("allowExtLinksTrack")&&(this.config.allowExtLinksTrack=!0===f.allowExtLinksTrack),
f.hasOwnProperty("customData"))){var a=f.customData;if(!("undefined"===typeof a||null==a||"function"==typeof a||e.isString(a)&&0===a.length||e.isObject(a)&&e.isEmptyObject(a)||e.isArray(a)&&0===a.length)){try{if(e.isObject(a)||e.isArray(a)){if(a=s.stringify(a),"{}"===a||"[]"===a)a=null}else e.isString(a)||(a=a.toString(),0===a.length&&(a=null))}catch(c){if(a=null,!0===t)throw c;}this.config.customData=a}}};k.prototype.dataAddObligatoryParams=function(a){a.v=this.version;a.uid=this.uid;a.dp=this.config.dataProvider;
a.tz=e.encodeUriParam(e.getTimeZoneOffsetIso8601());a.nc=Math.random().toString().substr(2,8)};k.prototype.collectDataOnInit=function(){var a=document,c=window,d={u:e.encodeUriParam(c.location.href),r:e.encodeUriParam(a.referrer||""),rs:c.screen.width+"x"+c.screen.height,t:e.encodeUriParam(e.stringTrimLimit(a.title)),oE:+this.config.allowExtLinksTrack};null!==this.config.customData&&(d.cd=e.encodeUriParam(e.stringTrimLimit(this.config.customData)));c.parent!==c&&(d["if"]=e.encodeUriParam(c.location.href),
d.u=e.encodeUriParam(a.referrer||""),d.r="");this.dataAddObligatoryParams(d);return d};k.prototype.collectDataOnClick=function(a,c){var d=document,f=window,b={vP:"",c:"",r:"",u:"",aT:"",hT:0},g=a.target.ownerDocument||d,d=g.documentElement,g=g.body;b.vP=(f.innerWidth||d.clientWidth||g.clientWidth)+"x"+(f.innerHeight||d.clientHeight||g.clientHeight);null==a.pageX&&null!=a.clientX?b.c=a.clientX+(d&&d.scrollLeft||g&&g.scrollLeft||0)-(d&&d.clientLeft||g&&g.clientLeft||0)+"x"+(a.clientY+(d&&d.scrollTop||
g&&g.scrollTop||0)-(d&&d.clientTop||g&&g.clientTop||0)):null!==a.pageX&&(b.c=a.pageX+"x"+a.pageY);b.r=e.encodeUriParam(f.location.href);b.u=e.encodeUriParam(c.href);var f=c.childNodes,h=0,k=0,l=0;if(1<=f.length){for(d=0;d<f.length;d++)g=f[d],3!==g.nodeType&&1!==g.nodeType||1!==g.nodeType||(k+=1,"tagName"in f[d]&&"img"===f[d].tagName.toLowerCase()&&(h+=1,l=d));1==h&&h==k?b.hT=1:0<k&&(b.hT=2)}switch(b.hT){case 1:b.aT=f[l].getAttribute("alt")||"";break;case 2:case 0:b.aT=c.innerHTML?c.innerHTML.toString().replace(/<\/?[^>]+>/gmi,
""):""}0<b.aT.length&&(b.aT=e.stringTrimLimit(b.aT),""!==b.aT&&(b.aT=/^(\S+(\s|)){1,10}/gmi.exec(b.aT)[0].replace(/^\s+|\s+$/g,"")));b.aT=e.encodeUriParam(b.aT);this.dataAddObligatoryParams(b);return b};try{(new k).init()}catch(w){if(!0===v)throw w;}});
任何帮助将不胜感激!
最佳答案
您网站中的一些安全漏洞允许某人注入(inject)恶意脚本和/或代码。
- 在解决此问题时请禁用网络服务器。
- 更改您的 FTP 密码。
- 如果可以,请切换到 SFTP 并使用证书而不是密码进行身份验证。
- 将防火墙设置为仅接受来自您的地址的 FTP 连接(如果该 IP 地址是静态的(不会随您改变)),或者来自 ISP 可能为您分配的一系列 IP 地址(如果您可以确定这样的 IP 地址)范围。
- 删除所有网站代码并从源代码管理重新上传。
- 如果您的代码背后有数据库:
- 检查您的代码是否存在 SQL 注入(inject)攻击机会
- 手动检查所有表格中的所有文本列中是否存在任何类似于 JavaScript 的内容。
注意:由于 aVast 没有出现问题,因此上述步骤可能会让您回到需要的位置。如果问题仍然存在,您可能需要完全重新安装服务器。
关于javascript - 隐藏的恶意脚本将代码插入html网页,如何删除/清理?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23411188/