这是某位仁兄的文章里被注入的代码,看起来链到了我服务器上一个不该存在的目录。
- <u style="display:none"><a href="http://parkchurchdenver.org/wordpress/wp-content/themes/dark-3chemical/.pikas/index.php?file=sitemap1">sprint pcs ringtones download</a> <a href="http://www.humedome.net/blog/wp-content/plugins/wp-dtree/.sones/?name=sitemap1">motorola razr ringtones</a> <a href="http://www.karen-heinrichs.de/wp-content/plugins/audio-player/.filmsettin/index.php?str=sitemap1">download free sprint ringtones</a> <a href="http://blogs.webzonetalk.com/wp-content/plugins/akismet/.pentago/sitemap1.html">free ringtones maker download</a> <a href="http://bradstemke.com/bradstemke/.quahog/index.php?file=sitemap1">download free polyphonic ringtones</a> <a href="http://www.calles.co.uk/.roughcast/index.php?page=sitemap1">free ringtones converter</a> <a href="http://www.doublevk.com/blog/.xystoi/index.php?id=sitemap1">music real ringtones</a> <a href="http://www.zumac.ch/zumac/.decoloni/?page=sitemap1">free pcs ringtones sprint</a> <a href="http://football.blogpager.com/wp-content/themes/crimson_sunrise/.significan/?str=sitemap1">cheap virgin mobile ringtones</a> <a href="http://janten.com/ajax/.norites/index.php?name=sitemap1">virgin mobile usa ringtones</a> <a href="http://bluebirdshome.com/wp-admin/.conduits/?str=sitemap1">free motorola ringtones</a> <a href="http://www.technomagick.com/ElderWiki/serialized/.republi/index.php?id=sitemap1">free verizon real music ringtones</a> <a href="http://www.jerryhong.com/wp-admin/includes/.aardvark/index.php?id=sitemap1">celcom caller ringtones</a> <a href="http://playroi.com/wp-content/plugins/.gaslit/sitemap1.html">cell music onto phone ringtones</a> <a href="http://studyme.org/wp-content/plugins/firestats/js/.gimmal/index.php?file=sitemap1">cellular free one ringtones</a> <a href="http://www.yuyan.biz/wp-includes/js/tinymce/plugins/spellchecker/.palpal/sitemap1.html">get ringtones</a> <a href="http://blog.fiascofarm.com/wp-content/plugins/nextgen-gallery/admin/wp25/.holometab/?name=sitemap1">hotlink maxis caller ringtones</a> <a href="http://goodmorningfloridakeys.com/wp-content/themes/orangesky/orangesky/.motor/sitemap1.html">cheap virgin mobile ringtones</a> <a href="http://depechemode.us/wp-content/plugins/.bafflegab/index.php?name=sitemap1">ringtones converter</a> <a href="http://allyourtv.com/vivalaughlin/.goalposts/sitemap1.html">pcs ringtones sprint vision</a> </u>
删掉这个可恶的目录之后对其他的难兄难弟分析了一下,结论如下:
- 可以排除k2的问题,因为他们都没用k2
- 受害者无一例外使用wordpress
- 攻击者可以挂到任何一个目录下,而且如果他愿意,应该可以很轻松地得到网站主人的密码
- 我是在升到最新版本的wordpress(2.5.1)之后被挂上的,所以这个安全问题还是存在
我还没有中招……
@Eureka
我整个站上被挂了20多个恶意脚本……现在已经全部删掉了
等我分析完攻击原理以后再一个个把插件什么的装回来……
哎~可怜的孩子丫~真不习惯看这么朴素的blog~嘿嘿~
来看看~~~