首页 新闻 会员 周边

网站被攻击了高手指点。

0
[已解决问题] 解决于 2012-12-05 14:52

是使用asp.net C# 开发的一个网站。今天突然发现网站打开乱七八糟。打开数据库一看 数据库里面大部分的表里面大部分字段的内容后面都被追加了。<IMG SRC="/WF_XSRF.html"><IMG<IMG SRC="/WF_XSRF.html"> 这样的代码。  网站各种表单提交都已经做过过滤处理。网站内部有使用到 fck 和 webeditor 这两个编辑器。 这两个编辑器好像没有做过处理。

问题补充: 我应该如何查找 下面出现问题那天的日志 11/15/2010 16:20:37,备份,未知,Database was restored: Database: NewOCT<c/> creation date(time): 2010/09/17(13:13:08)<c/> first LSN: 5674:9625:100<c/> last LSN: 5674:9665:1<c/> number of dump devices: 1<c/> device information: (FILE=1<c/> TYPE=DISK: {'E:\数据库人工备份\NewOCT20101112a.bak'}). Informational message. No user action required. 11/15/2010 16:20:36,spid57,未知,Starting up database 'NewOCT'. 11/15/2010 16:20:32,spid57,未知,The database 'NewOCT' is marked RESTORING and is in a state that does not allow recovery to be run. 11/15/2010 16:20:32,spid57,未知,Starting up database 'NewOCT'. 11/15/2010 16:20:32,登录,未知,Login failed for user 'newoct_db'. [客户端: <local machine>] 11/15/2010 16:20:32,登录,未知,错误: 18456,严重性: 14,状态: 16。 11/15/2010 16:20:23,登录,未知,Login failed for user 'newoct_db'. [客户端: <local machine>] 11/15/2010 16:20:23,登录,未知,错误: 18456,严重性: 14,状态: 16。 11/15/2010 16:19:58,spid57,未知,SQL Server has encountered 4 occurrence(s) of cachestore flush for the 'Bound Trees' cachestore (part of plan cache) due to some database maintenance or reconfigure operations. 11/15/2010 16:19:58,spid57,未知,SQL Server has encountered 4 occurrence(s) of cachestore flush for the 'SQL Plans' cachestore (part of plan cache) due to some database maintenance or reconfigure operations. 11/15/2010 16:19:57,spid57,未知,SQL Server has encountered 4 occurrence(s) of cachestore flush for the 'Object Plans' cachestore (part of plan cache) due to some database maintenance or reconfigure operations. 11/15/2010 16:18:23,备份,未知,Database backed up. Database: NewOCT<c/> creation date(time): 2010/09/17(13:13:08)<c/> pages dumped: 14116<c/> first LSN: 5730:188:218<c/> last LSN: 5730:275:1<c/> number of dump devices: 1<c/> device information: (FILE=1<c/> TYPE=DISK: {'E:\数据库人工备份\NewOCT20101115a.bak'}). This is an informational message only. No user action is required. 11/15/2010 11:28:45,备份,未知,Database wa
yzy的主页 yzy | 菜鸟二级 | 园豆:317
提问于:2010-11-15 17:03
< >
分享
最佳答案
0

应该是sql 注入攻击。

奖励园豆:5
谢T | 初学一级 |园豆:17 | 2010-11-15 17:21
其他回答(5)
0

或者是通过fckeditor上传的木马

TechLife | 园豆:184 (初学一级) | 2010-11-15 17:32
0

fck 上传的问题,猜测.看看是否挂马了?

DYStudio.Net | 园豆:1747 (小虾三级) | 2010-11-15 21:19
0

建议,把网站域名贴出,这样,或许才能知道是那种攻击

dodohua | 园豆:1037 (小虾三级) | 2010-11-15 22:14
0

基本上是上传的漏洞,楼主打补丁吧,最好自己写上传来控制.

三桂 | 园豆:3565 (老鸟四级) | 2010-11-16 00:23
0

楼主说一下是什么导致的,怎么攻击的,我也出现了同样问题

zhen234243 | 园豆:202 (菜鸟二级) | 2015-05-26 15:04
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册