found website was hacked, the first thing to do is download log files, including server log and FTP transmission log server log position is generally located in the C:WINDOWS system32LogfilesW3SVC1. Install the FTP log depends on your FTP server software, such as SERVE-U in the default installation directory. However, here to remind you that, if you see this article today, all kinds of log server, the default must be transferred out of place, and set about to delete protection. For the virtual host user. Generally, your space providers will provide 3 days and 1 month log FTP log download, you can consult the specific space provider. It is important to download this log. It is our next key to identify vulnerabilities.
conditions can find a professional Sine security team to solve the problem of the website was hacked. This article from the 贵族宝贝sinesafe.cn
a lot of friends met website was hacked, insert malicious code experience. We may think that as long as the code can be deleted, but the one upmanship, if simply delete the code later, most of the friends met again.. in fact, to cope well with the invasion site, old pig summed up a few steps, and wrote a case attached according to the following a few steps, I hope to help you:
, download server log, log FTP transmission.
next, we should start to find behind the black after the invasion. Remember, do not delete the virus found. If you have a personal server, can open anti-virus soft look, if you are using virtual host can be downloaded to the local, use antivirus software to kill, or I just said that ASP site security assistant. After the discovery of the virus, said, do not kill. Check the virus file modification time. This is the most critical step. Generally, each other not only one door, there may be a fish escaped through the seine. Modify the time then you can search for the virus just to find the file, check the time to establish or modify what documents. >
two, to replace all malicious code
three, download to a local server or antivirus, antivirus
download the log at the same time, should start to remove the malicious code, so as not to affect the user experience. If you have a server, recommend you use findstr to write a malicious code, insert batch replace. If you use the virtual host, a part of the virtual host provides batch replacement function. If your host does not provide such a function (junk to replace), then you can go to download a map of ASP site security assistant Ke lei. To carry out this operation. This operation should be cautious, because the content of the direct replacement, a little careless could make your web content recognition.