最近这2天有用户访问JavaEye时候,会出现乱码和杀毒软件报警情况,经查发现JavaEye服务器所在网段之内某台Windows服务器被黑,该台服务器向网段内疯狂发送ARP数据包,劫持了网关。造成用户访问JavaEye服务器的时候,网关错误的把访问请求转发给了该台Windows服务器,而这台被黑的服务器会添加一小段恶意html片段,造成用户访问JavaEye的时候杀毒软件报警!
JavaEye的服务器早就已经绑定了网关的IP和Mac地址,但是所在网段的网关在ARP攻击方面的安全性不好,我们今天下午已经给机房管理员通过电话,管理员表示,已经发现该台被黑的Windows服务器,并且正在重装该台服务器。
善意提醒:千万不要用Windows做网站服务器,否则害人害己
buaawhl 写道
Firefox 的可用性虽然比不上 Opera,但是提供了很多好用的插件。
Live Header Http 可以列出 HTTP Requst/Response Header.
抓到了一些来自黑掉JE机房网段病毒源网站的 HTTP Header.
请不要直接访问其中的病毒源网址。可以把那些病毒源网址加到浏览器的屏蔽列表中。
http://www.iteye.com/forums/board/Life
GET /forums/board/Life HTTP/1.1
Host: www.iteye.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: remember_me=no
HTTP/1.x 200 OK
Content-Length: 6664
Content-Type: text/html
----------------------------------------------------------
http://dt.tongji.cn.yahoo.com/ystat.do?unit_id=1051117&uv=18464225063575729057&nuv=0&cna=&cg=0&mid=0&mmland=0&ade=0&adtm=0&sttm=0&cpa=0&ss=342877752&usn=1&ec=1&ref=http%3A//www.iteye.com/forums/board/Life&url=http%3A//xyq.djl87.cn/1/13/index.htm&dom=djl87.cn&ha=680&ft=0&nac=Netscape&agt=Mozilla/5.0%20%28Windows%3B%20U%3B%20Windows%20NT%205.1%3B%20zh-CN%3B%20rv%3A1.9.0.9%29%20Gecko/2009040821%20Firefox/3.0.9&clr=32-bit&scr=1280x800&lng=zh-cn&jvm=1&flu=&tm=1240728954&tc=8c5ed1c7&ut=0&cnu=0.006899038916998057
GET /ystat.do?unit_id=1051117&uv=18464225063575729057&nuv=0&cna=&cg=0&mid=0&mmland=0&ade=0&adtm=0&sttm=0&cpa=0&ss=342877752&usn=1&ec=1&ref=http%3A//www.iteye.com/forums/board/Life&url=http%3A//xyq.djl87.cn/1/13/index.htm&dom=djl87.cn&ha=680&ft=0&nac=Netscape&agt=Mozilla/5.0%20%28Windows%3B%20U%3B%20Windows%20NT%205.1%3B%20zh-CN%3B%20rv%3A1.9.0.9%29%20Gecko/2009040821%20Firefox/3.0.9&clr=32-bit&scr=1280x800&lng=zh-cn&jvm=1&flu=&tm=1240728954&tc=8c5ed1c7&ut=0&cnu=0.006899038916998057 HTTP/1.1
Host: dt.tongji.cn.yahoo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9
Accept: */*
Accept-Language: zh-cn,zh;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://xyq.djl87.cn/1/13/index.htm
Cookie: B=dgcsh514tu032&b=3&s=si; cna=zOtlAoUljhMBARISfHtb9MZV
HTTP/1.x 200 OK
Date: Sun, 26 Apr 2009 06:59:49 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.9
X-Powered-By: PHP/5.2.9
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
----------------------------------------------------------
http://count7.51much.com/cnt.php?uid=UA-1-12898&style=text&text=%CD%F8%D5%BE%CD%B3%BC%C6
GET /cnt.php?uid=UA-1-12898&style=text&text=%CD%F8%D5%BE%CD%B3%BC%C6 HTTP/1.1
Host: count7.51much.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9
Accept: */*
Accept-Language: zh-cn,zh;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://xyq.djl87.cn/1/13/index.htm
HTTP/1.x 200 OK
Date: Sun, 26 Apr 2009 07:01:07 GMT
Server: Apache
X-Powered-By: PHP/4.4.8
Content-Length: 5887
Connection: close
Content-Type: text/html
----------------------------------------------------------
http://61.129.45.194/51much/count7.php?sid=12898&vtype=2&c_lang=zh-cn&c_page=xyq.djl87.cn/1/13/index.htm&fromr=http%3A//www.iteye.com/forums/board/Life&sr=1280x800&sc=32&ce=1&uagent=Mozilla/5.0%20%28Windows%3B%20U%3B%20Windows%20NT%205.1%3B%20zh-CN%3B%20rv%3A1.9.0.9%29%20Gecko/2009040821%20Firefox/3.0.9&je=1&wpages=xyq.djl87.cn/1/13/index.htm%26%7E1240729130%5E@&a_ol=43&t_ol=43&vtimes=1&vdepth=1
GET /51much/count7.php?sid=12898&vtype=2&c_lang=zh-cn&c_page=xyq.djl87.cn/1/13/index.htm&fromr=http%3A//www.iteye.com/forums/board/Life&sr=1280x800&sc=32&ce=1&uagent=Mozilla/5.0%20%28Windows%3B%20U%3B%20Windows%20NT%205.1%3B%20zh-CN%3B%20rv%3A1.9.0.9%29%20Gecko/2009040821%20Firefox/3.0.9&je=1&wpages=xyq.djl87.cn/1/13/index.htm%26%7E1240729130%5E@&a_ol=43&t_ol=43&vtimes=1&vdepth=1 HTTP/1.1
Host: 61.129.45.194
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.0.9) Gecko/2009040821 Firefox/3.0.9
Accept: */*
Accept-Language: zh-cn,zh;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://xyq.djl87.cn/1/13/index.htm
HTTP/1.x 200 OK
Date: Sun, 26 Apr 2009 07:02:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.10-dev
Content-Length: 1
Connection: close
Content-Type: text/html
----------------------------------------------------------
分享到:
相关推荐
javaeye被黑 大家看看
JavaEye博文JavaEye博文JavaEye博文JavaEye博文JavaEye博文
JavaEye3.0开发手记
javaeye的信息提示框代码之css,application.js
JavaEye+技术架构,讲述java框架的应用
javaeye月刊2008年4月 总第2期.pdf
javaeye sourcecode 开源安卓客户端, JavaEYE
JavaEye新闻月刊_-_2009年3月_-_总第13期.
javaeye 论坛小测试 javaeye论坛小测试答案 javaeye论坛测试答案 这下你们就省事了。
自己打算找一个和javaeye一样的workpress代码高亮插件, 没找到, 于是把javaeye的拔了出来.
讲述javaeye硬件架构以及软件架构的发展历史
javaeye 基于 android 平台的一个小应用,开了会对大家有好的启发。
android javaeye客户端 javaeye发布的
javaeye 新闻月刊 2010 4月
javaeye 新闻月刊 2010 12月
李兴华 MLDN 整理笔记 JavaEye .doc
javaeye Robbin 论缓存技术方面的东西
介绍了javaeye,如何用ruby on rails 开发出javaeye2.0网站的