xiaobao123 2008-5-26 15:41
网站被人恶意攻击怎么办啊?
[size=6][color=darkred][b]小弟网站是个地方信息站,最近几天网站数据库被人恶意添加无数垃圾信息,而且这些信息的发布IP也是各地都有,查不到真实IP地址,不知道这是怎么回事啊?真心希望大虾能帮帮小弟啊?[/b][/color][/size]
[b][size=6][color=#8b0000][/color][/size][/b]
d_in_g 2008-5-26 21:11
数据库???
群发类软件吧
当初我一天之内被发了2000多垃圾信息:D :D
问题不清,麻烦详细描述下
xiaobao123 2008-5-27 08:38
[quote]原帖由 [i]d_in_g[/i] 于 2008-5-26 21:11 发表 [url=http://bbs.cnnsc.org/redirect.php?goto=findpost&pid=166313&ptid=30275][img]http://bbs.cnnsc.org/images/common/back.gif[/img][/url]
数据库???
群发类软件吧
当初我一天之内被发了2000多垃圾信息:D :D
问题不清,麻烦详细描述下 [/quote]
恩 !我也怀疑是信息群发软件,不然不可能发那么多信息,而且每个信息都是单独的IP地址和用户。。怎么能制止呢?连真实ip都找不到,只是发现有个 [url=http://127.0.0.1:5918/yellow/reglist.cgp?stat=0&mNone=2&mFail=8&mChn=3&mEng=4]http://127.0.0.1:5918/yellow/reglist.cgp?stat=0&mNone=2&mFail=8&mChn=3&mEng=4[/url] 不知道怎么办啊?
急求大家帮忙啊 !
d_in_g 2008-5-27 12:07
描述不清
并不是某人想攻击你,网上每天都有大量的垃圾群发,只是你的权限没设置好,让进去了.
基本解决方法都是在信息提交页加入验证码,只是不知道你的站的具体情况
你以为那个页面最有可能被提交信息,我看下
xiaobao123 2008-5-30 13:44
各位老大,偶的也有验证码啊!可还防不住。。
下面是生成验证码的代码。。不知道是不是不起作用啊 ??
<%
Call Com_CreatValidCode("ValidCode")
Sub Com_CreatValidCode(pSN)
' 禁止缓存
Response.Expires = -9999
Response.AddHeader "Pragma","no-cache"
Response.AddHeader "cache-ctrol","no-cache"
Response.ContentType = "Image/BMP"
Randomize
Dim i, ii, iii
Const cOdds = 0 ' 杂点出现的机率
Const cAmount = 36 ' 文字数量
Const cCode = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
' 颜色的数据(字符,背景)
Dim vColorData(1)
vColorData(0) = ChrB(0) & ChrB(0) & ChrB(0) ' 蓝0,绿0,红0(黑色)
vColorData(1) = ChrB(250) & ChrB(236) & ChrB(211) ' 蓝250,绿236,红211(浅蓝色)
' 随机产生字符
Dim vCode(4), vCodes
For i = 0 To 3
vCode(i) = Int(Rnd * cAmount)
vCodes = vCodes & Mid(cCode, vCode(i) + 1, 1)
Next
Session("pSN")=vCodes '记录入Session
' 字符的数据
Dim vNumberData(35)
vNumberData(0) = "1110000111110111101111011110111101001011110100101111010010111101001011110111101111011110111110000111"
vNumberData(1) = "1111011111110001111111110111111111011111111101111111110111111111011111111101111111110111111100000111"
vNumberData(2) = "1110000111110111101111011110111111111011111111011111111011111111011111111011111111011110111100000011"
vNumberData(3) = "1110000111110111101111011110111111110111111100111111111101111111111011110111101111011110111110000111"
vNumberData(4) = "1111101111111110111111110011111110101111110110111111011011111100000011111110111111111011111111000011"
vNumberData(5) = "1100000011110111111111011111111101000111110011101111111110111111111011110111101111011110111110000111"
vNumberData(6) = "1111000111111011101111011111111101111111110100011111001110111101111011110111101111011110111110000111"
vNumberData(7) = "1100000011110111011111011101111111101111111110111111110111111111011111111101111111110111111111011111"
vNumberData(8) = "1110000111110111101111011110111101111011111000011111101101111101111011110111101111011110111110000111"
vNumberData(9) = "1110001111110111011111011110111101111011110111001111100010111111111011111111101111011101111110001111"
vNumberData(10) = "1111011111111101111111101011111110101111111010111111101011111100000111110111011111011101111000100011"
vNumberData(11) = "1000000111110111101111011110111101110111110000111111011101111101111011110111101111011110111000000111"
vNumberData(12) = "1110000011110111101110111110111011111111101111111110111111111011111111101111101111011101111110001111"
vNumberData(13) = "1000001111110111011111011110111101111011110111101111011110111101111011110111101111011101111000001111"
vNumberData(14) = "1000000111110111101111011011111101101111110000111111011011111101101111110111111111011110111000000111"
vNumberData(15) = "1000000111110111101111011011111101101111110000111111011011111101101111110111111111011111111000111111"
vNumberData(16) = "1110000111110111011110111101111011111111101111111110111111111011100011101111011111011101111110001111"
vNumberData(17) = "1000100011110111011111011101111101110111110000011111011101111101110111110111011111011101111000100011"
vNumberData(18) = "1100000111111101111111110111111111011111111101111111110111111111011111111101111111110111111100000111"
vNumberData(19) = "1110000011111110111111111011111111101111111110111111111011111111101111111110111110111011111000011111"
vNumberData(20) = "1000100011110111011111011011111101011111110001111111010111111101101111110110111111011101111000100011"
vNumberData(21) = "1000111111110111111111011111111101111111110111111111011111111101111111110111111111011110111000000011"
vNumberData(22) = "1000100011110010011111001001111100100111110101011111010101111101010111110101011111010101111001010011"
vNumberData(23) = "1000100011110011011111001101111101010111110101011111010101111101100111110110011111011001111000110111"
vNumberData(24) = "1110001111110111011110111110111011111011101111101110111110111011111011101111101111011101111110001111"
vNumberData(25) = "1000000111110111101111011110111101111011110000011111011111111101111111110111111111011111111000111111"
vNumberData(26) = "1110001111110111011110111110111011111011101111101110111110111011111011101001101111011001111110001011"
vNumberData(27) = "1000001111110111011111011101111101110111110000111111010111111101101111110110111111011101111000110011"
vNumberData(28) = "1110000011110111101111011110111101111111111001111111111001111111111011110111101111011110111100000111"
vNumberData(29) = "1000000011101101101111110111111111011111111101111111110111111111011111111101111111110111111110001111"
vNumberData(30) = "1000100011110111011111011101111101110111110111011111011101111101110111110111011111011101111110001111"
vNumberData(31) = "1000100011110111011111011101111101110111111010111111101011111110101111111010111111110111111111011111"
vNumberData(32) = "1001010011110101011111010101111101010111110101011111001001111110101111111010111111101011111110101111"
vNumberData(33) = "1000100011110111011111101011111110101111111101111111110111111110101111111010111111011101111000100011"
vNumberData(34) = "1000100011110111011111011101111110101111111010111111110111111111011111111101111111110111111110001111"
vNumberData(35) = "1100000011110111011111111101111111101111111110111111110111111111011111111011111111101110111100000011"
' 输出图像文件头
Response.BinaryWrite ChrB(66) & ChrB(77) & ChrB(230) & ChrB(4) & ChrB(0) & ChrB(0) & ChrB(0) & ChrB(0) &_
ChrB(0) & ChrB(0) & ChrB(54) & ChrB(0) & ChrB(0) & ChrB(0) & ChrB(40) & ChrB(0) &_
ChrB(0) & ChrB(0) & ChrB(40) & ChrB(0) & ChrB(0) & ChrB(0) & ChrB(10) & ChrB(0) &_
ChrB(0) & ChrB(0) & ChrB(1) & ChrB(0)
' 输出图像信息头
Response.BinaryWrite ChrB(24) & ChrB(0) & ChrB(0) & ChrB(0) & ChrB(0) & ChrB(0) & ChrB(176) & ChrB(4) &_
ChrB(0) & ChrB(0) & ChrB(18) & ChrB(11) & ChrB(0) & ChrB(0) & ChrB(18) & ChrB(11) &_
ChrB(0) & ChrB(0) & ChrB(0) & ChrB(0) & ChrB(0) & ChrB(0) & ChrB(0) & ChrB(0) &_
ChrB(0) & ChrB(0)
For i = 9 To 0 Step -1 ' 历经所有行
For ii = 0 To 3 ' 历经所有字
For iii = 1 To 10 ' 历经所有像素
' 逐行、逐字、逐像素地输出图像数据
If Rnd * 99 + 1 < cOdds Then ' 随机生成杂点
Response.BinaryWrite vColorData(0)
Else
Response.BinaryWrite vColorData(Mid(vNumberData(vCode(ii)), i *10 + iii, 1))
End If
Next
Next
Next
End Sub
%>
d_in_g 2008-5-31 20:05
啊啊啊:Q
你自己试试呗,自己瞎填个验证码看看行不行啊
xiaobao123 2008-6-5 08:31
自己随便添一个验证码不行啊!必须输对才可以!
xiaobao123 2008-6-5 08:34
网站去掉这段代码那些群发就不行了!
可普通人都发不了信息了呀!
<%
if session("addxinxi")<>"" then
if DateDiff("s",session("addxinxi"),Now())<10 then
Response.Write "<script language='javascript'>alert('系统保护:你提交数据太快,系统中止运行,请等待30秒钟!');history.back();</script>"
response.end
end if
end if
dim CheckCode
CheckCode=LCase(trim(Request.Form("CheckCode")))
if CheckCode<>CStr(session("CheckCode")) then
response.Write "<script language='javascript'>alert('验证码错误,请刷新后重填!');history.back();</script>"
response.end
end if
username=request.cookies("cnmai")("username")
class1=trim(request("class1"))
class2=trim(request("class2"))
biaoti=CheckStr(trim(request("biaoti")))
sdays=trim(request("days"))
if right(request("tupian"),4)=".gif" or right(request("tupian"),4)=".bmp" or right(request("tupian"),4)=".jpg" or right(request("tupian"),5)=".jpeg" or request("tupian")="" then
else
Response.Write "<script language='javascript'>alert('请正确填写图片地址!');history.back();</script>"
response.end
end if
if username<>"" then
set rs=server.createobject("adodb.recordset")
if request("comper")="com" then
sql = "select * from [com] where username='"&username&"'"
else
sql = "select * from [user] where username='"&username&"'"
end if
rs.open sql,conn,1,3
rs("jf")=rs("jf")+jf_3
if len(request("a"))=6 and rs("a")>=1 then
rs("a")=rs("a")-1
end if
if request("b")>=1 and rs("b")>=1 then
rs("b")=rs("b")-int(request("b"))
end if
if request("tupian")<>"" and rs("c")>=1 then
rs("c")=rs("c")-1
end if
if request("d")="1"then
rs("d")=rs("d")-1
else
rs("d")=0
end if
rs.update
rs.close
set rs=nothing
end if
set rs=server.createobject("adodb.recordset")
sql = "select * from xinxi"
rs.open sql,conn,1,3
rs.addnew
rs("username")=username
rs("class1")=class1
rs("class2")=class2
rs("leixing")=request("leixing")
rs("biaoti")=biaoti
if request("dd")="1" then
'rs("zk")=request("zk")
end if
rs("diqu")=trim(request("diqu"))
'rs("jiage")=CheckStr(trim(request("jiage")))
rs("memo")=CheckStr(trim(request("memo")))
rs("name")=CheckStr(trim(request("name")))
rs("dianhua")=CheckStr(trim(request("dianhua")))
rs("email")=CheckStr(trim(request("email")))
rs("qq")=CheckStr(trim(request("qq")))
rs("dizhi")=CheckStr(trim(request("dizhi")))
if request("tupian")="" then
rs("tupian")=0
else
rs("tupian")=CheckStr(trim(request("tupian")))
end if
if username<>"" then
rs("com")=CheckStr(trim(request("com")))
rs("a")=request("a")
rs("b")=request("b")
rs("yz")=request("d")
rs("tuijian")=request("tui")
end if
rs("fbsj")=now()
rs("dqsj")= dateadd("d", sdays, now)
userip=Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If userip="" Then
userip=Request.ServerVariables("REMOTE_ADDR")
end if
rs("ip")=userip
rs.update
session("addxinxi")=now()
id=rs("id")
rs.update
rs.close
set rs=nothing
conn.close
set conn=nothing
if username<>"" then
Response.Write "<script language='javascript'>alert('您的信息发布成功了');</script>"
else
Response.Write "<script language='javascript'>alert('(游客)您的信息发布成功了,我们将在24小时内审核通过');</script>"
end if
response.write "<meta http-equiv=refresh content=""1;URL=index.asp"">"
response.end
%>
