源代码

backway

网站源代码如下，有人说瑞星报有木马，我用红伞试过，没报。

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-cn" lang="zh-cn">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Language" content="utf-8" />
<meta name="author" content="钓以清新" />
<meta name="Copyright" content="Tencent" />
<meta name="Description" content="Take me to your heart,take me to your soul,don't unlock my hand！" />
<meta name="Keywords" content="钓 以 清 新,钓以清新,Qzone,QQ空间,Blog,博客,网络日志,播客,腾讯,QQ,Tencent" />
<meta name="robots" content="all" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>钓 以 清 新 [http://76122149.qzone.qq.com]</title>
<script type="text/javascript">document.domain="qq.com";var _s_=new Date();</script>
<base href="http://edu.imgcache.qq.com/"></base>
<link rel="alternate" type="application/rss+xml" title="RSS news feed" href="http://feeds.qzone.qq.com/cgi-bin/cgi_rss_out?uin=76122149" />
<link id="globleStyle" rel="stylesheet" rev="stylesheet" href="http://edu.imgcache.qq.com/qzone_v5/index_d_out.css" type="text/css" media="screen" />
<link id="layoutStyle" rel="stylesheet" rev="stylesheet" href="http://edu.imgcache.qq.com/qzone_v5/19/index_style_out.css" type="text/css" media="screen" />
<link id="customStyle" rel="stylesheet" rev="stylesheet" href="http://edu.imgcache.qq.com/qzone_v5/19/gb_color.css" type="text/css" media="screen" />
<link rel="Shortcut Icon" href="http://edu.imgcache.qq.com/qzone_v5/favicon.ico" type="image/x-icon" />
<style type="text/css" id="dynamicStyle">
body {overflow: hidden;}
html {overflow: hidden;
overflow-y: scroll;}
.ownermode {display: none;}
.clientmode {display: ;}
.editmode {display: none;}
.customoff {display: ;}
</style>
<script type="text/javascript">
var g_iUin = 76122149,g_iLoginUin = 0,g_Main_Domain= "users.edu.qzone.qq.com",g_My_Main_Domain= "users.edu.qzone.qq.com",g_Music_Domain= "qzone-music.qq.com",g_My_Music_Domain= "qzone-music.qq.com",g_Photo_Domain= "photo.qq.com",g_Static_Photo_Domain= "p" + (g_iUin%13+1) + ".photo.qq.com",g_MsgBoard_Domain= "m.edu.qzone.qq.com",g_Emotion_Domain = "e.edu.qzone.qq.com",g_NewBlog_Domain = "b.edu.qzone.qq.com",g_Statistic_Domain = "g.edu.qzone.qq.com",imgcacheDomain = "edu.imgcache.qq.com",g_Src_Domain= "u.edu.qzone.qq.com",g_dns_name= "",g_UserBitmap= "4009c00000300101",g_Property= "GoRE",g_hasCustomStyle = 0,g_diySkin = 0,g_StyleID = 19,g_fullMode = 2,g_frameStyle = 3,g_version = 5,g_NowTime = 1231583735,g_timestamp = 1231577509,g_Dressup = {items:[{type:1,itemno:1,posx:0,posy:0,posz:0,height:0,width:0,flag:90},{type:6,itemno:703,posx:462,posy:21,posz:0,height:200,width:200,flag:0},{type:7,itemno:6071,posx:0,posy:0,posz:0,height:1,width:0,flag:0},{type:13,itemno:5330,posx:472,posy:82,posz:0,height:600,width:200,flag:0},{type:16,itemno:15916,posx:-36,posy:-32,posz:0,height:200,width:200,flag:0},{type:19,itemno:1,posx:0,posy:0,posz:0,height:0,width:0,flag:0} ],windows:[{appid:3,mode:0,posx:0,posy:1,posz:0,height:0,width:0,wndid:0},{appid:4,mode:1,posx:0,posy:3,posz:0,height:0,width:0,wndid:1},{appid:7,mode:1,posx:1,posy:2,posz:0,height:0,width:0,wndid:1},{appid:15,mode:2,posx:1,posy:1,posz:0,height:0,width:0,wndid:2},{appid:128,mode:1,posx:0,posy:0,posz:0,height:0,width:0,wndid:0},{appid:311,mode:0,posx:0,posy:2,posz:0,height:0,width:0,wndid:0} ]},g_StaticFlag = "0",g_TransparentLevel=25,g_isBGScroll=0,ownermode=(g_iLoginUin==g_iUin),ownerProfileSummary=[
"钓以清新",2,28,"辽宁@大连","钓 以 清 新","Take me to your heart,take me to your soul,don\'t unlock my hand！"],g_fl=0,g_ReadOnly=1,g_Errno=0;
</script></head><body style="background-image:none;">
<div id="loading"></div>
<div id="customBody"></div>
<div id="fixContent"></div>
<div id="mainBody" class="bg_mode_main full_mode" style="background-image:none;">
<div id="floatItem"></div>
<div id="contentBody" class="mode_main_index" style="background-image:none;_text-align:center;">
<div id="outerBox" class="mode_index" style="padding-left:auto;margin:auto;position:static">
<div id="titleBar" class="menu_t_b style_menu_t" style="margin-bottom:5px;background-image:none;">
<div id="titleBG" class="bg_menu_t" style="background-image:none;position:static;">
<div class="info"><span id="qzone_logo"><img src="/ac/b.gif" alt="Qzone" class="icon_logo"/></span> <strong id="spacename">钓 以 清 新</strong>
<span id="diamon"></span> <a href="http://76122149.qzone.qq.com" id="qzoneurl" class="num">http://76122149.qzone.qq.com</a></div>
<div id="spaceexplain">Take me to your heart,take me to your soul,don't unlock my hand！</div>
<div class="op">
<a id="a_return" href="javascript:;" style="display:none" title="返回空间主页"><span><<返回空间主页</span></a>
<a id="a_shop" href="javascript:;" class="ownermode" title="装扮空间(ctrl+g)"><img src="/ac/b.gif" class="icon_zone_shop" alt="" /><span>装扮空间</span></a>
<a id="a_viewshop" href="javascript:;" class="clientmode" title="查看主人装扮"><img src="/ac/b.gif" class="icon_zone_shop" alt="" /><span>查看主人装扮</span></a>
<a id="a_spaceSetting" href="javascript:;" class="ownermode" title="自定义(ctrl+j, alt+j)"><img src="/ac/b.gif" class="icon_zone_set" alt="" /><span>自定义</span></a>
<a id="a_infoCenter" href="javascript:;" class="ownermode" title="个人中心"><img src="/ac/b.gif" class="icon_zone_infocenter" alt="" /><span>个人中心</span></a>
<a id="a_sendGift" href="javascript:;" class="clientmode" title="送礼物"><span>送礼物</span></a>
<a id="a_addFriend" href="javascript:;" class="clientmode" title="加为好友"><img src="/ac/b.gif" class="icon_zone_guan" alt="" /><span>加为好友</span></a>
</div></div><div class="clear"></div></div>
<div class="gb_bg_top"></div>
<div id="mode_main" class="mode_main">
<div id="frameContainer" style="display:none"></div>
<div id="mainContainer" style="height:auto"></div>
<div class="clear"></div>
</div><div class="gb_copyright"><p><span class="en">copyright &copy; 1998 - 2009 Tencent. All Rights Reserved</span> 腾讯公司 版权所有</p></div></div></div></div>
<script type="text/javascript">document.write('<script type="text/javascript" src="/qzone/qzfl/qzfl.js"><\/script><script type="text/javascript" src="/qzone/Gcommon.js"><\/script><script type="text/javascript" src="/qzone/MG5.js"><\/script><script type="text/javascript" src="/qzone/v5/statistic.js"><\/script>');</script>
<noscript><img alt="您的浏览器不支持JS脚本" src="http://edu.imgcache.qq.com/qzone/noscript.gif" /></noscript></body></html>


从这能看出来么？ 那个是一个QQ空间里的内容。

现在要开始学习网站挂马分析了
下面的朋友请不吝赐教哦

backway

如果必要，我把链接给出来。
这是别人的Q空间
谢谢了

雨宫优子

连接你给的HTML里已经有了

http://76122149.qzone.qq.com/

但是不能访问....访问受限

backway

密码：陈英

雨宫优子

我已经在病毒救援区回复了你的帖子

雨宫优子

其实QQ空间一般不用看

一般来说被挂的可能性很小

雨宫优子

OK

分析中...

backway

有瑞星提示本机受到攻击“浏览器攻击：大规模爆发性网马群VII"
攻击IP地址121.12.173.218


刚EQ拦截到：刚网上看到蝗虫MS也有这个手脚

tanlimo

目测，没问题

雨宫优子

原帖由 backway 于 2009-1-10 19:01 发表
有瑞星提示本机受到攻击“浏览器攻击：大规模爆发性网马群VII"
攻击IP地址121.12.173.218


刚EQ拦截到：刚网上看到蝗虫MS也有这个手脚

这个注册表项的意思：未决的重命名操作