All pages of website are embedded code to download exe file is finally solved

Lionsure 2020-09-22 Original by the website

All websites in a server are embedded code to download exe file, and all pages of each website are also embedded. The specific situation is this: the first time each user opens a new web page, the code of downloaded exe file will be embedded(implemented by embedding the iframe frame), and the page is not embedded when it is opened again; there is no distinction between dynamic and static web pages in this case, which means that both web pages will be embedded.

Embedding the downloaded exe file code has a great impact, because when the user opens the web page, a download prompt window will pop up, and the anti-virus software will classify this as a virus on the web page, thereby prohibiting the web page from opening, that is, web pages with embedded codes cannot be opened, and it will kill new users with one stick. Just imagine who would dare to come back again if there is a virus webpage.

Faced with such a serious problem and such a severe situation, immediately find the cause. At first I thought that my computer was hijacked because there was no code embedded in any webpage on the server. But changing to a proxy IP, opening the webpage is still embedded code to download exe file, which shows that it is not your computer being hijacked but it is indeed a server problem. Therefore, immediately check whether the database is embedded in the database, and there is no after checking; then, go to find vulnerability on the server, all the security updates of server are installed, and the security settings are also set, is it a new virus invasion, open the task manager also no unknown process was found, it should not be a new virus.

After a day in the panic, I opened the web page early the next morning and found a strange problem. The IP in the download address of embedded code was similar to my server IP, except that the last one was different(the previous download IP was completely different from mine server). This shows that the embedded code of website is related to this server with similar IP, and the only possibility for such similar IP is in the same local area network.

So, I went to the server rental business and explained the situation to him. After checking, it was indeed a server with a similar IP address to my server that was hacked. The code embedder used it to embed the code into my website, shut down that server, the problem was finally solved. It's a bit like "Wear out iron shoes in hunting, must come to no effort."