никыч
22.10.2014, 01:49
Доброй ночи.
Друзья, проблема в том что хостинг прислал письмо:
Сканер безопасности хостинга обнаружил в вашем сайте подозрение на внедрение кода для размножения вируса.
Подозрительное место:
===
<script src="_https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
===
вот что в ссылке:
/
/**
* @preserve HTML5 Shiv 3.7.2 | @afarkas @jdalton @jon_neal @rem | MIT/GPL2 Licensed*/ !function(a,b){function c(a,b){var c=a.createElement("p"),d=a.getElementsByTagName("head")[0]||a.documentElement;return c.innerHTML="x<style>"+b+"</style>",d.insertBefore(c.lastChild,d.firstChild)}function d(){var a=t.elements;return"string"==typeof a?a.split(" "):a}function e(a,b){var c=t.elements;"string"!=typeof c&&(c=c.join(" ")),"string"!=typeof a&&(a=a.join(" ")),t.elements=c+" "+a,j(b)}function f(a){var b=s[a[q]];return b||(b={},r++,a[q]=r,s[r]=b),b}function g(a,c,d){if(c||(c=b),l)return c.createElement(a);d||(d=f(c));var e;return e=d.cache[a]?d.cache[a].cloneNode():p.test(a)?(d.cache[a]=d.createElem(a)).cloneNode():d.createElem(a),!e.c anHaveChildren||o.test(a)||e.tagUrn?e:d.frag.appen dChild(e)}function h(a,c){if(a||(a=b),l)return a.createDocumentFragment();c=c||f(a);for(var e=c.frag.cloneNode(),g=0,h=d(),i=h.length;i>g;g++)e.createElement(h[g]);return e}function i(a,b){b.cache||(b.cache={},b.createElem=a.createE lement,b.createFrag=a.createDocumentFragment,b.fra g=b.createFrag()),a.createElement=function(c){retu rn t.shivMethods?g(c,a,b):b.createElem(c)},a.createDo cumentFragment=Function("h,f","return function(){var n=f.cloneNode(),c=n.createElement;h.shivMethods&&("+d().join().replace(/[\w\-:]+/g,function(a){return b.createElem(a),b.frag.createElement(a),'c("'+a+'")'})+");return n}")(t,b.frag)}function j(a){a||(a=b);var d=f(a);return!t.shivCSS||k||d.hasCSS||(d.hasCSS=!! c(a,"article,aside,dialog,figcaption,figure,footer,head er,hgroup,main,nav,section{display:block}mark{back ground:#FF0;color:#000}template{display:none}")),l||i(a,d),a}var k,l,m="3.7.2",n=a.html5||{},o=/^<|^(?:button|map|select|textarea|object|iframe|opti on|optgroup)$/i,p=/^(?:a|b|code|div|fieldset|h1|h2|h3|h4|h5|h6|i|labe l|li|ol|p|q|span|strong|style|table|tbody|td|th|tr |ul)$/i,q="_html5shiv",r=0,s={};!function(){try{var a=b.createElement("a");a.innerHTML="<xyz></xyz>",k="hidden"in a,l=1==a.childNodes.length||function(){b.createEle ment("a");var a=b.createDocumentFragment();return"undefined"==typeof a.cloneNode||"undefined"==typeof a.createDocumentFragment||"undefined"==typeof a.createElement}()}catch(c){k=!0,l=!0}}();var t={elements:n.elements||"abbr article aside audio bdi canvas data datalist details dialog figcaption figure footer header hgroup main mark meter nav output picture progress section summary template time video",version:m,shivCSS:n.shivCSS!==!1,supportsUnknownE lements:l,shivMethods:n.shivMethods!==!1,type:"default",shivDocument:j,createElement:g,createDocumentFrag ment:h,addElements:e};a.html5=t,j(b)}(this,documen t);
Далее проверил файлы сайта с помощью http://www.siteguard.ru/, и вот что он мне выдал:
2.
<script> window.twttr = (function (d,s,id) {
var t, js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return; js=d.createElement(s); js.id=id; js.async=1;
js.src="https://platform.twitter.com/widgets.js"; fjs.parentNode.insertBefore(js, fjs);
return window.twttr || (t = { _e: [], ready: function(f){ t._e.push(f) } });
}(document, "script", "twitter-wjs"));
</script>
3.
<script> var _gauges = _gauges || [];
(function() {
var t = document.createElement('script');
t.async = true;
t.id = 'gauges-tracker';
t.setAttribute('data-site-id', '4f0dc9fef5a1f55508000013');
t.src = '//secure.gaug.es/track.js';
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(t, s);
})();
</script>
Не знаю вирус это или нет потому как в JS ничего не понимаю, сами эти скрипты в файлах сайта нашел, но что с ними делать? Удалить или нет?
Далее проверил файлы с помощью сканера AI-BOLIT, тут немного другая инфа вылезла:
1.Шелл-скрипты не найдено.
2.Не найдено директорий c дорвеями.
3.Предупреждения
В этих файлах размещены невидимые ссылки. Подозрение на ссылочный спам:
идет список файлов, вернее один файл повторенный 8 раз, далее идет список невидимых ссылок:
../_trash/_***_eng.html → <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/starter-templa
../_trash/_***_eng.html → <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/hero.html">
../_trash/_***_eng.html → <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/fluid.html">
../_trash/_***_eng.html → <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/marketing-narr
../_trash/_***_eng.html → <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/justified-nav.
далее везде тоже что и выше только ссылки другие → <a class="thumbnail"
href="http://getbootstrap.com/2.3.2/examples/signin.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/sticky-footer.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/carousel.html"
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/starter-templa
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/hero.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/fluid.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/marketing-narr
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/justified-nav.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/signin.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/sticky-footer.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/carousel.html"
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/starter-templa
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/hero.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/fluid.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/marketing-narr
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/justified-nav.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/signin.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/sticky-footer.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/carousel.html"
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/starter-templa
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/hero.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/fluid.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/marketing-narr
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/justified-nav.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/signin.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/sticky-footer.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/carousel.html"
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/starter-templa
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/hero.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/fluid.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/marketing-narr
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/justified-nav.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/signin.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/sticky-footer.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/carousel.html"
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/starter-templa
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/hero.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/fluid.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/marketing-narr
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/justified-nav.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/signin.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/sticky-footer.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/carousel.html"
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/starter-templa
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/hero.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/fluid.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/marketing-narr
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/justified-nav.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/signin.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/sticky-footer.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/carousel.html"
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/starter-templa
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/hero.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/fluid.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/marketing-narr
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/justified-nav.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/signin.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/sticky-footer.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/carousel.html"
Больше айболит ничего не выявил
Подскажите вирус это или все же я параноик... вместе с хостингом)
Друзья, проблема в том что хостинг прислал письмо:
Сканер безопасности хостинга обнаружил в вашем сайте подозрение на внедрение кода для размножения вируса.
Подозрительное место:
===
<script src="_https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
===
вот что в ссылке:
/
/**
* @preserve HTML5 Shiv 3.7.2 | @afarkas @jdalton @jon_neal @rem | MIT/GPL2 Licensed*/ !function(a,b){function c(a,b){var c=a.createElement("p"),d=a.getElementsByTagName("head")[0]||a.documentElement;return c.innerHTML="x<style>"+b+"</style>",d.insertBefore(c.lastChild,d.firstChild)}function d(){var a=t.elements;return"string"==typeof a?a.split(" "):a}function e(a,b){var c=t.elements;"string"!=typeof c&&(c=c.join(" ")),"string"!=typeof a&&(a=a.join(" ")),t.elements=c+" "+a,j(b)}function f(a){var b=s[a[q]];return b||(b={},r++,a[q]=r,s[r]=b),b}function g(a,c,d){if(c||(c=b),l)return c.createElement(a);d||(d=f(c));var e;return e=d.cache[a]?d.cache[a].cloneNode():p.test(a)?(d.cache[a]=d.createElem(a)).cloneNode():d.createElem(a),!e.c anHaveChildren||o.test(a)||e.tagUrn?e:d.frag.appen dChild(e)}function h(a,c){if(a||(a=b),l)return a.createDocumentFragment();c=c||f(a);for(var e=c.frag.cloneNode(),g=0,h=d(),i=h.length;i>g;g++)e.createElement(h[g]);return e}function i(a,b){b.cache||(b.cache={},b.createElem=a.createE lement,b.createFrag=a.createDocumentFragment,b.fra g=b.createFrag()),a.createElement=function(c){retu rn t.shivMethods?g(c,a,b):b.createElem(c)},a.createDo cumentFragment=Function("h,f","return function(){var n=f.cloneNode(),c=n.createElement;h.shivMethods&&("+d().join().replace(/[\w\-:]+/g,function(a){return b.createElem(a),b.frag.createElement(a),'c("'+a+'")'})+");return n}")(t,b.frag)}function j(a){a||(a=b);var d=f(a);return!t.shivCSS||k||d.hasCSS||(d.hasCSS=!! c(a,"article,aside,dialog,figcaption,figure,footer,head er,hgroup,main,nav,section{display:block}mark{back ground:#FF0;color:#000}template{display:none}")),l||i(a,d),a}var k,l,m="3.7.2",n=a.html5||{},o=/^<|^(?:button|map|select|textarea|object|iframe|opti on|optgroup)$/i,p=/^(?:a|b|code|div|fieldset|h1|h2|h3|h4|h5|h6|i|labe l|li|ol|p|q|span|strong|style|table|tbody|td|th|tr |ul)$/i,q="_html5shiv",r=0,s={};!function(){try{var a=b.createElement("a");a.innerHTML="<xyz></xyz>",k="hidden"in a,l=1==a.childNodes.length||function(){b.createEle ment("a");var a=b.createDocumentFragment();return"undefined"==typeof a.cloneNode||"undefined"==typeof a.createDocumentFragment||"undefined"==typeof a.createElement}()}catch(c){k=!0,l=!0}}();var t={elements:n.elements||"abbr article aside audio bdi canvas data datalist details dialog figcaption figure footer header hgroup main mark meter nav output picture progress section summary template time video",version:m,shivCSS:n.shivCSS!==!1,supportsUnknownE lements:l,shivMethods:n.shivMethods!==!1,type:"default",shivDocument:j,createElement:g,createDocumentFrag ment:h,addElements:e};a.html5=t,j(b)}(this,documen t);
Далее проверил файлы сайта с помощью http://www.siteguard.ru/, и вот что он мне выдал:
2.
<script> window.twttr = (function (d,s,id) {
var t, js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return; js=d.createElement(s); js.id=id; js.async=1;
js.src="https://platform.twitter.com/widgets.js"; fjs.parentNode.insertBefore(js, fjs);
return window.twttr || (t = { _e: [], ready: function(f){ t._e.push(f) } });
}(document, "script", "twitter-wjs"));
</script>
3.
<script> var _gauges = _gauges || [];
(function() {
var t = document.createElement('script');
t.async = true;
t.id = 'gauges-tracker';
t.setAttribute('data-site-id', '4f0dc9fef5a1f55508000013');
t.src = '//secure.gaug.es/track.js';
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(t, s);
})();
</script>
Не знаю вирус это или нет потому как в JS ничего не понимаю, сами эти скрипты в файлах сайта нашел, но что с ними делать? Удалить или нет?
Далее проверил файлы с помощью сканера AI-BOLIT, тут немного другая инфа вылезла:
1.Шелл-скрипты не найдено.
2.Не найдено директорий c дорвеями.
3.Предупреждения
В этих файлах размещены невидимые ссылки. Подозрение на ссылочный спам:
идет список файлов, вернее один файл повторенный 8 раз, далее идет список невидимых ссылок:
../_trash/_***_eng.html → <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/starter-templa
../_trash/_***_eng.html → <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/hero.html">
../_trash/_***_eng.html → <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/fluid.html">
../_trash/_***_eng.html → <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/marketing-narr
../_trash/_***_eng.html → <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/justified-nav.
далее везде тоже что и выше только ссылки другие → <a class="thumbnail"
href="http://getbootstrap.com/2.3.2/examples/signin.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/sticky-footer.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/carousel.html"
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/starter-templa
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/hero.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/fluid.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/marketing-narr
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/justified-nav.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/signin.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/sticky-footer.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/carousel.html"
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/starter-templa
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/hero.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/fluid.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/marketing-narr
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/justified-nav.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/signin.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/sticky-footer.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/carousel.html"
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/starter-templa
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/hero.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/fluid.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/marketing-narr
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/justified-nav.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/signin.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/sticky-footer.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/carousel.html"
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/starter-templa
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/hero.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/fluid.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/marketing-narr
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/justified-nav.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/signin.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/sticky-footer.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/carousel.html"
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/starter-templa
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/hero.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/fluid.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/marketing-narr
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/justified-nav.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/signin.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/sticky-footer.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/carousel.html"
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/starter-templa
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/hero.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/fluid.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/marketing-narr
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/justified-nav.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/signin.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/sticky-footer.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/carousel.html"
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/starter-templa
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/hero.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/fluid.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/marketing-narr
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/justified-nav.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/signin.html">
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/sticky-footer.
→ <a class="thumbnail" href="http://getbootstrap.com/2.3.2/examples/carousel.html"
Больше айболит ничего не выявил
Подскажите вирус это или все же я параноик... вместе с хостингом)