网站被黑后的处理方法及批量删除恶意代码

来源：https://www.chinanovo.net   发布时间：2024-04-08 22:45:44      

暂时关闭网站

Temporarily close the website

网站被黑客入侵后，最常见的情况就是被植入木马程序，为了保证浏览者的安全，必须先关闭网站，待处理完毕后再开放。关闭时可以暂时将域名转向其它地址，如建立一个网站的帖吧，或者放置一个说明页面。

The most common situation when a website is hacked is when it is implanted with a Trojan program. In order to ensure the safety of visitors, the website must be closed first and opened only after it is processed. When closed, the domain name can be temporarily redirected to other addresses, such as creating a website post or placing an instructional page.

使用备份恢复

Using backup recovery

如果网站文件被黑客破坏或删除，假如事先进行过网站数据备份的话，可以直接使用备份文件恢复。万一没有对备份进行备份，而数据又非常重要的话，建议先不要进行任何操作，立即请专门进行数据恢复的公司尝试恢复服务器硬盘中的数据。

If the website files are damaged or deleted by hackers, and if the website data has been backed up beforehand, the backup files can be directly used for recovery. If there is no backup done and the data is very important, it is recommended not to take any action for now. Please immediately ask a company specialized in data recovery to try to recover the data from the server's hard drive.

因为有些虚拟主机服务商会定时备份服务器中的数据，使用虚拟主机空间的用户，还可以联系空间商获取数据备份。

Because some virtual hosting services will regularly backup data from the server, users who use virtual hosting space can also contact the space provider to obtain data backups.

打补丁查漏洞

Patch and check for vulnerabilities

当程序漏洞被公布时，程序的官方网站都会发布程序的补丁，只需要下载相应的文件，按照说明上传到网站空间覆盖原文件即可。如果暂时没有出现相关的补丁，则可以暂时禁用或删除某些功能文件。

When program vulnerabilities are exposed, the official website of the program will release patches for the program. Simply download the corresponding files and follow the instructions to upload them to the website space to overwrite the original files. If there are no relevant patches currently available, certain feature files can be temporarily disabled or deleted.

接着我们可以查看网站的访问日志，找出访问木马程序的IP地址记录，根据查询到的IP地址，再次查看黑客还访问了哪些页面，检查这些页面是否有其它漏洞。

Next, we can check the website's access logs, find the IP address records of accessing the Trojan program, and based on the queried IP addresses, check again which pages the hacker has visited and whether there are any other vulnerabilities on these pages.

木马程序检测

Trojan program detection

站长可以根据网页文件的修改时间来判断是否被植入木马，方法是察看所有被更改的文件的更改日期，由于是木马修改了这些页面，因此它们修改日期非常接近。然后查询此日期最近新建立的asp、aspx、asa文件，将异常文件进行隔离或删除。

Webmasters can determine whether a Trojan has been implanted based on the modification time of webpage files. The method is to check the modification dates of all modified files. Since these pages were modified by the Trojan, their modification dates are very close. Then query the newly created ASP, ASPX, and ASA files on this date, and isolate or delete the abnormal files.

使用PhpWind论坛程序的站长还可以下载专用的网页木马检测工具来进行木马的检测和清除（下载地址：[url]http://www.phpwind.com/2.0/safe.zip[/url]），解压后将文件全部上传到论坛目录中，如果服务器是Linux 或FreeBSD系统还需要设置论坛目录为可读写模式。接着在浏览器中输入safe.php文件的绝对地址，程序将自动检测站点中的文件，检测完成后将会显示安全报告。

Webmasters who use the PhpWind forum program can also download dedicated web Trojan detection tools to detect and clear Trojans (download address: [URL]) http://www.phpwind.com/2.0/safe.zip After decompressing, upload all files to the forum directory. If the server is a Linux or FreeBSD system, you also need to set the forum directory to read-write mode. Next, enter the absolute address of the safe.php file in the browser, and the program will automatically detect the files in the site. After the detection is completed, a security report will be displayed.

我们也可以使用专门的网页木马检测工具进行检查，下载一款“网站程序安全分析器”，接着使用FTP软件将网站文件全部下载到本地硬盘，选择文件所在的文件夹后点击“扫描”按钮即可。稍等片刻，软件将显示扫描到的木马文件名称，要注意的是，该软件检测比较苛刻，一些组件文件和后台管理程序也会被列入危险文件，在使用时需要仔细鉴别。

We can also use specialized web Trojan detection tools to check, download a website program security analyzer, and then use FTP software to download all website files to the local hard drive. Select the folder where the files are located and click the "Scan" button. Wait a moment, the software will display the names of the scanned Trojan files. It should be noted that the software has strict detection requirements, and some component files and background management programs may also be listed as dangerous files. Careful identification is required when using it.

批量修复网页

Batch repair of web pages

一般黑客侵入网站后都是在网页中加入代码进行木马的种植，从而使用户在浏览网站时自动打开并下载木马程序，一些木马程序会自动在所有的网页文件后面添加一行代码：，如果网站文件很多，手工一个个清除简直是不可能的事。这时可以使用数码龙网页批量修改器进行恶意代码的批量删除。

After hacking into a website, hackers usually add code to the webpage for Trojan horse cultivation, so that users can automatically open and download Trojan programs when browsing the website. Some Trojan programs will automatically add a line of code after all webpage files: if there are many website files, it is impossible to manually clear them one by one. At this point, the Digimon web page batch modifier can be used to batch delete malicious code.

首先删除网站空间中存在的木马文件，接着下载数码龙网页批量修改器，打开软件主程序后在“删除字符”栏目中输入检测出的恶意代码，然后选择网站文件所在的文件夹，单击“开始”按钮，软件将自动完成网页的修复操作。当确认没有恶意代码后，将所有文件上传到网站空间即可。

Firstly, delete the Trojan files that exist in the website space. Then, download the Digimon web page batch modifier, open the main program of the software, enter the detected malicious code in the "Delete Characters" column, select the folder where the website files are located, click the "Start" button, and the software will automatically complete the webpage repair operation. After confirming that there is no malicious code, upload all files to the website space.

上一篇：
下一篇： 视频号运营哪三点很重要？