LP的回信,那位朋友帮我译一下,谢啦!（已解決問題）

lating

Hello,

I have checked the 123.tar and indeed these are the scripts used to upload the malicious content. I have checked our logs but i didn't find any recent log to determine how these files were uploaded. To determine any future issues with security, I have enabled keeping the Raw Access Logs in your Raw Log Manager so that your domain logs are kept rather than cleared daily, which is the default setting. I have also selected to clear those logs at the end of each month so that they do not utilize a significant amount of space for the account, since the logs can become large if kept. If you have any future issues with exploit, we will be able to assist determining how the attack occurred by reviewing these access logs, so please do keep these settings enabled in the Raw Log Manager.

Please perform a complete audit and make sure that any material you believe to be harmful in nature is removed and any files that are not yours removed as well.

What we would suggest is the following:

Scan your local computer for viruses and malware. Remove any suspicious files found. You may also scan the files on your account using an anti-virus scanner as most infected files are usually recognized by anti-virus scanners. I would suggest Trend Micro which is a pretty good free anti-virus and can be downloaded from http://housecall.trendmicro.com/

Change your main account's password along with any other passwords that are involved (mail accounts, FTP accounts). The main account password can be reset via the CAP (Customer Account Page) at http://account.lunarpages.com.It is recommended that you create passwords using alphanumeric characters (ex: Aa1Bb2Cc3). Also, you would want to make sure that you do not use a password that is related to your domain name or site content. This will decrease the likelyhood of your password being compromised.

Please make sure that you change your FTP account password and avoid saving the new one in your FTP software. We recommend you switch to using TLS encryption for FTP transfers. If you are using FileZilla, this is supported by going to Site Manager and setting your site's Servertype from FTP - File Transfer Protocol to FTPES - FTP over explicit TLS/SSL. Please also make sure to not store the new password locally (thus avoiding the "Remember my password" option).

Update all your application to the latest stable version. Old application versions have security issues, which can also allow malicious injections into sites. The only way to keep your site secure under such circumstances would be to ensure you always are running the latest, secured versions of the application.

Thank you!

If you have any more questions, please don't hesitate to ask us, we will be more than happy to answer them. Please feel free to contact us for further help.

---
Gabriel Ichim
Junior System Administrator 1
Phone: 1-714-521-8150 (U.S. & International)

挂马问题一直没有得到解决,让他们查服务器,这是他们的第二次回信,哎,那个头大......

isiscool

他们查了一些日志, 不能确定"马"是如何被"挂"上的.

他们给了一些安全建议.

内容太多, 我就不一一翻译了. (我有点忙,今天)

lating

感觉LP的技术很无奈,郁闷,没着了

viaoru

　　你好,
　　
　　我已经看过了,事实上这是123.tar用以上传恶意的内容。我已经看过我们的记录,但是我没有找到任何最近的原木确定这些文件上传。对任何未来的问题,我已经使保持安全的原料在你访问日志记录经理叫你们原是不停地而不是领域,即每天清除默认的设置。我也选择清楚那些原木在每个月,让他们不要使用大量的空间,因为原木帐户可以变大,如果保存。如果您有任何问题与开拓未来,我们将能够帮助确定这次袭击事件的回顾,这些访问,所以请务必日志这些设置使生日志的经理。
　　
　　请完成审核并确保任何资料你相信是有害的,在自然界找不到任何文件,删除,并不是你的同时移除。
　　
　　我们建议是:
　　
　　扫描您的电脑病毒和恶意软件。删除任何可疑的文件。你也可以扫描文件到你的帐号使用防毒扫描的大部分被感染的文件通常是被病毒扫描器。我建议趋势科技是不错的免费的抗病毒和可以下载从http://housecall.trendmicro.com/
　　
　　改变你的密码,随着主要帐户密码,涉及任何其他(邮箱帐号、f tp帐户)。主要的帐号密码可以被重置通过盖(客户帐户页面)在http://account.lunarpages.com.It建议你创建密码用字母字符(如:Aa1Bb2Cc3)。同样的,你会想要确保你不使用密码,是与你的域名或者网站的内容。这将减少车轮你的密码被损坏。
　　
　　请确保你改变你的FTP账号密码和避免拯救一个新的在你的FTP软件。我们建议你转向使用TLS加密的FTP转移。如果你正在使用FileZilla,这是由网站管理员,要建立你的网站的Servertype从FTP -文件传输协议,FTPES - FTP在明确TLS / SSL。请确定你的新密码存储的局部(因此避免了“记住我的密码”选项)。
　　
　　你申请更新所有最新的稳定的版本。应用程序版本有老的安全问题,也可容许恶意注射到地点。唯一能够使你的站点固定在这样的情况下,将确保你永远是运行最新版本的程序,获得。
　　
　　谢谢你!
　　
　　如果你有任何问题,请不要犹豫,问我们,我们将很乐意回答。请随时联系我们以获取更多的帮助。
　　
　　——
　　Ichim加布里埃尔。
　　初级的系统管理员
　　电话:1-714-521-8150(美国及国际)。