Recently, some users have reported that all websites on the server have been inserted into virus codes, but these virus codes are
It cannot be found on the server's source file, so the network administrator has no way to start if he wants to clean up the virus. What is this?
What is the reason?
A: This is caused by the recent epidemic of ARP virus.
Specifically, there are hundreds of servers in the computer room where your server is located, one of which is
The server was hacked and the ARP virus was installed, although it was not your own server that was hacked.
But it will also seriously affect other servers, including your own server.
For example: As long as one of the poisoned servers in the computer room is hacked, it will go to the same machine.
Other servers in the room broadcast such deceptive information: "I am the gateway, everyone sends the contract.
Just go through me, and other servers will automatically add normal data after receiving this information.
Sent to this "virus server", this "virus server" will be normal
Insert virus code into the data (usually web pages) when you use IE to access it remotely
When you have your own server's website, you will find that all the websites on your own server are inexplicably
All the "virus code" is inserted, but you cannot find the source file of the server.
Go to these "virus codes".
------------------------------------------------------------------------------------------------------------
Solution:
1. From the above analysis, we can know that if you want to fundamentally solve this problem,
You must first ask your computer room to find this server with poison, and then interrupt this server with poison.
The server network is used and anti-virus.
2. If the computer room does not help you solve the problem in this way, you can forcefully set up your own server.
The server uses a "static gateway". After setting it up, even if it receives a poisonous server.
The broadcast message: "I am the gateway, and everyone sends the packet and passes me."
Will be affected.
The settings are as follows:
1. On your server desktop,
2. Create a new bat format batch file called "Prevent".
The content of the file is as follows:
arp -d *
arp -s 192.168.0.1 03-00-0f-07-a0-0c
(Of course 192.168.0.1 This IP must be changed to your server gateway IP,
You can ask the computer room to get this IP).
(Among them, 03-00-0f-07-a0-0c, you need to change it to your server gateway
MACAddress, you can also ask the computer room to get this address).
Note: If the computer room does not tell you the MAC address, you can also use it on the server.
Run the arp -a command and you will also see the MAC address of the gateway.
Reminder: If there is an ARP virus, this MAC address may be wrong, you need
Please consult your computer room for confirmation
3. After setting up the batch file, you can double-click to run it. After running, it will be strong
Set your own server to use "static gateway". This will solve it
Problems with ARP virus attack.
Note: You need to rerun this "batch text after each restart of the server
You can also add this "batch file"
In the "Start Item or added to the "Scheduled Task" of the operating system,
Let him run by himself.
It cannot be found on the server's source file, so the network administrator has no way to start if he wants to clean up the virus. What is this?
What is the reason?
A: This is caused by the recent epidemic of ARP virus.
Specifically, there are hundreds of servers in the computer room where your server is located, one of which is
The server was hacked and the ARP virus was installed, although it was not your own server that was hacked.
But it will also seriously affect other servers, including your own server.
For example: As long as one of the poisoned servers in the computer room is hacked, it will go to the same machine.
Other servers in the room broadcast such deceptive information: "I am the gateway, everyone sends the contract.
Just go through me, and other servers will automatically add normal data after receiving this information.
Sent to this "virus server", this "virus server" will be normal
Insert virus code into the data (usually web pages) when you use IE to access it remotely
When you have your own server's website, you will find that all the websites on your own server are inexplicably
All the "virus code" is inserted, but you cannot find the source file of the server.
Go to these "virus codes".
------------------------------------------------------------------------------------------------------------
Solution:
1. From the above analysis, we can know that if you want to fundamentally solve this problem,
You must first ask your computer room to find this server with poison, and then interrupt this server with poison.
The server network is used and anti-virus.
2. If the computer room does not help you solve the problem in this way, you can forcefully set up your own server.
The server uses a "static gateway". After setting it up, even if it receives a poisonous server.
The broadcast message: "I am the gateway, and everyone sends the packet and passes me."
Will be affected.
The settings are as follows:
1. On your server desktop,
2. Create a new bat format batch file called "Prevent".
The content of the file is as follows:
arp -d *
arp -s 192.168.0.1 03-00-0f-07-a0-0c
(Of course 192.168.0.1 This IP must be changed to your server gateway IP,
You can ask the computer room to get this IP).
(Among them, 03-00-0f-07-a0-0c, you need to change it to your server gateway
MACAddress, you can also ask the computer room to get this address).
Note: If the computer room does not tell you the MAC address, you can also use it on the server.
Run the arp -a command and you will also see the MAC address of the gateway.
Reminder: If there is an ARP virus, this MAC address may be wrong, you need
Please consult your computer room for confirmation
3. After setting up the batch file, you can double-click to run it. After running, it will be strong
Set your own server to use "static gateway". This will solve it
Problems with ARP virus attack.
Note: You need to rerun this "batch text after each restart of the server
You can also add this "batch file"
In the "Start Item or added to the "Scheduled Task" of the operating system,
Let him run by himself.