asp网站安全防护代码-桂林网站建设,网页设计,网页制作,做桂林最实在的网站建设服务

Code:
<%
Response.Buffer = True
On Error Resume Next
'原数据库连接代码放在这里（比如conn.asp的代码）
If Err.Number <> 0 Then
    Response.Clear
    Select Case Err.Number
    Case 0
    Case Else

        If IsObject(conn) Then
            If conn.Errors.Count > 0 Then
                Dblog="Database Error:"
                For intLoop = 0 To objConnection.Errors.Count - 1

                    Dblog=Dblog + "Error No:" + conn.Errors(intLoop).Number + "|"
                    Dblog=Dblog + "Description:" + conn.Errors(intLoop).Description + "|"
                    Dblog=Dblog + "Source:" + conn.Errors(intLoop).Source + "|"
                    Dblog=Dblog + "SQLState:" + conn.Errors(intLoop).SQLState + "|"
                    Dblog=Dblog + "NativeError:" + conn.Errors(intLoop).NativeError + "|"
                Next
                slog(Dblog)
            End If
        End If
        If Err.Number <> 0 Then

            Plog="age Error:"
            Plog=Plog+"Error Number" + Err.Number + "|"
            Plog=Plog+"Error Description" + Err.Description + "|"
            Plog=Plog+"Source " + Err.Source + "|"
            Plog=Plog+"LineNumber " + Err.Line + "|"
            slog(Pblog)
        End If
    Response.Redirect "/no.htm"
    End Select
    Err.Clear
End If
if request.querystring<>"" then stopinjection(request.querystring)
if request.cookies<>"" then stopinjection(request.cookies)
function stopinjection(values)
for each n_get in values
dim l_get, l_get2
for each l_get in values
l_get2 = values(l_get)
set regex = new regexp
regex.ignorecase = true
regex.global = true
   regex.pattern = "(\sunion\s|\sxor\s|\sor\s|\sand\s|/\*|'|;|--|\sdeclare\s|\bselect\b|\bupdate\b|\binsert\b|\.\./|\.\.\\)"
if regex.test(l_get2) then

                                sURL=server.htmlencode(lcase("http://"+Request.ServerVariables("HTTP_HOST")+Request.ServerVariables("SCRIPT_NAME")+"?"+Request.ServerVariables("QUERY_STRING")))
                                IP=server.htmlencode(Request.ServerVariables("HTTP_X_FORWARDED_FOR"))
                                If IP = "" Then
                                  IP=server.htmlencode(Request.ServerVariables("REMOTE_ADDR"))
                                end if

                            slog("<br>Illegal operation IP："&ip&" Illegal operation code："&sURL&" Illegal operation time：" & now())

    alert()
    response.end()
end if
set regex = nothing
next
next
end function

sub alert()
        IP=server.htmlencode(Request.ServerVariables("HTTP_X_FORWARDED_FOR"))
                                If IP = "" Then
                                  IP=server.htmlencode(Request.ServerVariables("REMOTE_ADDR"))
                                end if
Response.Write "System automatically holds up illegal operation code!"&server.htmlencode(Request.ServerVariables("QUERY_STRING"))&"Your true IP is"&ip&"<script>alert('"&now()&" System automatically holds up illegal operation code,records your illegal operation!');location.href='"&server.htmlencode(lcase("http://"+Request.ServerVariables("HTTP_HOST")+"/no.htm"))&"';</script>"
        Response.end
end sub
sub slog(logs)
        toppath = Server.Mappath("log.htm")
                                Set fs = CreateObject("scripting.filesystemobject")
                                If Not Fs.FILEEXISTS(toppath) Then
                                    Set Ts = fs.createtextfile(toppath, True)
                                    Ts.close
                                end if
                                Set Ts= Fs.OpenTextFile(toppath,1)
                                    Do While Not Ts.AtEndOfStream
                                            Errorlog = Errorlog & Ts.ReadLine & chr(13) & chr(10)
                                    loop
                                    Ts.close
                                    Errorlog =Errorlog & logs
                                    Set Ts= Fs.OpenTextFile(toppath,2)
                                    Ts.writeline (Errorlog)
                                    Ts.Close
end sub
%>
下面是检测到攻击跳转的页面no.htm

<head>
<meta http-equiv="Content-Type" c />
<title></title>
<style type="text/css">

</style>
</head>
<body>
<table width="100%" height="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
    <td valign="middle"><table width="347" border="0" align="center" cellpadding="0" cellspacing="0">

      <tr>
        <td>您访问的地址不存在或已更改。<br>
          系统将在 <span class="zi_1">5</span> 秒钟内返回首页，如无响应，请单击下面按钮<span class="zi_1">返回
          <a href="http://www.safe3.cn/">www.safe3.cn</a></span></td>
      </tr>

    </table></td>
</tr>
</table>
<script language=JavaScript>
setTimeout("top.window.location='http://www.safe3.cn/';",3000);
</script>
</body>
</html>

使用方法

找到网站下面包含Server.CreateObject("ADODB.Connection")的asp文件，一般为conn.asp
将上面红色“原数据库连接代码放在这里（比如conn.asp的代码）”的地方用conn.asp里面的代码替换，保存为新的conn.asp，运行发现攻击后会在当前目录下生成一个log.htm的文件，该文件记录了黑客的非法操作和ip地址，请将no.htm这个文件放于网站根目录下，发现攻击后会跳转到该页，其中的网址大家改成自己的吧！