网站SQL被注入，怎么防？

============================================

'--------版权说明------------------

'SQL通用防注入程序 V3.1 β

'2.0强化版，对代码做了一点优化，加入自动封注入者Ip的功能！^_^

'3.0版，加入后台登陆查看注入记录功能，方便网站管理员查看非法记录，以及删除以前的记录，是否对入侵者Ip解除封锁！

'3.1 β版，加入对cookie部分的过滤，加入了对用js书写的asp程序的支持！

'Neeao站点：http://www.neeao.com

'Mail:neeaocn[AT]Gamil.com

'

'--------定义部份------------------

Dim N_Post,N_Get,N_In,N_Inf,N_Xh,N_db,N_dbstr,Kill_IP,WriteSql

Dim aApplicationValue

N_In = "'||and|(|)|exec|insert|select|delete|update|count|*|%|chr|master|truncate|char|declare"

Kill_IP = 1

WriteSql = 1

alert_url = "/index.asp"

alert_info = "请不要在参数中包含非法字符尝试注入！\n如果你多次尝试,我们将屏蔽你所在的IP!\n\n"

kill_info = "系统提示你↓你的Ip已经被自动锁定！\n\n如想访问本站请和管理员联系！"

N_type = 4

Sec_Forms = ""

Sec_Form_open = 0

Sec_Form = split(Sec_Forms,"|")

N_Inf = split(N_In,"|")

If Kill_IP=1 Then Stop_IP

If Request.Form<>"" Then StopInjection(Request.Form)

If Request.QueryString<>"" Then StopInjection(Request.QueryString)

If Request.Cookies<>"" Then StopInjection(Request.Cookies)

Function Stop_IP()

Dim Sqlin_IP,rsKill_IP,Kill_IPsql

Sqlin_IP = Request.ServerVariables("HTTP_X_FORWARDED_FOR")

if Sqlin_IP="" then

Sqlin_IP = Request.ServerVariables("REMOTE_ADDR")

end if

Kill_IPsql="select Sqlin_IP from SqlIn where Sqlin_IP='"&Sqlin_IP&"' and kill_ip=1"

Set rsKill_IP=conn.execute(Kill_IPsql)

If Not(rsKill_IP.eof or rsKill_IP.bof) Then

N_Alert(kill_info)

Response.End

End If

rsKill_IP.close

End Function

Function N_Alert(alert_info)

Dim str

str = "<"&"Script Language=JavaScript"&">"

Select Case N_type

Case 1

str = str &"window.opener=nullwindow.close()"

Case 2

str = str &"alert('"&alert_info&"http://www.Neeao.Com\n\nBy:Neeao')window.opener=nullwindow.close()"

Case 3

str = str &"location.href='"&alert_url&"'"

Case 4

str = str &"alert('"&alert_info&"')window.opener=nullwindow.close()"

end Select

str = str &"<"&"/Script"&">"

response.write str

End Function

Function intype(values)

Select Case values

Case Request.Form

intype = "Post"

Case Request.QueryString

intype = "Get"

Case Request.Cookies

intype = "Cookies"

end Select

End Function

Function StopInjection(values)

For Each N_Get In values

If values = Request.Form Then

If Sec_Form_open = 1 Then

Security_From(values)

Else

Select_BadChar(values)

End If

Else

Select_BadChar(values)

End If

Next

End Function

Function Select_BadChar(values)

For N_Xh=0 To Ubound(N_Inf)

If Instr(LCase(values(N_Get)),N_Inf(N_Xh))<>0 Then

If WriteSql = 1 Then InsertInfo(values)

N_Alert(alert_info)

Response.End

End If

Next

End Function

Function Security_From(values)

For N_i=0 To UBound(Sec_Form)

response.write N_Get

If Instr(LCase(N_Get),Sec_Form(N_i))= 0 Then Select_BadChar(values)

Next

End Function

Function InsertInfo(values)

Dim ip,url,sql

ip = Request.ServerVariables("HTTP_X_FORWARDED_FOR")

if IP="" then

IP = Request.ServerVariables("REMOTE_ADDR")

end if

'ip = Request.ServerVariables("REMOTE_ADDR")

url = Request.ServerVariables("URL")

sql = "insert into SqlIn(Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ,SqlIn_Time) values('"&ip&"','"&url&"','"&intype(values)&"','"&N_Get&"','"&N_Replace(values(N_Get))&"','"&Now()&"')"

'response.write sql

conn.Execute(sql)

set rs=server.createobject("adodb.recordset")

sql="select count(id) as countid from SqlIn where sqlin_IP='"&ip&"'"

rs.open sql,conn,2,3

if rs("countid")>5 then

sql="update SqlIn set kill_ip=1 where sqlin_ip='"&ip&"'"

conn.execute(sql)

end if

rs.close

set rs=nothing

conn.close

Set conn = Nothing

End Function

Function N_Replace(N_urlString)

N_urlString = Replace(N_urlString,"'","''")

N_urlString = Replace(N_urlString, ">", ">")

N_urlString = Replace(N_urlString, "<", "<")

N_Replace = N_urlString

End Function

===================================================

注册码:

RAR registration data

Eric Blanc

Single PC usage license

UID=cf406101f338727ed323

6412212250d3231bbd75e709e1c7b2bdbf7ec57818de5bad38e0ba

c8c58271749eb746f0386035c6ab9048e2c5c62f0238f183d28519

aa87488bf38f5b634cf28190bdf438ac593b1857cdb55a7fcb0eb0

c3e4c2736090b3dfa45384e08e9de05c5860826fa66fb2013f9a3b

7057d62fea3ed9e8876aa47a5bf5aa7dc6480eac87c56ecf87112f

bc214cf0f36834ef5b28504ad077402dd548c1dc97f35cf9603e10

bd9fb48cc1324676f851d4cd9c0eccb58b90f1257c3c1994543524

注:新建一记事本.粘贴上面的注册码进记事本,保存,在将文件名存为rarreg,再将后缀名改为key ,复制到WinRAR目录下即可。

软驱？这都啥年代了。。

我只用VMware装过win7 xp 和linux什么的。进入VMWARE之后新建一个虚拟硬盘，设置好内存什么的，然后给这台虚拟的电脑“打开电源”，进入之后载入你要安装的 *** 作系统的镜像文件，之后就可以安装啦

如果没能读取你要安装的 *** 作系统的镜像文件的话，进入你虚拟的这台“电脑”的bios设置一下，貌似是F2？我也不记得了。你可以去搜一下vmware的使用方法

---