9q13nh 发表于 2024-10-3 09:54:22

我是一名白帽黑客,今天博客被黑了

<img src="https://mmbiz.qpic.cn/mmbiz_gif/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhsroP0zGIkQwicOWyheAcJPickOy0GiaNCM4ql07MRXe1ES0CbM5ohxZFA/640?wx_fmt=gif&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1" style="width: 50%; margin-bottom: 20px;">
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">人在江湖漂,哪能不挨刀。我的博客在21号被黑了,想不到从来都是我黑人,如今却惨被人黑(<span style="color: black;">哀痛</span>脸)</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">其实挨刀不可怕,可怕的是他砍到了我这块铁板上,滋出了一溜的火花。<span style="color: black;">所说</span>知己知彼方能百战不殆,必须<span style="color: black;">晓得</span>对方是<span style="color: black;">怎样</span>拿下我网站的,<span style="color: black;">倘若</span>不分析出<span style="color: black;">原由</span>,下次被黑的还是我。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">因此</span>接下来,<span style="color: black;">咱们</span>要对<span style="color: black;">全部</span>入侵事件进行一次简单的分析。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">博客基本<span style="color: black;">状况</span></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">我博客用的系统是 centos6,博客程序是emlog的cms。模块是一个付费模块【fly】</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">说实话这个模块挺好看的,首次安装的时候我就D盾扫了下,<span style="color: black;">瞧瞧</span>是不是有后门,扫描结果除了<span style="color: black;">发掘</span>几个加密的php文件,其他看起来<span style="color: black;">亦</span>没啥毛病,<span style="color: black;">因此</span>就没管了,想不到<span style="color: black;">便是</span>这几个加密文件,才<span style="color: black;">引起</span>了博客被入侵。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">被入侵的时间是8月21号,登录服务器后<span style="color: black;">发掘</span>文件被删,index.php文件被篡改。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">文件修改时间是2018年8月21日18:04:15</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">被挂的黑页如下:</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhicgHVUnrxvQon42qPCOKMovGDxNZeVlEgxPJAYHbTpfzTBFUKYfYbwQ/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">等等,这不是我<span style="color: black;">运用</span>的模块售后群吗?</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">难道是作者黑了我的站点?</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">当然不排除是其他黑客黑了以后故意甩锅给作者,<span style="color: black;">因此</span><span style="color: black;">咱们</span>先来分析一下日志再说。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">入侵过程分析</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">首要</span>我博客是用宝塔的<span style="color: black;">掌控</span>面板,<span style="color: black;">然则</span>我888端口做了白名单,<span style="color: black;">仅有</span>跳板IP<span style="color: black;">能够</span><span style="color: black;">拜访</span>这个端口,ssh端口<span style="color: black;">亦</span>做了白名单,<span style="color: black;">无</span>开放ftp,mysql<span style="color: black;">无</span>开放外联,waf用的云锁。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">第1</span>步<span style="color: black;">咱们</span>先登录云锁<span style="color: black;">瞧瞧</span>,在20号<span style="color: black;">上下</span><span style="color: black;">无</span><span style="color: black;">发掘</span>可疑日志。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">那样</span><span style="color: black;">咱们</span>先<span style="color: black;">瞧瞧</span>日志吧,先拨号上跳板,<span style="color: black;">而后</span>输入xxxx.cc:888登录云锁<span style="color: black;">掌控</span>台。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">然后进入【安全】菜单,点击web日志的路径进入。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhH266Ro3Qh3sicqic36C8FZQibcJI5UspgibgBKBJwhvjnxdt58xEHqzhWw/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">而后</span>下载19号之前和22号以后的日志</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhjqvtJZbz0Dn4MXqTYUh0078ZwIsd6OicfI0sVm1EWoyIqsr2mpvAuxA/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">我的博客<span style="color: black;">亦</span>没啥流量,<span style="color: black;">因此</span>日志文件比较小,直接notepad++打开就行了。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">由于</span>之前看到那个黑页的修改时间是2018年8月21日16:15:15</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">因此</span>直接定位到8月21日18点04分<span style="color: black;">上下</span>的部分<span style="color: black;">起始</span>看.</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">直接在notepad++里面<span style="color: black;">查询</span>关键词【.php】</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhf6TdncAB1SdESoe9OQzZX4xWKyFOjEsBRWHbbKno3Kp2VWHrUqicTeA/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">而后</span>定位到18点以后的部分。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhfcJJ5EF3PKibO0GQPmMHTPFhEXAHvRcdwobeibjdmMy6e2Oia1ib24QAzQ/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">疑似入侵者IP:222.240.56.48</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">查找</span>一下,湖南长沙的</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">此刻</span>咱们挨个文件<span style="color: black;">瞧瞧</span>他是<span style="color: black;">怎样</span>发起攻击的。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">多做备份<span style="color: black;">才可</span>减少损失</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">由于</span>博客上的文件<span style="color: black;">已然</span>被他删得差不多了,只剩下<span style="color: black;">有些</span>配图文件夹,<span style="color: black;">不外</span>还好对接了阿里云的oss。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">每3天自动备份整站到阿里云oss。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">这儿</span>不得不赞一下阿里云的oss,<span style="color: black;">倘若</span>只是归档存储的话,价格很便宜,不下载备份文件<span style="color: black;">不消</span>付费,只要购买储存空间就行了</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">咱们</span>登录阿里云<span style="color: black;">掌控</span>台,进入oss存储。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhPtIxBtMP0cqqEQKzM3BlIQQjHicv8LxRNxaVcbibGRaGycOyJo1icKRxA/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">而后</span>进入文件管理,<span style="color: black;">能够</span>看到在19号之前的备份文件都是30多M</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">然则</span>22号以后备份<span style="color: black;">仅有</span>10多M了</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhbCPrmdadxmibk15a7HN4MRqwvDF2Em9qx9xkbHpmlok7iavTj2bibicS2w/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">因此</span><span style="color: black;">咱们</span>得下载19号的这个备份文件去恢复到博客。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">点击19号这个文件,进入以后解冻文件,<span style="color: black;">而后</span>等大概两分钟就会解冻成功。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrh5ZtLWricwT7Qlj3e37azAZOt9nplypraOXVS1MQAY3Tz6BvPWia8tt6w/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">而后</span>就能看到下载<span style="color: black;">位置</span>了,直接下载后上传到<span style="color: black;">咱们</span>博客,<span style="color: black;">而后</span>解压就行了。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">----小提示----</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">在恢复站点前,<span style="color: black;">咱们</span>先闭站。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">先把80端口和443端口加个白名单,只<span style="color: black;">准许</span><span style="color: black;">咱们</span>的IP<span style="color: black;">拜访</span>,<span style="color: black;">这般</span><span style="color: black;">能够</span>避免在你<span style="color: black;">无</span>查出问题之前,又被人给黑了。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">官方后门 最为致命</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">他<span style="color: black;">拜访</span>的<span style="color: black;">第1</span>个文件 /include/lib/checkcode.php</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">咱们</span>本地<span style="color: black;">拜访</span>以下<span style="color: black;">瞧瞧</span>,<span style="color: black;">发掘</span>这是验证码的文件。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhicd7lPcwdicE42UvxGFTX9WCH6XDSKPs1DDJZYjfWp1CzYXOlKF1N90g/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">第二个文件/content/templates/FLY/inc/ajax.php?a=ajax</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">咱们</span>直接<span style="color: black;">拜访</span>后<span style="color: black;">表示</span>;</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">{"code":"208"}</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhJO5nB8wHAs8ibNRwPJk3MHg9S6DfxNian1hNqZNlGV3YYwsjDL2GLWkA/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">倘若</span>管理员<span style="color: black;">处在</span>登录博客状态,会返回账号<span style="color: black;">秘码</span>等等数据。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhclNVIIDko4wgfNCSUDeALXEEDlvAw0kcFD1F6UwA2LUjAzvQuniaPHg/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">那样</span>问题肯定出在这个ajax.php上面了,<span style="color: black;">咱们</span>打开<span style="color: black;">瞧瞧</span>。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">厉害厉害,加密了,<span style="color: black;">这儿</span>非常感谢“空格表哥”帮忙解密了这个文件</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhJ7wjUg88cx5dY9AW5jxwByHE1t5hxib7iaPG2EjNB1t9vuibeCTgl1QHA/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">咱们</span><span style="color: black;">查询</span>ajax<span style="color: black;">瞧瞧</span>,<span style="color: black;">发掘</span>在<span style="color: black;">这儿</span>,账号<span style="color: black;">秘码</span>被打印出来了。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhEzvDDxnnvbx39HQNZicEvn0gZiahNUUg5etoDkhmDibAjaGREV8EQxhhQ/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">日志里面<span style="color: black;">发掘</span>post了一个数据</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">/content/templates/FLY/inc/ajax.php?a=login</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrh7xC9IR6ic2mhpA0rCufqzcXDH1sDkN1dbbaaXSmq9XaO3gYXlRK79icg/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">我们在解密后的ajax.php里面搜索login<span style="color: black;">瞧瞧</span></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">好家伙,官方后门真可怕,看到我注释的<span style="color: black;">地区</span>,<span style="color: black;">已然</span>明白大概是啥意思了。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhUCLickPWEia8uAGeKR7rIuWO8yJnrY6IIng4nbZIzWVoTdAblMeviakLw/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">咱们</span>登录博客后台后,会把url 账号 <span style="color: black;">秘码</span>等等数据传送到作者的以下<span style="color: black;">位置</span>。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">https://api.pjax.cn/i.php?data=</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">贴上代码</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrh8JdqhjpcAJqZmyFma6rAfR1tncbYM19Zicb2bEC8SrXIWicb6NdWcia3g/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">咱们</span>继续往下看。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">在<span style="color: black;">这儿</span>他上传了一个模块文件,<span style="color: black;">而后</span>安装。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhliaxVWQId6QTYXKS4Ugiaerz95yWsY2136RlQwcWibpbvAUlEQ3lccBsA/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">由于</span>日志里面<span style="color: black;">无</span><span style="color: black;">发掘</span>他<span style="color: black;">拜访</span>了其他PHP文件,<span style="color: black;">因此</span>我首页文件index.php被修改的可能<span style="color: black;">仅有</span>一个,<span style="color: black;">便是</span>他上传的模块里面<span style="color: black;">已然</span>写好了黑页,<span style="color: black;">而后</span>上传模块,覆盖掉我网站上面的首页文件。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">而后</span>删除我的模块,这<span style="color: black;">亦</span>证明了<span style="color: black;">为何</span>只删除了模块,而我<span style="color: black;">文案</span>配图文件夹都还在的<span style="color: black;">原由</span>。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhshZS04wraTdLkdxAOerTopzPO2ouOgibOLqvicH4icLcJibM2qQ8Ar0ciaA/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">咱们</span>该去找找攻击者了</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">先再确认一下是不是作者干的,<span style="color: black;">经过</span>日志<span style="color: black;">已然</span><span style="color: black;">晓得</span>IP<span style="color: black;">位置</span>了。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">222.240.56.48</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">查找</span>是湖南长沙的。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhGUVXhSic4zUbN3raLCyV0nkbPEzEmKwhmv3ro01jQuPEtYSIgrHOibog/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">没错了,<span style="color: black;">便是</span>你了,直接问下作者是啥意思。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrh6bkhsicBdtbO8PWPlicFRbrybND8Dmvf6r7FTWkojZcf2EOneYbRyOng/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhLE0fZiamXZwm08lovAqVqIMOnt3MCZViawdusjBSXgRo8Ql6FAib7WaZQ/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/LFP9SpGv0PG9X2zZ6n6lWKwO5eTvRKrhX9CjW58a1vIo6J0l8bbBknLMykepnbJQ4ghj0ib4icDe8aKyVBwcZzsA/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">事情<span style="color: black;">已然</span>很明了啦,<span style="color: black;">由于</span>我之前购买以后换过一次域名,作者以为我<span style="color: black;">此刻</span>这个域名是盗用了他的模块,<span style="color: black;">而后</span>把我日的,躺枪了,这他妈是误伤啊。<span style="color: black;">然则</span>模块存在后门这个是事实。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">总结下过程</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">1.作者在/content/templates/FLY/inc/ajax.php文件里面写了个后门</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">2.<span style="color: black;">咱们</span>正常登录后台以后,会自动把你的后台<span style="color: black;">位置</span>,账号<span style="color: black;">秘码</span>发送到作者哪里</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">3.<span style="color: black;">而后</span>作者那边有个授权列表,会做对比,<span style="color: black;">倘若</span>不在授权列表里面,会单独标记出来。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">4.<span style="color: black;">而后</span>某一天你就被作者删模块,挂黑页了.....</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">避免被日方法</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">以防护软件【云锁】为例;</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">打开云锁,进入<span style="color: black;">仔细</span>设置</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">进入漏洞防护设置</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">新增一条防护规则</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">用正则禁止<span style="color: black;">拜访</span>/admin后台下的文件。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">正则表达式;</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">/admin(*?)</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;">重视</span>:新增这个规则以后你会<span style="color: black;">没法</span><span style="color: black;">拜访</span>后台,<span style="color: black;">不外</span>你<span style="color: black;">能够</span>把你ip<span style="color: black;">或</span>跳板机加入白名单,以后<span style="color: black;">仅有</span>你跳板机和你IP<span style="color: black;">能够</span><span style="color: black;">拜访</span>/admin下面的所有文件。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">继续禁止ajax=login</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">(*?)?a=login</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">禁止下列几个文件<span style="color: black;">拜访</span></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">useragent_setting.php</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">install.php.lock</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">setting.php</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">functions.php</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">写在最后</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">虽然这是<span style="color: black;">一块</span>误伤事件,<span style="color: black;">然则</span>改变不了把我站黑了的事实。</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">好啦今天萌萌的内容就到这啦,<span style="color: black;">重视</span>下方呦!<img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></strong></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">附一:PHP试学公开课,报名<span style="color: black;">就可</span>参加</span></strong></span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;"><span style="color: black;">附二:专业老师<span style="color: black;">微X</span>号</span></strong></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;"><span style="color: black;">附三:PHP技术交流群</span></strong></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></p>




页: [1]
查看完整版本: 我是一名白帽黑客,今天博客被黑了