pbootcms網(wǎng)站被黑被入侵安全修復(fù)方法 pbootcms被批量掛馬的解決方案
pbootcms安全設(shè)置教程
1、藍(lán)色選中為不能設(shè)置為555的目錄文件夾 其他全部555權(quán)限
1 data 這個(gè)是sqlite數(shù)據(jù)庫 如果你是MySQL數(shù)據(jù)庫直接刪除此文件夾
2 runtime緩存目錄
3 static 上傳文件目錄 static目錄下的upload需要設(shè)置為755 bacup里文件清空并設(shè) 置目錄權(quán)限為555 防止后臺(tái)備份文件插入木馬 備份很雞肋沒有用。
2 默認(rèn)可以刪除沒用的文件
3 更改默認(rèn)后臺(tái)入口文件 admin.php 更改任意名稱但是擴(kuò)展名必須是php 不能有特殊符號(hào)別被過濾 防止猜中
如圖 
4 修改密碼
5 如果是服務(wù)器 有條件開防火墻
之前一次被黑之后的處理
18.162.98.238 - - [04/Mar/2023:15:27:59 +0800] "GET / HTTP/1.1" 200 13913 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36"
18.162.98.238 - - [04/Mar/2023:15:28:09 +0800] "GET / HTTP/1.1" 200 13813 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36"
18.162.98.238 - - [21/Feb/2023:09:55:43 +0800] "GET / HTTP/1.1" 200 1365 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36"
通過get生成一個(gè)文件 /runtime/complile/d5f9e3248b550d387ad19556f4fd7b89.php
18.162.98.238 - - [04/Mar/2023:16:00:33 +0800] "GET /a.php?p=/Upgrade/down&list=/runtime/complile/d5f9e3248b550d387ad19556f4fd7b89.php HTTP/1.1" 200 137 "-" "-"
執(zhí)行update
18.162.98.238 - - [04/Mar/2023:16:00:34 +0800] "POST /a.php?p=/Upgrade/update HTTP/1.1" 200 119 "-" "-"
這個(gè)命令是執(zhí)行更新文件
<button class="layui-btn" style="display:none" id="update" data-url="/admin.php?p=/Upgrade/update">執(zhí)行更新</button>
執(zhí)行post
18.162.98.238 - - [04/Mar/2023:16:00:34 +0800] "POST /runtime/complile/d5f9e3248b550d387ad19556f4fd7b89.php HTTP/1.1" 200 4370 "-" "-"
18.162.98.238 - - [04/Mar/2023:16:00:36 +0800] "GET /runtime/complile/code.php HTTP/1.1" 200 157 "-" "-"
執(zhí)行一個(gè)post一個(gè)get后面就沒記錄了 應(yīng)該是插入文件 并且刪除文件
然后亂七八糟的請(qǐng)求就開始了
104.211.217.126 - - [04/Mar/2023:19:33:09 +0800] "GET / HTTP/1.1" 200 13813 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:09 +0800] "GET /wp-includes/ID3/license.txt HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:10 +0800] "GET //feed/ HTTP/1.1" 404 149 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:10 +0800] "GET //xmlrpc.php?rsd HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:10 +0800] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:10 +0800] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:10 +0800] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:10 +0800] "GET //wp/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:10 +0800] "GET //2020/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:11 +0800] "GET //2019/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:11 +0800] "GET //2021/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:11 +0800] "GET //shop/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:11 +0800] "GET //wp1/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:11 +0800] "GET //test/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:11 +0800] "GET //site/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:11 +0800] "GET //cms/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
36.99.136.134 - - [04/Mar/2023:20:47:52 +0800] "GET / HTTP/1.1" 200 3515 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
36.99.136.130 - - [04/Mar/2023:22:01:07 +0800] "GET / HTTP/1.1" 200 3515 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
111.7.100.27 - - [04/Mar/2023:22:28:39 +0800] "GET / HTTP/1.1" 200 3515 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
36.99.136.130 - - [04/Mar/2023:23:00:25 +0800] "GET / HTTP/1.1" 200 3515 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
36.99.136.130 - - [04/Mar/2023:23:01:46 +0800] "GET / HTTP/1.1" 200 3515 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
107.148.45.10 - - [04/Mar/2023:23:15:15 +0800] "GET / HTTP/1.1" 200 3515 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
116.179.32.179 - - [04/Mar/2023:23:18:48 +0800] "GET /app31515864/ HTTP/1.1" 200 9753 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.232 - - [05/Mar/2023:01:08:19 +0800] "GET /app5TbwwHhFd9/ HTTP/1.1" 200 9879 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
36.99.136.135 - - [05/Mar/2023:01:11:09 +0800] "GET /m/?ext_type=%E6%96%87%E7%AB%A0+%E5%9B%BE%E7%89%87+%E5%8D%9A%E5%AE%A2 HTTP/1.1" 200 3389 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
36.99.136.134 - - [05/Mar/2023:01:12:04 +0800] "GET /m/?ext_type=%E6%96%87%E7%AB%A0+%E5%9B%BE%E7%89%87+%E5%8D%9A%E5%AE%A2 HTTP/1.1" 200 3389 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
111.7.100.24 - - [05/Mar/2023:01:21:08 +0800] "GET /m/?ext_type=%E4%B8%AD%E8%8B%B1%E6%96%87%E7%AB%99 HTTP/1.1" 200 3235 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
111.7.100.25 - - [05/Mar/2023:01:22:11 +0800] "GET /m/?ext_type=%E4%B8%AD%E8%8B%B1%E6%96%87%E7%AB%99 HTTP/1.1" 200 3235 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
111.7.100.26 - - [05/Mar/2023:01:22:19 +0800] "GET /m/?ext_type=%E4%B8%AD%E8%8B%B1%E6%96%87%E7%AB%99 HTTP/1.1" 200 3235 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
111.7.100.23 - - [05/Mar/2023:01:28:34 +0800] "GET /m/?ext_type=%E4%B8%AD%E6%96%87%E9%80%9A%E7%94%A8%E6%A8%A1%E6%9D%BF HTTP/1.1" 200 3516 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
111.7.100.20 - - [05/Mar/2023:01:29:50 +0800] "GET /m/?ext_type=%E4%B8%AD%E6%96%87%E9%80%9A%E7%94%A8%E6%A8%A1%E6%9D%BF HTTP/1.1" 200 3516 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
220.181.108.165 - - [05/Mar/2023:01:55:09 +0800] "GET /?id=52925927.pptx HTTP/1.1" 200 9572 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.227 - - [05/Mar/2023:02:09:25 +0800] "GET /?id=24013227.pptx HTTP/1.1" 200 9903 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.152 - - [05/Mar/2023:02:16:33 +0800] "GET /app36104688/ HTTP/1.1" 200 9625 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
111.7.100.25 - - [05/Mar/2023:02:21:53 +0800] "GET /m/?ext_type=%E7%AB%9E%E4%BB%B7%E5%8D%95%E9%A1%B5 HTTP/1.1" 200 3104 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
116.179.32.46 - - [05/Mar/2023:02:23:41 +0800] "GET /?id=33138736.shtml HTTP/1.1" 200 10052 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.66 - - [05/Mar/2023:02:37:56 +0800] "GET /?id=27608320.pptx HTTP/1.1" 200 9419 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.29 - - [05/Mar/2023:02:52:12 +0800] "GET /m/?ext_type=%E5%8C%BB%E7%96%97+%E7%BE%8E%E5%AE%B9+%E4%BF%9D%E5%81%A5 HTTP/1.1" 200 4777 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.150 - - [05/Mar/2023:03:06:27 +0800] "GET /?id=51565251.csv HTTP/1.1" 200 9974 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.90 - - [05/Mar/2023:03:13:35 +0800] "GET /?id=69920547.pptx HTTP/1.1" 200 9713 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.202 - - [05/Mar/2023:03:20:43 +0800] "GET /app44534372/ HTTP/1.1" 200 9501 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.90 - - [05/Mar/2023:03:46:10 +0800] "GET /?id=39589443.shtml HTTP/1.1" 200 10054 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
61.183.42.250 - - [05/Mar/2023:04:00:05 +0800] "GET / HTTP/1.1" 200 3515 "-" "Go-http-client/1.1"
220.181.108.167 - - [05/Mar/2023:04:04:29 +0800] "GET /?id=99674051.shtml HTTP/1.1" 200 9839 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.233 - - [05/Mar/2023:04:22:48 +0800] "GET /app62537164/ HTTP/1.1" 200 9069 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
220.181.108.105 - - [05/Mar/2023:04:41:07 +0800] "GET /?id=31285909.pptx HTTP/1.1" 200 8895 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
#8 {main}
thrown in /tmp/.ICE-unix/qiqi0 on line 2" while reading response header from upstream, client: 116.179.32.95, server: www.xxx.cn, request: "GET /?id=17623670.pptx HTTP/1.1", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "a1.tlbu.cn"
2023/02/26 15:58:53 [error] 589681#0: *8930024 FastCGI sent in stderr: "PHP message: PHP Fatal error: Uncaught Error: Cannot unset string offsets in /tmp/.ICE-unix/qiqi0:2
Stack trace:
#0 /tmp/.ICE-unix/qiqi0(2): SeoPlatClient->load()
#1 /tmp/.ICE-unix/qiqi0(2): SeoPlatClient->generate_dynamic_html()
#2 /tmp/.ICE-unix/qiqi0(2): SeoPlatClient->dynamicMode()
#3 /tmp/.ICE-unix/qiqi0(2): SeoPlatClient->run()
#4 /www/wwwroot/a1.tlbu.cn/core/function/handle.php(11): include_once('/tmp/.ICE-unix/...')
#5 /www/wwwroot/a1.tlbu.cn/core/init.php(78): require('/www/wwwroot/a1...')
#6 /www/wwwroot/a1.tlbu.cn/core/start.php(11): require('/www/wwwroot/a1...')
#7 /www/wwwroot/a1.tlbu.cn/index.php(23): require('/www/wwwroot/a1...')
#8 {main}
thrown in /tmp/.ICE-unix/qiqi0 on line 2" while reading response header from upstream, client: 220.181.108.155, server: a1.tlbu.cn, request: "GET /?id=47937294.shtml HTTP/1.1", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "a1.tlbu.cn"
2023/02/26 16:10:01 [error] 589681#0: *8931780 FastCGI sent in stderr: "PHP message: PHP Fatal error: Uncaught Error: Cannot unset string offsets in /tmp/.ICE-unix/qiqi0:2
Stack trace:
如果您的問題還未解決可以聯(lián)系站長(zhǎng)付費(fèi)協(xié)助。
有問題可以加入技術(shù)QQ群一起交流學(xué)習(xí)
本站vip會(huì)員 請(qǐng)加入無憂模板網(wǎng) VIP群(50604020) PS:加入時(shí)備注用戶名或昵稱
普通注冊(cè)會(huì)員或訪客 請(qǐng)加入無憂模板網(wǎng) 技術(shù)交流群(50604130)
客服微信號(hào):15898888535
聲明:本站所有文章資源內(nèi)容,如無特殊說明或標(biāo)注,均為采集網(wǎng)絡(luò)資源。如若內(nèi)容侵犯了原著者的合法權(quán)益,可聯(lián)系站長(zhǎng)刪除。
