pbootcms网站被黑被入侵安全修复方法 pbootcms被批量挂马的解决方案
pbootcms安全设置教程
1、蓝色选中为不能设置为555的目录文件夹 其他全部555权限
1 data 这个是sqlite数据库 如果你是MySQL数据库直接删除此文件夹
2 runtime缓存目录
3 static 上传文件目录 static目录下的upload需要设置为755 bacup里文件清空并设 置目录权限为555 防止后台备份文件插入木马 备份很鸡肋没有用。
2 默认可以删除没用的文件
3 更改默认后台入口文件 admin.php 更改任意名称但是扩展名必须是php 不能有特殊符号别被过滤 防止猜中
如图 
4 修改密码
5 如果是服务器 有条件开防火墙
之前一次被黑之后的处理
18.162.98.238 - - [04/Mar/2023:15:27:59 +0800] "GET / HTTP/1.1" 200 13913 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36"
18.162.98.238 - - [04/Mar/2023:15:28:09 +0800] "GET / HTTP/1.1" 200 13813 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36"
18.162.98.238 - - [21/Feb/2023:09:55:43 +0800] "GET / HTTP/1.1" 200 1365 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36"
通过get生成一个文件 /runtime/complile/d5f9e3248b550d387ad19556f4fd7b89.php
18.162.98.238 - - [04/Mar/2023:16:00:33 +0800] "GET /a.php?p=/Upgrade/down&list=/runtime/complile/d5f9e3248b550d387ad19556f4fd7b89.php HTTP/1.1" 200 137 "-" "-"
执行update
18.162.98.238 - - [04/Mar/2023:16:00:34 +0800] "POST /a.php?p=/Upgrade/update HTTP/1.1" 200 119 "-" "-"
这个命令是执行更新文件
<button class="layui-btn" style="display:none" id="update" data-url="/admin.php?p=/Upgrade/update">执行更新</button>
执行post
18.162.98.238 - - [04/Mar/2023:16:00:34 +0800] "POST /runtime/complile/d5f9e3248b550d387ad19556f4fd7b89.php HTTP/1.1" 200 4370 "-" "-"
18.162.98.238 - - [04/Mar/2023:16:00:36 +0800] "GET /runtime/complile/code.php HTTP/1.1" 200 157 "-" "-"
执行一个post一个get后面就没记录了 应该是插入文件 并且删除文件
然后乱七八糟的请求就开始了
104.211.217.126 - - [04/Mar/2023:19:33:09 +0800] "GET / HTTP/1.1" 200 13813 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:09 +0800] "GET /wp-includes/ID3/license.txt HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:10 +0800] "GET //feed/ HTTP/1.1" 404 149 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:10 +0800] "GET //xmlrpc.php?rsd HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:10 +0800] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:10 +0800] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:10 +0800] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:10 +0800] "GET //wp/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:10 +0800] "GET //2020/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:11 +0800] "GET //2019/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:11 +0800] "GET //2021/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:11 +0800] "GET //shop/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:11 +0800] "GET //wp1/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:11 +0800] "GET //test/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:11 +0800] "GET //site/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
104.211.217.126 - - [04/Mar/2023:19:33:11 +0800] "GET //cms/wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
36.99.136.134 - - [04/Mar/2023:20:47:52 +0800] "GET / HTTP/1.1" 200 3515 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
36.99.136.130 - - [04/Mar/2023:22:01:07 +0800] "GET / HTTP/1.1" 200 3515 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
111.7.100.27 - - [04/Mar/2023:22:28:39 +0800] "GET / HTTP/1.1" 200 3515 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
36.99.136.130 - - [04/Mar/2023:23:00:25 +0800] "GET / HTTP/1.1" 200 3515 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
36.99.136.130 - - [04/Mar/2023:23:01:46 +0800] "GET / HTTP/1.1" 200 3515 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
107.148.45.10 - - [04/Mar/2023:23:15:15 +0800] "GET / HTTP/1.1" 200 3515 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
116.179.32.179 - - [04/Mar/2023:23:18:48 +0800] "GET /app31515864/ HTTP/1.1" 200 9753 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.232 - - [05/Mar/2023:01:08:19 +0800] "GET /app5TbwwHhFd9/ HTTP/1.1" 200 9879 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
36.99.136.135 - - [05/Mar/2023:01:11:09 +0800] "GET /m/?ext_type=%E6%96%87%E7%AB%A0+%E5%9B%BE%E7%89%87+%E5%8D%9A%E5%AE%A2 HTTP/1.1" 200 3389 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
36.99.136.134 - - [05/Mar/2023:01:12:04 +0800] "GET /m/?ext_type=%E6%96%87%E7%AB%A0+%E5%9B%BE%E7%89%87+%E5%8D%9A%E5%AE%A2 HTTP/1.1" 200 3389 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
111.7.100.24 - - [05/Mar/2023:01:21:08 +0800] "GET /m/?ext_type=%E4%B8%AD%E8%8B%B1%E6%96%87%E7%AB%99 HTTP/1.1" 200 3235 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
111.7.100.25 - - [05/Mar/2023:01:22:11 +0800] "GET /m/?ext_type=%E4%B8%AD%E8%8B%B1%E6%96%87%E7%AB%99 HTTP/1.1" 200 3235 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
111.7.100.26 - - [05/Mar/2023:01:22:19 +0800] "GET /m/?ext_type=%E4%B8%AD%E8%8B%B1%E6%96%87%E7%AB%99 HTTP/1.1" 200 3235 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
111.7.100.23 - - [05/Mar/2023:01:28:34 +0800] "GET /m/?ext_type=%E4%B8%AD%E6%96%87%E9%80%9A%E7%94%A8%E6%A8%A1%E6%9D%BF HTTP/1.1" 200 3516 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
111.7.100.20 - - [05/Mar/2023:01:29:50 +0800] "GET /m/?ext_type=%E4%B8%AD%E6%96%87%E9%80%9A%E7%94%A8%E6%A8%A1%E6%9D%BF HTTP/1.1" 200 3516 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
220.181.108.165 - - [05/Mar/2023:01:55:09 +0800] "GET /?id=52925927.pptx HTTP/1.1" 200 9572 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.227 - - [05/Mar/2023:02:09:25 +0800] "GET /?id=24013227.pptx HTTP/1.1" 200 9903 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.152 - - [05/Mar/2023:02:16:33 +0800] "GET /app36104688/ HTTP/1.1" 200 9625 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
111.7.100.25 - - [05/Mar/2023:02:21:53 +0800] "GET /m/?ext_type=%E7%AB%9E%E4%BB%B7%E5%8D%95%E9%A1%B5 HTTP/1.1" 200 3104 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
116.179.32.46 - - [05/Mar/2023:02:23:41 +0800] "GET /?id=33138736.shtml HTTP/1.1" 200 10052 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.66 - - [05/Mar/2023:02:37:56 +0800] "GET /?id=27608320.pptx HTTP/1.1" 200 9419 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.29 - - [05/Mar/2023:02:52:12 +0800] "GET /m/?ext_type=%E5%8C%BB%E7%96%97+%E7%BE%8E%E5%AE%B9+%E4%BF%9D%E5%81%A5 HTTP/1.1" 200 4777 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.150 - - [05/Mar/2023:03:06:27 +0800] "GET /?id=51565251.csv HTTP/1.1" 200 9974 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.90 - - [05/Mar/2023:03:13:35 +0800] "GET /?id=69920547.pptx HTTP/1.1" 200 9713 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.202 - - [05/Mar/2023:03:20:43 +0800] "GET /app44534372/ HTTP/1.1" 200 9501 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.90 - - [05/Mar/2023:03:46:10 +0800] "GET /?id=39589443.shtml HTTP/1.1" 200 10054 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
61.183.42.250 - - [05/Mar/2023:04:00:05 +0800] "GET / HTTP/1.1" 200 3515 "-" "Go-http-client/1.1"
220.181.108.167 - - [05/Mar/2023:04:04:29 +0800] "GET /?id=99674051.shtml HTTP/1.1" 200 9839 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
116.179.32.233 - - [05/Mar/2023:04:22:48 +0800] "GET /app62537164/ HTTP/1.1" 200 9069 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
220.181.108.105 - - [05/Mar/2023:04:41:07 +0800] "GET /?id=31285909.pptx HTTP/1.1" 200 8895 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
#8 {main}
thrown in /tmp/.ICE-unix/qiqi0 on line 2" while reading response header from upstream, client: 116.179.32.95, server: www.xxx.cn, request: "GET /?id=17623670.pptx HTTP/1.1", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "a1.tlbu.cn"
2023/02/26 15:58:53 [error] 589681#0: *8930024 FastCGI sent in stderr: "PHP message: PHP Fatal error: Uncaught Error: Cannot unset string offsets in /tmp/.ICE-unix/qiqi0:2
Stack trace:
#0 /tmp/.ICE-unix/qiqi0(2): SeoPlatClient->load()
#1 /tmp/.ICE-unix/qiqi0(2): SeoPlatClient->generate_dynamic_html()
#2 /tmp/.ICE-unix/qiqi0(2): SeoPlatClient->dynamicMode()
#3 /tmp/.ICE-unix/qiqi0(2): SeoPlatClient->run()
#4 /www/wwwroot/a1.tlbu.cn/core/function/handle.php(11): include_once('/tmp/.ICE-unix/...')
#5 /www/wwwroot/a1.tlbu.cn/core/init.php(78): require('/www/wwwroot/a1...')
#6 /www/wwwroot/a1.tlbu.cn/core/start.php(11): require('/www/wwwroot/a1...')
#7 /www/wwwroot/a1.tlbu.cn/index.php(23): require('/www/wwwroot/a1...')
#8 {main}
thrown in /tmp/.ICE-unix/qiqi0 on line 2" while reading response header from upstream, client: 220.181.108.155, server: a1.tlbu.cn, request: "GET /?id=47937294.shtml HTTP/1.1", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "a1.tlbu.cn"
2023/02/26 16:10:01 [error] 589681#0: *8931780 FastCGI sent in stderr: "PHP message: PHP Fatal error: Uncaught Error: Cannot unset string offsets in /tmp/.ICE-unix/qiqi0:2
Stack trace:
如果您的问题还未解决可以联系站长付费协助。
有问题可以加入技术QQ群一起交流学习
本站vip会员 请加入无忧模板网 VIP群(50604020) PS:加入时备注用户名或昵称
普通注册会员或访客 请加入无忧模板网 技术交流群(50604130)
客服微信号:15898888535
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若内容侵犯了原著者的合法权益,可联系站长删除。
