设为首页收藏本站
切换到宽版

全球主机交流论坛

 找回密码
 注册

QQ登录

只需一步,快速开始

全球主机交流论坛»论坛 主机综合交流 美国VPS综合讨论 应该是找到问题了 吗的 php文件挂马了
IP归属甄别会员请立即修改密码
返回列表 发新帖
查看: 980|回复: 3
打印 上一主题 下一主题

应该是找到问题了 吗的 php文件挂马了

[复制链接]
Chen
跳转到指定楼层
1#
发表于 2023-7-20 21:06:52 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
  1. 180.101.245.247 - - [20/Jul/2023:19:59:08 +0800] "GET /tag/burst HTTP/1.1" 200 7860 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36"
  2. 180.101.245.247 - - [20/Jul/2023:19:59:08 +0800] "GET /wp-content/themes/69rmb/font/josefinsans-regular-webfont.woff HTTP/1.1" 200 24176 "http://www.1.com/wp-content/themes/69rmb/style.css" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36"
  3. 180.101.244.14 - - [20/Jul/2023:19:59:08 +0800] "GET /wp-content/themes/69rmb/functions/timthumb.php?src=http://www.1.com/img/1_2012.03.30_15h26m32s_022_.png&h=112&w=112&zc=1 HTTP/1.1" 200 11798 "http://www.1com/tag/burst" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36"
  4. 180.101.245.248 - - [20/Jul/2023:19:59:09 +0800] "GET /wp-content/themes/69rmb/highslide/graphics/zoomout.cur HTTP/1.1" 200 4286 "http://www.1.com/tag/burst" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36"
  5. 180.101.245.250 - - [20/Jul/2023:19:59:53 +0800] "GET /about/comment-page-2 HTTP/1.1" 200 9751 "-" "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"
  6. 220.196.160.76 - - [20/Jul/2023:19:59:54 +0800] "GET /about/comment-page-2 HTTP/1.1" 200 9750 "-" "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"
  7. 220.196.160.95 - - [20/Jul/2023:19:59:55 +0800] "GET /wp-content/themes/69rmb/font/josefinsans-regular-webfont.woff HTTP/1.1" 200 24176 "http://www.1.com/wp-content/themes/69rmb/style.css" "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"
  8. 177.55.118.104 - - [20/Jul/2023:20:00:17 +0800] "POST /xmlrpc.php HTTP/1.1" 503 18942 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.0"
  9. 110.54.163.122 - - [20/Jul/2023:20:00:32 +0800] "GET / HTTP/2.0" 200 10170 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  10. 110.54.163.122 - - [20/Jul/2023:20:00:35 +0800] "GET /wp-content/themes/69rmb/functions/timthumb.php?src=https://www.1.com/img/2022/03/[email protected]&h=112&w=112&zc=1 HTTP/2.0" 200 12718 "https://www.1.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  11. 110.54.163.122 - - [20/Jul/2023:20:00:35 +0800] "GET /wp-content/themes/69rmb/functions/timthumb.php?src=https://www.1.com/img/2014/07/QQ%E6%88%AA%E5%9B%BE20140702213347.jpg&h=112&w=112&zc=1 HTTP/2.0" 200 5155 "https://www.1.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  12. 110.54.163.122 - - [20/Jul/2023:20:00:35 +0800] "GET /wp-content/themes/69rmb/functions/timthumb.php?src=https://www.1.com/img/2015/07/IMG_7748.jpg&h=112&w=112&zc=1 HTTP/2.0" 200 4794 "https://www.1.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  13. 110.54.163.122 - - [20/Jul/2023:20:00:35 +0800] "GET /wp-content/themes/69rmb/functions/timthumb.php?src=https://www.1.com/img/2022/02/QQ%E6%88%AA%E5%9B%BE20220218010250.png&h=112&w=112&zc=1 HTTP/2.0" 200 4999 "https://www.1.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  14. 110.54.163.122 - - [20/Jul/2023:20:00:38 +0800] "GET /favicon.ico HTTP/2.0" 200 4286 "https://www.1.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  15. 110.54.163.122 - - [20/Jul/2023:20:00:39 +0800] "GET /wp-content/themes/69rmb/font/josefinsans-regular-webfont.woff HTTP/2.0" 200 24176 "https://www.1.com/wp-content/themes/69rmb/style.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  16. 110.54.163.122 - - [20/Jul/2023:20:00:39 +0800] "GET /wp-content/themes/69rmb/highslide/graphics/zoomout.cur HTTP/2.0" 200 4286 "https://www.1.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  17. 110.54.163.122 - - [20/Jul/2023:20:00:39 +0800] "GET /wp-content/themes/69rmb/favicon.ico HTTP/2.0" 200 4286 "https://www.1.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  18. 110.54.163.122 - - [20/Jul/2023:20:00:46 +0800] "GET /wp-content/themes/lolimeow/component/index.php HTTP/2.0" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  19. 110.54.163.122 - - [20/Jul/2023:20:00:51 +0800] "GET /wp-content/upgrade/daterangepicker.php HTTP/2.0" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  20. 110.54.163.122 - - [20/Jul/2023:20:00:56 +0800] "GET /wp-admin/css/colors/coffee/css.php HTTP/2.0" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  21. 110.54.163.122 - - [20/Jul/2023:20:01:01 +0800] "GET /img/2013/04/Awesome.php HTTP/2.0" 200 833 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  22. 110.54.163.122 - - [20/Jul/2023:20:01:07 +0800] "POST /img/2013/04/Awesome.php HTTP/2.0" 200 3701 "https://www.1.com/img/2013/04/Awesome.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  23. 110.54.163.122 - - [20/Jul/2023:20:01:13 +0800] "POST /img/2013/04/Awesome.php HTTP/2.0" 200 4495 "https://www.1.com/img/2013/04/Awesome.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  24. 110.54.163.122 - - [20/Jul/2023:20:01:38 +0800] "POST /img/2013/04/Awesome.php HTTP/2.0" 200 4538 "https://www.1.com/img/2013/04/Awesome.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  25. 110.54.163.122 - - [20/Jul/2023:20:01:41 +0800] "GET / HTTP/2.0" 200 9426 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
  26. 64.124.8.49 - - [20/Jul/2023:20:02:18 +0800] "GET /chrome-15-official-release.html HTTP/1.1" 200 9439 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36"
  27. 220.196.160.101 - - [20/Jul/2023:20:02:54 +0800] "GET /1676.html%E7%9C%8B%E5%88%B0%E8%BF%99%E5%88%99%E7%95%99%E8%A8%80%E7%9A%84%E8%AF%9D%E4%BD%A0%E7%BB%99%E4%B8%AA%E5%9B%9E%E5%BA%94%E5%90%A7%E3%80%82 HTTP/1.1" 200 9439 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Mobile/15E148 Safari/604.1"
  28. 220.196.160.96 - - [20/Jul/2023:20:02:54 +0800] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\xAF\xE5\xD8\xFA\x01\x07U@\x19\x81\xA7D^\xD9\xDA\xFB" 400 150 "-" "-"
  29. 220.196.160.76 - - [20/Jul/2023:20:02:54 +0800] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\xB1J\x060\x01\xF7A\xCFy\xAC\x97\x11le7\xE8\xA2\xCD\x97A0\xB4\x84\x22\xEC[t:\xFF^\xECe \xF79/p:\x95\xF0Nw(}\xDE)\x7F\x18S\xEE=\x13\xFC\x95\xA4\x9BL'\x88BT\x95!\x9E\x5C\x00 \x1A\x1A\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x01\x00\x01\x93\xFA\xFA\x00\x00\x00\x00\x00\x14\x00\x12\x00\x00\x0Fwww.1.com\x00\x17\x00\x00\xFF\x01\x00\x01\x00\x00" 400 150 "-" "-"
  30. 220.196.160.45 - - [20/Jul/2023:20:02:54 +0800] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\x8BA\xD4\x9C\xF8\xA4s\xC2\x1F\xE1\xEC\xAA\xD5D(\xF4LK\xCF\xB9\x07O\xFD\xB4-\x8BO\xE7L\xE5\xD6\xDE `\x03\xC0\x831\x8F\xF6\xD3\xB6\x14md\xF6\x00\x89\x1A_\x06\xAC\xA7\xFFd=6\x17\xFB\x86\xA5\xCD0\x84i\x00 jj\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x01\x00\x01\x93\x8A\x8A\x00\x00\x00\x00\x00\x14\x00\x12\x00\x00\x0Fwww.1.com\x00\x17\x00\x00\xFF\x01\x00\x01\x00\x00" 400 150 "-" "-"
  31. 220.196.160.73 - - [20/Jul/2023:20:02:54 +0800] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03*8\xCD\xEC\x92xQsu\x12,\xB0R\x13$\xE6X\x93\xE1\x02Hr\xDD\x9B]\x16\xAC\x85\xC2eq\x8F \x12k\x90\x8D\xE7\xE5w\x5C\xF5z\xF4\x93\x90\xAA\xD0\xDEO\xE8\xED\xE1\xF5\xC1\xCDs~\xED:f\xD6's\x22\x00 \xBA\xBA\x13\x01\x13\x02\x13\x03\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x01\x00\x01\x93\xAA\xAA\x00\x00\x00\x00\x00\x14\x00\x12\x00\x00\x0Fwww.1.com\x00\x17\x00\x00\xFF\x01\x00\x01\x00\x00" 400 150 "-" "-"
  32. 220.196.160.84 - - [20/Jul/2023:20:02:54 +0800]

复制代码










回复

举报

Chen
2#
 楼主| 发表于 2023-7-20 21:09:23 | 只看该作者
Awesome.php 这个文件被挂的马 这我给删了 明天再看看








回复 支持 反对

举报

BackDoor
3#
发表于 2023-7-20 21:22:49 | 只看该作者
提示: 作者被禁止或删除 内容自动屏蔽
回复 支持 反对

举报

Chen
4#
 楼主| 发表于 2023-7-20 21:28:21 | 只看该作者
BackDoor 发表于 2023-7-20 21:22
怎么会有php文件 到你的img目录,说明有上传文件的漏洞,可能是主题漏洞,说明还有后门。他会继续上传php文 ...

再看看 先把那个给删了 我看看明天怎么样








回复 支持 反对

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

Archiver|手机版|小黑屋|全球主机交流论坛

GMT+8, 2025-9-20 13:44 , Processed in 0.059232 second(s), 9 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表