我有一个编码的 ioncube 脚本,已经运行了一年,并且我经常更新它,但最近我发现我的网站无法加载,并且在 apache error_logs 中有以下日志:
[Mon Oct 24 22:40:56.679184 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] * Trying IPV4.OF.NEXT.LINE.SITE:80..., referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.680755 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] * Connected to notification.somesite.com (IPV4.OF.NEXT.LINE.SITE) port 80 (#0), referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.680858 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] > GET /price/moneyPrice.php HTTP/1.1\r, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.681026 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] Host: notification.somesite.com\r, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.681403 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)\r, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.681569 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] Accept: */*\r, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.681691 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] \r, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.682755 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] * , referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.682947 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] Mark bundle as not supporting multiuse, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.683110 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] < , referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.683272 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] HTTP/1.1 200 OK\r, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.683385 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] < , referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.683904 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] Date: Mon, 24 Oct 2022 19:10:47 GMT\r, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.684081 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] < , referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.684264 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] Content-Type: application/json\r, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.684460 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] < , referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.684662 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] Vary: Accept-Encoding\r, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.684778 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] < , referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.684887 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] Age: 9\r, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.685075 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] < , referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.685249 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] via: Columbus-0.1-af5-g1\r, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.685357 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] < , referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.685494 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] Server: HayoolaServe\r, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.685644 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] < , referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.685783 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] Transfer-Encoding: chunked\r, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.685889 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] < , referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.686060 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] Connection: keep-alive\r, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.686175 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] < , referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.686304 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] Accept-Ranges: bytes\r, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.686425 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] < , referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.686547 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] \r, referer: https://support.mywebsite.com
[Mon Oct 24 22:40:56.686694 2022] [:error] [pid 2787778:tid 23404119791360] [client CLIENTS.IPv4:48882] * , referer: https://support.mywebsite.com
我检查了所有文件,最近都没有动过任何文件。
我还检查了index.php
文件login.php
,除了原始内容外什么也没看到。它尝试 telnet 和连接的网站不是我的,我不知道。
我还添加了notification.site
并/etc/hosts
拒绝127.0.0.1
请求192.168.1.1
,但仍然需要时间来加载。
我还将网站的 IP 添加到防火墙的传入和传出黑名单中,但没有任何变化。
我也确实再次替换了所有文件,但是当我单击登录按钮或尝试加载我的支持站点时,需要花费很长时间来加载,并且任何文件中都不存在任何其他错误。
你能帮我找出哪个文件可能是恶意的吗?我确实有 root 访问权限。
操作系统是CentOS 7。