阿里云提示 “包含webshell代码的日志/图片文件”怎么办?
该告警由如下引擎检测发现:
木马文件路径: /www/server/btwaf/totla_db/totla_db.db
x-real-ip:122.190.43.244
494
user-agent:Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)
495
496
� 3%)���?�b��海中国上海亚洲121.349331.0549HEAD/index.php/index/index/name/%7B$%7Beval($_POST%5Bs%5D)%7D%7DMozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)PHP函数(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\( >> 1=/index.php/index/index/name/{${eval($_POST)}} >> /index.php/index/index/name/{${eval($_POST)}}urlHEAD /index.php/index/index/name/%7B$%7Beval($_POST%5Bs%5D)%7D%7D HTTP/1.1 |
|