记一次 TP5 后台被植入代码,以及请教现在做的能否防御? - V2EX
Home Sign Up Sign In
weijinda007

记一次 TP5 后台被植入代码,以及请教现在做的能否防御?

  •   
  •   weijinda007 Apr 25, 2022 2529 views
    This topic created in 1486 days ago, the information mentioned may be changed or developed.

    看日志访问记录

    1. 访问 /static/admin/plugins/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 得到 static/admin/plugins/font-awesome/css/font-awesome.min.css
    2. 然后就访问 /static/admin/plugins/font-awesome/fonts/fontawesome-webfont.php ,fontawesome-webfont.php 原先没有的,现在有了。
    3. 最后通过 fontawesome-webfont.php 脚本执行他的代码逻辑。

    现在我操作,删除 fontawesome-webfont.php 脚本,把 public 下修改权限为可读而已,不知道能否防住他的注入。想请教还有什么办法防御住这样的入侵。

  • Static
  • plugins
  • admin
  • Fonts
    12 replies    2022-04-25 23:06:41 +08:00
    qa2080639
        1
    qa2080639  
       Apr 25, 2022 via Android
    禁止访问 上传目录和静态目录 下的 PHP 文件
    cpstar
        2
    cpstar  
       Apr 25, 2022
    php 配置的时候,不执行 static 目录下的 php 不可以么?
    pcbl
        3
    pcbl  
       Apr 25, 2022 via Android
    静态文件不是要统一放到 public 目录下
    shench
        4
    shench  
       Apr 25, 2022
    是怎么上传上去的?
    sarices
        5
    sarices  
       Apr 25, 2022
    不是应该搞清楚哪里的漏洞,填补上吗?
    weijinda007
        6
    weijinda007  
    OP
       Apr 25, 2022
    搞不清楚啊,所有想来这里看看有没有人知道哪里还有漏洞的
    illl
        7
    illl  
       Apr 25, 2022 via iPhone
    tp 的具体版本?
    univ
        8
    univ  
       Apr 25, 2022
    咋排查到侵入流程的
    weijinda007
        9
    weijinda007  
    OP
       Apr 25, 2022
    @illl TP5.1 版本的
    weijinda007
        10
    weijinda007  
    OP
       Apr 25, 2022
    @sunny2580839896 发现异常请求,查文件发现异常。就根据文件查连接日志。
    illl
        11
    illl  
       Apr 25, 2022 via iPhone
    [![Lo5P0S.png]( https://s1.ax1x.com/2022/04/25/Lo5P0S.png)]( https://imgtu.com/i/Lo5P0S)
    rekulas
        12
    rekulas  
       Apr 25, 2022
    如果想要彻底防范后门
    https://github.com/del-xiong/screw-plus
    安装然后设置严格模式 strict_mode 就不怕入侵了
    About     Help     Advertise     Blog     API     FAQ     Solana     5695 Online   Highest 6679       Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 58ms UTC 06:25 PVG 14:25 LAX 23:25 JFK 02:25
    Do have faith in what you're doing.
    ubao msn snddm index pchome yahoo rakuten mypaper meadowduck bidyahoo youbao zxmzxm asda bnvcg cvbfg dfscv mmhjk xxddc yybgb zznbn ccubao uaitu acv GXCV ET GDG YH FG BCVB FJFH CBRE CBC GDG ET54 WRWR RWER WREW WRWER RWER SDG EW SF DSFSF fbbs ubao fhd dfg ewr dg df ewwr ewwr et ruyut utut dfg fgd gdfgt etg dfgt dfgd ert4 gd fgg wr 235 wer3 we vsdf sdf gdf ert xcv sdf rwer hfd dfg cvb rwf afb dfh jgh bmn lgh rty gfds cxv xcv xcs vdas fdf fgd cv sdf tert sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf shasha9178 shasha9178 shasha9178 shasha9178 shasha9178 liflif2 liflif2 liflif2 liflif2 liflif2 liblib3 liblib3 liblib3 liblib3 liblib3 zhazha444 zhazha444 zhazha444 zhazha444 zhazha444 dende5 dende denden denden2 denden21 fenfen9 fenf619 fen619 fenfe9 fe619 sdf sdf sdf sdf sdf zhazh90 zhazh0 zhaa50 zha90 zh590 zho zhoz zhozh zhozho zhozho2 lislis lls95 lili95 lils5 liss9 sdf0ty987 sdft876 sdft9876 sdf09876 sd0t9876 sdf0ty98 sdf0976 sdf0ty986 sdf0ty96 sdf0t76 sdf0876 df0ty98 sf0t876 sd0ty76 sdy76 sdf76 sdf0t76 sdf0ty9 sdf0ty98 sdf0ty987 sdf0ty98 sdf6676 sdf876 sd876 sd876 sdf6 sdf6 sdf9876 sdf0t sdf06 sdf0ty9776 sdf0ty9776 sdf0ty76 sdf8876 sdf0t sd6 sdf06 s688876 sd688 sdf86