返回
首页
业界
电商
创业
访谈
手机
移动
报告
运营
建站
互联网+
系统
教程
搜索

记一次Centos服务器被挂马的抓马经历

2019-10-12 17:16:47于海丽

从以上代码可以看出,是个典型的ddos攻击代码。黑客应该是把我们服务器当傀儡使用,组织大量傀儡服务器疯狂向目标服务器发包。黑客只需要打开浏览器,敲入http://M站域名.com//phzLtoxn.php?host=x.x.x.x&port=xx&time=xx就可以对目标服务器进行ddos攻击了。

查看httpd日志,分析下攻击ip源,执行

tail /var/log/httpd/access.log | grep phzLtonxn.php
183.12.75.240 - - [10/Aug/2012:10:38:46 +0800] "GET /phzLtoxn.php?host=174.139.81.91&port=80&time=60 HTTP/1.1" 404 290 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"110.185.121.167 - - [10/Aug/2012:10:38:56 +0800] "GET /phzLtoxn.php?host=218.93.248.98&port=80&time=60 HTTP/1.1" 404 290 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"110.185.121.167 - - [10/Aug/2012:10:38:58 +0800] "GET /phzLtoxn.php?host=198.148.89.34&port=80&time=60 HTTP/1.1" 404 290 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"110.185.121.167 - - [10/Aug/2012:10:39:08 +0800] "GET /phzLtoxn.php?host=199.119.207.133&port=80&time=60 HTTP/1.1" 404 290 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"110.185.121.167 - - [10/Aug/2012:10:39:12 +0800] "GET /phzLtoxn.php?host=174.139.81.91&port=80&time=60 HTTP/1.1" 404 290 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"118.161.219.152 - - [10/Aug/2012:10:39:27 +0800] "GET /phzLtoxn.php?host=198.148.89.34&port=80&time=60 HTTP/1.1" 404 290 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"118.161.219.152 - - [10/Aug/2012:10:39:27 +0800] "GET /phzLtoxn.php?host=174.139.81.91&port=80&time=60 HTTP/1.1" 404 290 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"118.161.219.152 - - [10/Aug/2012:10:39:27 +0800] "GET /phzLtoxn.php?host=199.119.207.133&port=80&time=60 HTTP/1.1" 404 290 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"118.161.219.152 - - [10/Aug/2012:10:39:27 +0800] "GET /phzLtoxn.php?host=218.93.248.98&port=80&time=60 HTTP/1.1" 404 290 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"118.161.219.152 - - [10/Aug/2012:10:39:28 +0800] "GET /phzLtoxn.php?host=61.164.148.49&port=80&time=60 HTTP/1.1" 404 290 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"
相关文章 大家在看