! \- y" K+ u) m( g c' s/ N: J3 C' A应该是用的wordpress的漏洞,删了2个小时。) _" R/ H I. A& {/ j( m% U
/ W) f& Q" D/ E' G6 u; \
生成的文件有index.php.radio.php,admin.php,还有其他几个,还有.htacess,在根目录,wp-content文件下还有个mu-plugins-old文件夹。然后基本每个文件夹下生成.htacess文件。没有wp-admin和wp-include的,就自动生成,伪装成wordpress正常文件。4 G6 e) k2 G( V; `. o
5 z u0 d; s8 W0 D$ V8 i用着wordpress程序的,index.php文件里面写上程序了,能正常访问,一般发现不了。没用wordpress程序的,把原来的index.php覆盖了,访问不了,要不还发现不了。- c8 }4 |. _) M( c: ^/ E
! Y* Z. \) e, P( l% z# q, }; N
$ H2 y* K( M; U& ^* i. F* `( r! e
大家没事了查查源文件。7 ~% F) I& a7 B; y5 ]
---------------------------------------% W. Q& |* m; w$ B
生成的htacess文件% V& C/ F- y+ x8 a- D: p4 _
( k2 o, A7 I1 b( {3 l( z; l1 L; u<FilesMatch ".(py|exe|php)$">: I9 y. O+ U& F+ b! I2 A3 C/ J
Order allow,deny - g4 d. ]0 K8 Z7 k H h Deny from all2 b. J5 H6 k4 k7 T
</FilesMatch> & |& o. f3 a8 o% W4 B<FilesMatch "^(about.php|radio.php|index.php|content.php|lock360.php|admin.php|wp-login.php|wp-l0gin.php|wp-theme.php|wp-scripts.php|wp-editor.php)$"> % e) I6 W0 ~! s% q9 R/ \ Order allow,deny4 n5 U: k% c( r% \
Allow from all# d$ U1 @8 m) ^+ i8 Y6 `$ }
</FilesMatch>3 O/ I4 p: x' F k
<IfModule mod_rewrite.c>; E7 b7 K( B. ]. D5 N) A2 B
RewriteEngine On1 ~3 G+ o" W: y/ I M# [" x# ~
RewriteBase /% n4 D/ n2 Y" Z! e7 J
RewriteRule ^index\.php$ - [L] " U3 E0 @$ q! `% I1 O- v6 eRewriteCond %{REQUEST_FILENAME} !-f # j# z! m6 C2 ~RewriteCond %{REQUEST_FILENAME} !-d, }: m/ @5 v, e0 V3 B( Z
RewriteRule . /index.php [L]/ d% M7 B6 ?; F& [* d1 z
</IfModule>-----------------------------------------+ e2 U! L* y/ k! B9 V
正常源码上面生成的字符 6 n0 b q* x4 `% x f ( v8 M# h6 `4 K( \ " k9 C2 I d1 ~- B) c' Q; f1 W3 ]+ X) W* e1 f" u# h/ _5 j& |9 y
发表于 2022-4-12 16:42:09
发表于 2022-4-13 09:47:11
发表于 2022-4-12 16:54:05
楼主
发表于 2022-4-12 18:17:23
