Linux服务器各种后门查杀

x33g5p2x  于2022-03-22 转载在 Linux  
字(0.6k)|赞(0)|评价(0)|浏览(482)

1 针对php

php后门居多,当然也有其他病毒
搜索是否已经被写后门

find ./ -name "*.php" |xargs egrep "phpspy|c99sh|milw0rm|eval(gunerpress|eval(base64_decoolcode|spider_bc))" > /tmp/php.txt
grep -r --include=*.php  '[^a-z]eval($_POST' . > /tmp/eval.txt
grep -r --include=*.php  'file_put_contents(.*$_POST[.*]);' . > /tmp/file_put_contents.txt

查看

cat /tmp/php.txt
cat /tmp/eval.txt
cat /tmp/file_put_contents.txt

删除

rm -rf /tmp/php.txt
rm -rf /tmp/eval.txt
rm -rf /tmp/file_put_contents.txt

2 nginx

禁止所有php路由,在location中添加

asp、jsp

# 针对php
if ($request_uri ~* (.*)\.php) {
	return 301 https://www.baidu.com;
}
# 针对ashx
if ($request_uri ~* (.*)\.ashx) {
	return 301 https://www.baidu.com;
}

相关文章

最新文章

更多