我仔细找了网站的所有文件,都没有发现木马和后门
高手赐教,我该如何查找后门和木马?给点思路
6 个解决方案
#1
该回复于2011-09-20 13:24:07被版主删除
#2
中一種病毒了 刪除就好了先殺毒
#3
查看IIS网站日志和FTP日志,查找update
#4
自己上传一个asp木马,看看服务器是否存在跨站攻击漏洞,如果能查看修改整个服务器的硬盘,就说明服务器存在跨站攻击
#5
我在ftp日志发现一些奇怪的东西:
2011-09-19 02:03:34 27.50.134.177 [4384]USER 555555 331 0
2011-09-19 02:03:34 27.50.134.177 [4384]PASS - 530 1326
2011-09-19 02:03:34 27.50.134.177 [4385]USER 666666 331 0
2011-09-19 02:03:34 27.50.134.177 [4385]PASS - 530 1326
2011-09-19 02:03:35 27.50.134.177 [4386]USER 777777 331 0
2011-09-19 02:03:35 27.50.134.177 [4386]PASS - 530 1326
2011-09-19 02:03:36 27.50.134.177 [4387]USER 888888 331 0
2011-09-19 02:03:36 27.50.134.177 [4387]PASS - 530 1326
2011-09-19 02:03:36 27.50.134.177 [4388]USER 999999 331 0
2011-09-19 02:03:36 27.50.134.177 [4388]PASS - 530 1326
2011-09-19 02:03:38 27.50.134.177 [4389]USER 000000 331 0
2011-09-19 02:03:38 27.50.134.177 [4389]PASS - 530 1326
2011-09-19 02:03:38 27.50.134.177 [4390]USER abc123 331 0
2011-09-19 02:03:38 27.50.134.177 [4390]PASS - 530 1326
2011-09-19 02:03:39 27.50.134.177 [4391]USER 123abc 331 0
2011-09-19 02:03:39 27.50.134.177 [4391]PASS - 530 1326
2011-09-19 02:03:39 27.50.134.177 [4392]USER asd123 331 0
2011-09-19 02:03:39 27.50.134.177 [4392]PASS - 530 1326
2011-09-19 02:03:40 27.50.134.177 [4393]USER zxc123 331 0
2011-09-19 02:03:40 27.50.134.177 [4393]PASS - 530 1326
2011-09-19 02:03:40 27.50.134.177 [4394]USER qwe123 331 0
2011-09-19 02:03:40 27.50.134.177 [4394]PASS - 530 1326
2011-09-19 02:03:41 27.50.134.177 [4395]USER admin123 331 0
2011-09-19 02:03:41 27.50.134.177 [4395]PASS - 530 1326
2011-09-19 02:03:41 27.50.134.177 [4396]USER admin999 331 0
2011-09-19 02:03:41 27.50.134.177 [4396]PASS - 530 1326
2011-09-19 02:03:43 27.50.134.177 [4397]USER admin666 331 0
2011-09-19 02:03:43 27.50.134.177 [4397]PASS - 530 1326
2011-09-19 02:03:43 27.50.134.177 [4398]USER admin555 331 0
2011-09-19 02:03:43 27.50.134.177 [4398]PASS - 530 1326
2011-09-19 02:03:44 27.50.134.177 [4399]USER admin444 331 0
2011-09-19 02:03:44 27.50.134.177 [4399]PASS - 530 1326
2011-09-19 02:03:34 27.50.134.177 [4384]USER 555555 331 0
2011-09-19 02:03:34 27.50.134.177 [4384]PASS - 530 1326
2011-09-19 02:03:34 27.50.134.177 [4385]USER 666666 331 0
2011-09-19 02:03:34 27.50.134.177 [4385]PASS - 530 1326
2011-09-19 02:03:35 27.50.134.177 [4386]USER 777777 331 0
2011-09-19 02:03:35 27.50.134.177 [4386]PASS - 530 1326
2011-09-19 02:03:36 27.50.134.177 [4387]USER 888888 331 0
2011-09-19 02:03:36 27.50.134.177 [4387]PASS - 530 1326
2011-09-19 02:03:36 27.50.134.177 [4388]USER 999999 331 0
2011-09-19 02:03:36 27.50.134.177 [4388]PASS - 530 1326
2011-09-19 02:03:38 27.50.134.177 [4389]USER 000000 331 0
2011-09-19 02:03:38 27.50.134.177 [4389]PASS - 530 1326
2011-09-19 02:03:38 27.50.134.177 [4390]USER abc123 331 0
2011-09-19 02:03:38 27.50.134.177 [4390]PASS - 530 1326
2011-09-19 02:03:39 27.50.134.177 [4391]USER 123abc 331 0
2011-09-19 02:03:39 27.50.134.177 [4391]PASS - 530 1326
2011-09-19 02:03:39 27.50.134.177 [4392]USER asd123 331 0
2011-09-19 02:03:39 27.50.134.177 [4392]PASS - 530 1326
2011-09-19 02:03:40 27.50.134.177 [4393]USER zxc123 331 0
2011-09-19 02:03:40 27.50.134.177 [4393]PASS - 530 1326
2011-09-19 02:03:40 27.50.134.177 [4394]USER qwe123 331 0
2011-09-19 02:03:40 27.50.134.177 [4394]PASS - 530 1326
2011-09-19 02:03:41 27.50.134.177 [4395]USER admin123 331 0
2011-09-19 02:03:41 27.50.134.177 [4395]PASS - 530 1326
2011-09-19 02:03:41 27.50.134.177 [4396]USER admin999 331 0
2011-09-19 02:03:41 27.50.134.177 [4396]PASS - 530 1326
2011-09-19 02:03:43 27.50.134.177 [4397]USER admin666 331 0
2011-09-19 02:03:43 27.50.134.177 [4397]PASS - 530 1326
2011-09-19 02:03:43 27.50.134.177 [4398]USER admin555 331 0
2011-09-19 02:03:43 27.50.134.177 [4398]PASS - 530 1326
2011-09-19 02:03:44 27.50.134.177 [4399]USER admin444 331 0
2011-09-19 02:03:44 27.50.134.177 [4399]PASS - 530 1326
#6
河南省郑州市 河南新飞金信计算机有限公司
#1
该回复于2011-09-20 13:24:07被版主删除
#2
中一種病毒了 刪除就好了先殺毒
#3
查看IIS网站日志和FTP日志,查找update
#4
自己上传一个asp木马,看看服务器是否存在跨站攻击漏洞,如果能查看修改整个服务器的硬盘,就说明服务器存在跨站攻击
#5
我在ftp日志发现一些奇怪的东西:
2011-09-19 02:03:34 27.50.134.177 [4384]USER 555555 331 0
2011-09-19 02:03:34 27.50.134.177 [4384]PASS - 530 1326
2011-09-19 02:03:34 27.50.134.177 [4385]USER 666666 331 0
2011-09-19 02:03:34 27.50.134.177 [4385]PASS - 530 1326
2011-09-19 02:03:35 27.50.134.177 [4386]USER 777777 331 0
2011-09-19 02:03:35 27.50.134.177 [4386]PASS - 530 1326
2011-09-19 02:03:36 27.50.134.177 [4387]USER 888888 331 0
2011-09-19 02:03:36 27.50.134.177 [4387]PASS - 530 1326
2011-09-19 02:03:36 27.50.134.177 [4388]USER 999999 331 0
2011-09-19 02:03:36 27.50.134.177 [4388]PASS - 530 1326
2011-09-19 02:03:38 27.50.134.177 [4389]USER 000000 331 0
2011-09-19 02:03:38 27.50.134.177 [4389]PASS - 530 1326
2011-09-19 02:03:38 27.50.134.177 [4390]USER abc123 331 0
2011-09-19 02:03:38 27.50.134.177 [4390]PASS - 530 1326
2011-09-19 02:03:39 27.50.134.177 [4391]USER 123abc 331 0
2011-09-19 02:03:39 27.50.134.177 [4391]PASS - 530 1326
2011-09-19 02:03:39 27.50.134.177 [4392]USER asd123 331 0
2011-09-19 02:03:39 27.50.134.177 [4392]PASS - 530 1326
2011-09-19 02:03:40 27.50.134.177 [4393]USER zxc123 331 0
2011-09-19 02:03:40 27.50.134.177 [4393]PASS - 530 1326
2011-09-19 02:03:40 27.50.134.177 [4394]USER qwe123 331 0
2011-09-19 02:03:40 27.50.134.177 [4394]PASS - 530 1326
2011-09-19 02:03:41 27.50.134.177 [4395]USER admin123 331 0
2011-09-19 02:03:41 27.50.134.177 [4395]PASS - 530 1326
2011-09-19 02:03:41 27.50.134.177 [4396]USER admin999 331 0
2011-09-19 02:03:41 27.50.134.177 [4396]PASS - 530 1326
2011-09-19 02:03:43 27.50.134.177 [4397]USER admin666 331 0
2011-09-19 02:03:43 27.50.134.177 [4397]PASS - 530 1326
2011-09-19 02:03:43 27.50.134.177 [4398]USER admin555 331 0
2011-09-19 02:03:43 27.50.134.177 [4398]PASS - 530 1326
2011-09-19 02:03:44 27.50.134.177 [4399]USER admin444 331 0
2011-09-19 02:03:44 27.50.134.177 [4399]PASS - 530 1326
2011-09-19 02:03:34 27.50.134.177 [4384]USER 555555 331 0
2011-09-19 02:03:34 27.50.134.177 [4384]PASS - 530 1326
2011-09-19 02:03:34 27.50.134.177 [4385]USER 666666 331 0
2011-09-19 02:03:34 27.50.134.177 [4385]PASS - 530 1326
2011-09-19 02:03:35 27.50.134.177 [4386]USER 777777 331 0
2011-09-19 02:03:35 27.50.134.177 [4386]PASS - 530 1326
2011-09-19 02:03:36 27.50.134.177 [4387]USER 888888 331 0
2011-09-19 02:03:36 27.50.134.177 [4387]PASS - 530 1326
2011-09-19 02:03:36 27.50.134.177 [4388]USER 999999 331 0
2011-09-19 02:03:36 27.50.134.177 [4388]PASS - 530 1326
2011-09-19 02:03:38 27.50.134.177 [4389]USER 000000 331 0
2011-09-19 02:03:38 27.50.134.177 [4389]PASS - 530 1326
2011-09-19 02:03:38 27.50.134.177 [4390]USER abc123 331 0
2011-09-19 02:03:38 27.50.134.177 [4390]PASS - 530 1326
2011-09-19 02:03:39 27.50.134.177 [4391]USER 123abc 331 0
2011-09-19 02:03:39 27.50.134.177 [4391]PASS - 530 1326
2011-09-19 02:03:39 27.50.134.177 [4392]USER asd123 331 0
2011-09-19 02:03:39 27.50.134.177 [4392]PASS - 530 1326
2011-09-19 02:03:40 27.50.134.177 [4393]USER zxc123 331 0
2011-09-19 02:03:40 27.50.134.177 [4393]PASS - 530 1326
2011-09-19 02:03:40 27.50.134.177 [4394]USER qwe123 331 0
2011-09-19 02:03:40 27.50.134.177 [4394]PASS - 530 1326
2011-09-19 02:03:41 27.50.134.177 [4395]USER admin123 331 0
2011-09-19 02:03:41 27.50.134.177 [4395]PASS - 530 1326
2011-09-19 02:03:41 27.50.134.177 [4396]USER admin999 331 0
2011-09-19 02:03:41 27.50.134.177 [4396]PASS - 530 1326
2011-09-19 02:03:43 27.50.134.177 [4397]USER admin666 331 0
2011-09-19 02:03:43 27.50.134.177 [4397]PASS - 530 1326
2011-09-19 02:03:43 27.50.134.177 [4398]USER admin555 331 0
2011-09-19 02:03:43 27.50.134.177 [4398]PASS - 530 1326
2011-09-19 02:03:44 27.50.134.177 [4399]USER admin444 331 0
2011-09-19 02:03:44 27.50.134.177 [4399]PASS - 530 1326
#6
河南省郑州市 河南新飞金信计算机有限公司