2014年1月29日Kloxo漏洞:Default目录上传并对外进行DDOS攻击
这是一份紧急状况,KLOXO爆重要的安全问题,恶意访客通过在KLOXO面板Default目录传入恶意PHP代码(部分如default.php),实际控制机器进行DDoS攻击(称为发包),导致VPS或者服务器网络拥塞,机房可能因此null ip。请所有安装使用KLOXO面板的读者朋友密切留意和尽快处理。
VPS用户可使用临时的处理方法,root账户SSH登陆到VPS,执行如下指令:
chmod 000 /home/kloxo/httpd/default rm -r /home/kloxo/httpd/default/*.php find /home/admin -type d -name cgi-bin -exec rm -r {} \; 上面的方法解释: 设置/home/kloxo/httpd/default 目录权限为000 删除/home/kloxo/httpd/default/ 目录下的所有php文件 查找/home/admin目录下 类型为目录 名字为cgi-bin的文件并删除 linode发给我的Ticket ToS Violation - Outbound DoS Hello, We have detected an outbound denial of service attack originating from your Linode. It appears that a process internal to your Linode is sending large amounts of malicious traffic towards other servers. We ask that you investigate this matter as soon as possible to determine why this activity is originating from your Linode. If you were not aware that activity of this nature was originating from your Linode, it is likely that your Linode has been compromised, and you'll want to take appropriate action. We take the integrity of our network very seriously, and we appreciate your cooperation in investigating this activity. Please keep us updated via this ticket as you look into the issue. As we cannot allow this nature of activity on our network, we ask that you update this ticket within 12 hours or we may need to power down your Linode to prevent further malicious activity. If you have any questions or concerns, please let us know! Jon. It is possible your Linode was compromised. To determine if this is the case, you may want to audit the following log files and writable directories: - "/var/log/auth.log": You may have fallen victim to a SSH brute force attack. - "lastlog": You can cross reference recent account logins with the brute force attempts in "/var/log/auth.log". - /tmp: This directory is often used by attackers to store their files in. - Web server logs: You may have installed a vulnerable script or web application. - "ps aux": Check for foreign processes. If you do find that your system has been compromised, I'd strongly suggest completely redeploying your Linode as it is often very difficult to determine the full scope of an attack. If downtime is a concern to you, the following guide will assist you with safely recovering your data and redeploying your Linode with minimal downtime: - http://library.linode.com/troubleshooting/compromise-recovery If you do not want to spin up a new Linode as advised in the above guide, you can simply deploy a new distribution and mount your old disk images within it to copy your data over. You will first need to free up some space to deploy the new distribution. You can do this by resizing your existing disk image: - http://library.linode.com/linode-platform/manager/managing-disk-images#resize_a_disk_image You can then deploy your new distribution and attach your old disk images to it: - Select the "Deploy a Linux Distribution" link on your dashboard. - Choose your desired distribution, fill in the the required values, and then click on "Deploy". - Return to the dashboard and select your new configuration profile. - Attach your old disk image to the drive setup of your new deployment. - Boot into your new deployment and mount your old disk image. - Copy your data. Once you have redeployed your Linode, I'd also recommend implementing some of the security measures advised in our "Security Basics" guide to minimize the risks of a security breach in the future: - http://library.linode.com/using-linux/security-basics I hope that this information is helpful. Please don't hesitate to follow up with us if you need any further clarification. Regards, Will
您可能还会对这些文章感兴趣
2022-02-17 51次linux 系统中Mysql 进程占用cpu过高的解决
mysql进程CPU使用率过高,开始报警了。 为了快速解决问题直接重启mysql服务后,再查sysql进程CPU使用率依旧高居不下。故障还没有解决,继续寻找原因。 3.登陆mysql数据库,执行show processlist;查看当前正在执行的sql语句,发现几个表出现“sending data”状态,sql执...
2017-08-30 483次linux数据库调优,WordPress MySQL占用cpu高数据库优化
进入phpMyAdmin 后台后点击【状态】,点击【建议】,按照建议来优化MySQL设置! MySQL配置文件 /etc/my.cnf 改MySQL配置文件就行了! php.ini 配置文件 /etc/php.ini http://amh.sh/bbs/post-111-1-1.htm 转载请注明:linux数据库调优,WordPress MySQL占用cpu高数据...
2016-12-17 296次nginx禁止某些IP访问网站
最近公司网站服务器深受soso蜘蛛困扰,流量不多,占用资源不少,于是决定干掉soso蜘蛛。 公司是nginx服务器,方法如下 新建 /usr/local/nginx/conf/blockips.conf 需要屏蔽的ip列表文件 vi /usr/local/nginx/conf/blockips.conf 加入以下代码: #屏蔽soso蜘蛛I...
2016-12-15 259次Linux常用命令大全
系统信息 arch 显示机器的处理器架构(1) uname -m 显示机器的处理器架构(2) uname -r 显示正在使用的内核版本 dmidecode -q 显示硬件系统部件 – (SMBIOS / DMI) hdparm -i /dev/hda 罗列一个磁盘的架构特性 hdparm -tT /dev/sda 在磁盘上执行测试性读取操作 ca...
大家正在看
- linux 系统中Mysql 进程占用cpu过高的解决
- 二类电商是什么意思? 二类电商有哪些?暴利二类电商还好做吗?
- 【二类电商广点通投放指南】二类电商广点通投放值不值
- 密码保护:支付宝突破微信封锁唤起支付宝代码
- Host is not allowed to connect to this MySQL server解决方法
- 密码保护:移动端js自动复制代码
- linux数据库调优,WordPress MySQL占用cpu高数据库优化
- 2017 年十大网页设计趋势
- 网页端的VR实现离我们还远么?
- 最完整的Chrome浏览器客户端调试大全
- iPhone用户人均每天遭电话骚扰1次
- 3G电子化销售服务系统
- Java WeakReference的理解与使用
- 搞清楚 Python traceback