云主机apache/mysql/php环境刚搭建,被黑客植入dll木马文件

  • n
    newfeel
    这是怎么做到的?
  • c
    cyberkiller
    弱密码进去了?
  • 电气工程师
    phpwebshell mysql udf提权?root密码泄漏了?另外怎么拿到web权限?上传漏洞?后台弱口令提权了?还是开源系统被exp?你这细节太少,从apache日志开始查吧! iOS fly ~
  • n
    newfeel
    系统win2012,密码应该不弱,大小写和数字混合20位,
    图省事安装的xampp,路径默认的
    我的mysql的root密码也不是很简单

    这个新增的dll文件在mysql的bin目录下


    为了打开3306端口远程访问,网络这块因为不明白,乱设置一气,
    明天再看看日志,到底是怎么回事,现在我关了apache和mysql,删除了dll文件

    感谢上面两位提供思路,明天我贴一下日志给大家分析
  • m
    maxwell.tang
    linux 用证书登陆 最安全小尾巴~
  • G
    GeBron
    我之前的腾讯云服务器打开了mysql远程登录也中了勒索病毒。也没排查直接重装了,没有开启远程登录没中过招
  • 不要问我从哪来
    你怎么知道中dll木马的 iOS fly ~
  • n
    newfeel
    今早看apache日志,那个时间点的,就两行:
    ----------------------------------------------------
    103.79.141.168 - - [04/Dec/2019:23:42:21 +0800] "GEThttp://www.google.com/HTTP/1.0" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
    193.188.22.187 - - [04/Dec/2019:23:55:11 +0800] "\x03" 400 980 "-" "-"
    ----------------------------------------------------------------------------------------------
    mysql日志:
    2019-12-04 23:45:20 3116 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'min_value' at position 3 to have type varbinary(255), found type varchar(255).
    2019-12-04 23:45:20 3116 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'max_value' at position 4 to have type varbinary(255), found type varchar(255).
    2019-12-04 23:45:20 3116 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'min_value' at position 3 to have type varbinary(255), found type varchar(255).
    2019-12-04 23:45:20 3116 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'max_value' at position 4 to have type varbinary(255), found type varchar(255).
    2019-12-04 23:45:35 3116 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'min_value' at position 3 to have type varbinary(255), found type varchar(255).
    2019-12-04 23:45:35 3116 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'max_value' at position 4 to have type varbinary(255), found type varchar(255).
    2019-12-04 23:45:36 3116 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'min_value' at position 3 to have type varbinary(255), found type varchar(255).
    2019-12-04 23:45:36 3116 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'max_value' at position 4 to have type varbinary(255), found type varchar(255).
    2019-12-04 23:45:42 3116 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'min_value' at position 3 to have type varbinary(255), found type varchar(255).
    2019-12-04 23:45:42 3116 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'max_value' at position 4 to have type varbinary(255), found type varchar(255).
    2019-12-04 23:45:42 3116 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'min_value' at position 3 to have type varbinary(255), found type varchar(255).
    2019-12-04 23:45:42 3116 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'max_value' at position 4 to have type varbinary(255), found type varchar(255).
    2019-12-04 23:45:43 3116 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'min_value' at position 3 to have type varbinary(255), found type varchar(255).
    2019-12-04 23:45:43 3116 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'max_value' at position 4 to have type varbinary(255), found type varchar(255).
    2019-12-04 23:45:44 3116 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'min_value' at position 3 to have type varbinary(255), found type varchar(255).
    2019-12-04 23:45:44 3116 [ERROR] Incorrect definition of table mysql.column_stats: expected column 'max_value' at position 4 to have type varbinary(255), found type varchar(255).
    2019-12-05 00:00:21 7d4 InnoDB: Warning: Using innodb_additional_mem_pool_size is DEPRECATED. This option may be removed in future releases, together with the option innodb_use_sys_malloc and with the InnoDB's internal memory allocator.
    2019-12-05 0:00:21 2004 [Note] InnoDB: innodb_empty_free_list_algorithm has been changed to legacy because of small buffer pool size. In order to use backoff, increase buffer pool at least up to 20MB.
    -------------------------------------------------------------------------------------------
    23:45,mysql下出现一个dll文件,报木马病毒,只可惜我把文件删除了
  • 碧的绿
    这环境怎么不用linux主机,还便宜
  • d
    davie
    招数太多 是不是有些漏洞 没打补丁 直接搞进去了
  • 风过留声
    服务器用win啊
    那就不知道了
    LAMP也比这强啊
  • n
    newfeel
    开始就是linux,centos7, 我重装win了, 用lamp没有控制界面啊

    感觉网络控制得好, 开远程访问限制mac地址,应该问题也不大吧, 这些限制都还没有做, 这就被黑了