Rumah >pembangunan bahagian belakang >tutorial php > php 漏洞提问 急解决思路
php 漏洞提问 急....
我们网站不知道怎么的多了个test.php
内容如下 :
找了很多资料,也没看出个大概..
1. 我想知道这个一般是怎么注入到我们网站里的??
2. 它主要起什么作用??
我们网站其它原文件应该不会也被注入了吧...
------解决方案--------------------
1.首先在php.ini设定禁用eval函数(需确认系统中未使用此函数――普通系统很少用此函数)
2.搜索所有访问test.php的IP地址
搜集完资料后整理出来,报案。
inetnum: 222.32.0.0 - 222.63.255.255 netname: CRTC descr: CHINA RAILWAY TELECOMMUNICATIONS CENTER descr: 22F Yuetan Mansion,Xicheng District,Beijing,P.R.China country: CN admin-c: LQ112-AP tech-c: LM273-AP status: ALLOCATED PORTABLE mnt-by: MAINT-CNNIC-AP changed: hm-changed@apnic.net 20030902 source: APNIC route: 222.32.0.0/11 descr: CHINA RAILWAY TELECOMMUNICATIONS CENTER country: CN origin: AS9394 mnt-by: MAINT-CN-CRTC changed: ipas@cnnic.cn 20040402 source: APNIC person: LV QIANG nic-hdl: LQ112-AP e-mail: crnet_mgr@chinatietong.com address: 22F Yuetan Mansion,Xicheng District,Beijing,P.R.China phone: +86-10-51892111 fax-no: +86-10-51847845 country: CN changed: ipas@cnnic.net.cn 20060911 mnt-by: MAINT-CNNIC-AP source: APNIC person: liu min nic-hdl: LM273-AP e-mail: crnet_tec@chinatietong.com address: 22F Yuetan Mansion,Xicheng District,Beijing,P.R.China phone: +86-10-51848796 fax-no: +86-10-51842426 country: CN changed: ipas@cnnic.net.cn 20041208 mnt-by: MAINT-CNNIC-AP source: APNIC inetnum: 222.32.0.0 - 222.63.255.255 netname: CRTC descr: CHINA RAILWAY TELECOMMUNICATIONS CENTER descr: 22F Yuetan Mansion,Xicheng District,Beijing,China country: CN admin-c: LQ112-CN tech-c: LM273-CN status: ALLOCATED PORTABLE changed: hm-changed@apnic.net 20030902 mnt-by: MAINT-CNNIC-AP source: CNNIC person: LV QIANG nic-hdl: LQ112-CN e-mail: crnet_mgr@chinatietong.com address: 22F Yuetan Mansion,Xicheng District,Beijing phone: +86-10-51892111 fax-no: +86-10-51847845 country: CN changed: ipas@cnnic.cn 20060419 mnt-by: MAINT-CNNIC-AP source: CNNIC person: liu min nic-hdl: LM273-CN e-mail: crnet_tec@chinatietong.com address: 22F Yuetan Mansion,Xicheng District,Beijing,P.R.China phone: +86-10-51848796 fax-no: +86-10-51842426 country: CN changed: ipas@cnnic.net.cn 20041208 mnt-by: MAINT-CNNIC-AP source: CNNIC <div class="clear"> </div>