joomla2
August 30th, 2017, 13:27
سلام دوستان
ما چندتا سایت روی سرور مجازی داریم و هرروز از CXS ایمیل هشدار میاد به صورت زیر
Scanning web upload script file...
Time : Wed, 30 Aug 2017 12:21:04 +0430
Web referer URL : domain.com
Local IP : 11.11.11.11
Web upload script user : nobody (99)
Web upload script owner: [user] (1023)
Web upload script path : /home/[user]/public_html/customizer.php
Web upload script URL : http://domain.com/customizer.php
Remote IP : 55.99.65.70
Upload data md5sum : 3e28daa4a71d77fe8bd064d6efd9ec05
Deleted : No
Quarantined : Yes [/etc/cxs/quarantine/cxscgi/20170830-122104-WaZuaF22hdQaW6Dt7DIGOQAAAAw-file-mX2BzA.1504079464_1]
'/tmp/20170830-122104-WaZuaF22hdQaW6Dt7DIGOQAAAAw-file-mX2BzA'
Universal decode regex match = [universal decoder]
(decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match] [PHP Obfuscated Exploit [P1070]]
این یعنی سایت هک شده؟ و کسی داره شل آپلود میکنه؟
ما چندتا سایت روی سرور مجازی داریم و هرروز از CXS ایمیل هشدار میاد به صورت زیر
Scanning web upload script file...
Time : Wed, 30 Aug 2017 12:21:04 +0430
Web referer URL : domain.com
Local IP : 11.11.11.11
Web upload script user : nobody (99)
Web upload script owner: [user] (1023)
Web upload script path : /home/[user]/public_html/customizer.php
Web upload script URL : http://domain.com/customizer.php
Remote IP : 55.99.65.70
Upload data md5sum : 3e28daa4a71d77fe8bd064d6efd9ec05
Deleted : No
Quarantined : Yes [/etc/cxs/quarantine/cxscgi/20170830-122104-WaZuaF22hdQaW6Dt7DIGOQAAAAw-file-mX2BzA.1504079464_1]
'/tmp/20170830-122104-WaZuaF22hdQaW6Dt7DIGOQAAAAw-file-mX2BzA'
Universal decode regex match = [universal decoder]
(decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match] [PHP Obfuscated Exploit [P1070]]
این یعنی سایت هک شده؟ و کسی داره شل آپلود میکنه؟