| 本帖最后由 Jordan 于 2022-7-22 23:19 编辑
没事了,这原来是脚本预设的伪装站,我自己替换了不知道怎么又自动换成这个了,怪不得查了两个小时什么都没查出来
 ![[疑问] 见鬼了,网站被黑了](https://bbs.toot.su/static/image/smiley/yct/002.gif) 见鬼了呀,伪装站被人替换成这个什么玩意
 ![[疑问] 见鬼了,网站被黑了](https://pic.rmb.bdstatic.com/bjh/e8bb469faf6652404a3e98e7aa5574bc.png)
dd完系统的第一时间就启用了密钥登录同时把密码登录给禁了,简单排查了下,没有可疑用户,没有可疑进程,cpu、内存使用率都是正常的,他就仅仅替换掉了html,这是什么情况
历史命令也只有自己执行了几个脚本文件的记录
1 ssh-keygen -t rsa
2 cd .ssh
3 ls -la
4 cat id_rsa.pub >> authorized_keys
5 chmod 600 authorized_keys
6 chmod 700 ~/.ssh
7 cat id_rsa
8 nano /etc/ssh/sshd_config
9 nano /etc/ssh/sshd_config
10 service sshd restart
11 nano /etc/ssh/sshd_config
12 reboot
13 wget -P /root -N –no-check-certificate "https://raw.githubusercontent.com/mack-a/“v-2-r-a-y”-agent/master/install.sh" && chmod 700 /root/install.sh && /root/install.sh
14 apt-get install -y wget
15 apt-get update
16 apt-get upgrade
17 wget -P /root -N –no-check-certificate "https://raw.githubusercontent.com/mack-a/“v-2-r-a-y”-agent/master/install.sh" && chmod 700 /root/install.sh && /root/install.sh
18 reboot
19 vasma
20 vasma
21 wget https://raw.githubusercontent.com/nanqinlang-script/testrace/master/testrace.sh
22 bash testrace.sh
23 bash testrace.sh
24 bash <(curl -L -s https://raw.githubusercontent.com/lmc999/RegionRestrictionCheck/main/check.sh)
25 wget -qO- git.io/superbench.sh | bash
26 curl https://raw.githubusercontent.com/zhucaidan/mtr_trace/main/mtr_trace.sh|bash
27 bash <(curl -Lso- http://yun.789888.xyz/speedtest.sh)
28 bash <(curl -Lso- http://yun.789888.xyz/speedtest.sh)
29 ~bash <(curl -Lso- http://yun.789888.xyz/speedtest.sh)
30 apt-get install bash
31 bash <(curl -Lso- http://yun.789888.xyz/speedtest.sh)
32 bash <(curl -Lso- https://git.io/superspeed.sh)
33 ping -c 3 www.有图比.com
34 ps -aux
35 last
36 ls
37 history |
![[疑问] 见鬼了,网站被黑了](https://bbs.toot.su/static/image/smiley/default/titter.gif){kind=small}
![[疑问] 见鬼了,网站被黑了](https://bbs.toot.su/static/image/smiley/yct/009.gif)