我们在多台服务器上托管了1000个域.我们遇到大量恶意软件和phpshell的问题.许多扫描仪的使用对它们没有影响.也许我们从那些扫描仪得到10/20模糊的结果
所以我构建自己的小bash文件来查找这些脚本.它本周末发现了148个phpshells(我不擅长创建.SH文件).
我的问题 grep很慢,它会持续数天.我怎样才能使这个脚本更有效率?
array=(
"base64_decode("
"substr(md5(strrev("
"cwd = @getcwd();"
"chr((ord("
"gzinflate(base64_decode("
"php_uname()" "] = chr(ord("
"cwd[strlen($cwd)"
"ini_get('safe_mode');"
"=\"\x62\""
"\"+ r + \"&r=\" + document.referrer;\""
"if(strtoupper(substr(PHP_OS, 0, 3) ) == \"WIN\")"
"window.top.location.href=\"http://"
"@ini_get(\"disable_functions\")"
"$g3='';$g3.=$r;$g3.=$h;$g3.=$y"
"hacked"
)
for value in "${array[@]}"
do
printf "\n[$value] [start => $(date +"%T")]\n"
grep -l -inr "$value" "/home/"
printf "\n[end => $(date +"%T")]\n"
done
最后结果
#!/bin/bash
LC_ALL=C grep -F -n -r -f /root/scanner/pattern.txt "/home/"
Pattern.txt
eval($___($__));
eval(stripslashes(@$_POST[
eval(stripslashes(array_pop(
eval(base64_decode(
eval(gzinflate(str_rot13(base64_decode(
gzinflate(base64_decode(
Array(base64_decode(
sha1(base64_decode(
print(base64_decode(
wsoScandir($dir)
substr(current(array_keys( …通过NPM无法安装LWIP.
lwip用于创建sprity包含sprity
从日志中读取,它表明我需要更新一些常量(参见下面的代码).
In file included from ../src/lib/png/png.c:14:
../src/lib/png/pngpriv.h:805:4: error: ZLIB_VERNUM != np "-I (include path) error: see the notes in pngpriv.h"
error ZLIB_VERNUM != PNG_ZLIB_VERNUM \
^
1 error generated.
make: *** [Release/obj.target/lwip_decoder/src/lib/png/png.o] Error 1
我可能错了,这里是完整的日志.
MacBook-Pro-2:frontend someuser$ npm install
npm WARN package.json PIMFC@ No repository field.
npm WARN package.json PIMFC@ No license field.
> fsevents@1.1.2 install /somepath/node_modules/fsevents
> node install
[fsevents] Success: "/somepath/node_modules/fsevents/lib/binding/Release/node-v46-darwin-x64/fse.node" is installed via remote
> lwip@0.0.9 install /somepath/node_modules/lwip
> node-gyp rebuild
CXX(target) Release/obj.target/lwip_decoder/src/decoder/init.o
CXX(target) Release/obj.target/lwip_decoder/src/decoder/util.o …