今天看公司的WEB和MAIL服务器,在一台机器上的,发现PASSWD文件里多了两个用户,一个是用户名CGI,是有ROOT权限的,另一个是adore,一般用户。查看日志如下
Feb 4 16:44:46 ns 173>Feb 4 16:44:46 rpc.statd[400]: gethostbyname error for (
???????????????库ffff75c 8049850 804c89f687465676274736f6d616e797
bffff729 bf
bffff72b~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
Feb 4 16:44:46 ns ~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
@
@
Feb 4 16:44:46 ns ~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P1离|Y~IA^P~IA^H?~IA^D~I摸俐I
^A版威@侈B~IY^L屏^N~Y屏^H^P~II^D~@A^D^L~H^A版威@侈D版威@侈E0俐HA^D版威@~I牺H?砂
?威@??威@??威@寝F/bin瞧^D/shA0俐HF^G~Iv^L~MV^P~MN^L~I蟀^K威@稗A威@柁???
Feb 4 17:07:08 ns adduser[21678]: new user: name=cgi, uid=0, gid=0, home=/home/
cgi, shell=/bin/bash
Feb 4 17:07:25 ns PAM_pwdb[21680]: password for (cgi/0) changed by ((null)/0)
Feb 4 17:08:09 ns PAM_pwdb[21682]: password for (ftp/14) changed by ((null)/0)
Feb 4 17:09:31 ns adduser[21687]: new group: name=adore, gid=1651
Feb 4 17:09:31 ns adduser[21687]: new user: name=adore, uid=1651, gid=1651, hom
e=/home/adore, shell=/bin/bash
Feb 4 17:09:46 ns PAM_pwdb[21688]: password for (adore/1651) changed by ((null)
@
Feb 4 17:09:46 ns PAM_pwdb[21688]: password for (adore/1651) changed by ((null)
@
Feb 4 17:07:08 ns adduser[21678]: new user: name=cgi, uid=0, gid=0, home=/home/
cgi, shell=/bin/bash
Feb 4 17:07:25 ns PAM_pwdb[21680]: password for (cgi/0) changed by ((null)/0)
Feb 4 17:08:09 ns PAM_pwdb[21682]: password for (ftp/14) changed by ((null)/0)
Feb 4 17:09:31 ns adduser[21687]: new group: name=adore, gid=1651
Feb 4 17:09:46 ns PAM_pwdb[21688]: password for (adore/1651) changed by ((null)
/0)
估计是被黑客进入了,想请问这是通过什么漏洞进入的,我该怎样预防啊,请救救我~~~
--------------------next---------------------
阅读(346) | 评论(0) | 转发(0) |