1年多来,对x1逐渐重视起来,最近在某云服务器上试用x1系统,调试,昨天收到电子邮件,提示有木马病毒,路径为:/www
https://x1.php168.com/public/static/libs/ueditor/lang/zh-cn/images/localimage.png";); background-position: center center; background-size: initial; background-repeat: no-repeat; background-attachment: initial; background-origin: initial; background-clip: initial; border: 1px solid rgb(221, 221, 221);"/>rver/data/mysql-bin.000007 ,木马病毒名称都有,打开服务器宝塔面板,进入文件中x1目录,却没有搜索出该文件,打开x1后台,没有木马侵入提示,该怎么解决这个问题,该怎么在系统里查找木马侵入记录呢。在x1系统里安装有安全365防入侵插件,打开记录查看。不知如何着手查找木马病毒。后在文件根目录/www/server/data搜索出该文件,打开data 却不显示mysql-bin.000007该文件。如何鉴定该文件是不是木马呢。该文件植在服务器文件里,不是在x1文件里。
用记事本打开该文件:部分代码为:
in?9^�� t x � � 5.6.44-log ?9^�8
� � ����� \ ��� ����
�� �,l@�9^�� W ? � � � % � ��std�! ! - ��wllaw_cn wllaw_cn BEGINI鍱孈�9^�� ? �� ?%Z@�9^�� ? ? � � % � ��std�! ! - ��wllaw_cn wllaw_cn INSERT INTO `qb_timed_log` (`taskid` , `create_time`) VALUES (1 , 1580801344)?tQ@�9^�� X ? � � � % � ��std�! ! - ��wllaw_cn wllaw_cn COMMIT?��9^�� W =� � � � % � ��std�! ! - ��wllaw_cn wllaw_cn BEGIN?�q@�9^�� ? ? � � % � ��std�! ! - ��wllaw_cn wllaw_cn UPDATE `qb_timed_log` SET `times`=0.0073719024658203125 WHERE `id` = '21'37木@�9^�� X 3� � � � % � ��std�! ! - ��wllaw_cn wllaw_cn COMMITO?朄�9^�� W ? � � � % � ��std�! ! - ��wllaw_cn wllaw_cn BEGIN�漉鶣�9^�� ? @� � � % � ��std�! ! - ��wllaw_cn wllaw_cn UPDATE `qb_timed_task` SET `last_time`=1580801344,`use_time`=0.0073719024658203125 WHERE `id` = 1俍wq@�9^�� X ? � � � % � ��std�! ! - ��wllaw_cn wllaw_cn COMMIT#玫朄�9^�� W ? � � � % � ��std�! ! - ��wllaw_cn wllaw_cn BEGIN?獧@�9^�� ? {� � � % � ��std�! ! - ��wllaw_cn wllaw_cn UPDATE `qb_timed_task` SET `num`=`num`+1 WHERE `id` = 1巔?@�9^�� X ? � � � % � ��std�! ! - ��wllaw_cn wllaw_cn COMMIT?異!H:^�� W *� � 0 � % � ��std�! ! - ��wllaw_cn wllaw_cn BEGIN\\$?H:^�� J� �� �爼?H:^�� ? ? 0 � % � ��std�! ! - ��wllaw_cn wllaw_cn INSERT INTO `qb_timed_log` (`taskid` , `create_time`) VALUES (1 , 1580877857)�蘩?H:^�� X A� � 0 � % � ��std�! ! - ��wllaw_cn wllaw_cn COMMIT宲?!H:^�� W
打造最专业的开源系统建站程序
粤公网安备 44011302001000号
