在服务器上发现了木马,也记录到了入侵者的IP,如何请他喝茶?
入侵者访问记录
12-31 11:01:45 POST /.m/static/img/static.aspx - 80 - 113.76.193.74 Baiduspider 200 0 64 82586
12-31 11:01:45 POST /.m/static/img/static.aspx - 80 - 113.76.193.74 Baiduspider 200 0 64 51870
12-31 11:01:45 POST /.m/static/img/static.aspx - 80 - 113.76.193.74 Baiduspider 200 0 0 9781
12-31 12:03:29 POST /.m/static/img/static.aspx - 80 - 113.76.193.74 Baiduspider 200 0 0 62
12-31 12:03:30 POST /.m/static/img/static.aspx - 80 - 113.76.193.74 Baiduspider 200 0 0 62
12-31 12:03:32 POST /.m/static/img/static.aspx - 80 - 113.76.193.74 Baiduspider 200 0 0 62
12-31 14:07:05 POST /.m/static/img/static.aspx - 80 - 219.135.67.177 Baiduspider 200 0 0 78
12-31 14:07:08 POST /.m/static/img/static.aspx - 80 - 219.135.67.177 Baiduspider 200 0 0 46
12-31 23:02:36 POST /.m/static/img/static.aspx - 80 - 14.125.36.190 Baiduspider 200 0 0 1918
12-31 23:03:01 POST /.m/static/img/static.aspx - 80 - 14.125.36.190 Baiduspider 200 0 0 93
12-31 23:03:05 POST /.m/static/img/static.aspx - 80 - 14.125.36.190 Baiduspider 200 0 0 62
12-31 23:03:07 POST /.m/static/img/static.aspx - 80 - 14.125.36.190 Baiduspider 200 0 0 78
12-31 23:03:10 POST /.m/static/img/static.aspx - 80 - 14.125.36.190 Baiduspider 200 0 0 109
12-31 23:08:06 POST /.m/static/img/static.aspx - 80 - 14.125.36.190 Baiduspider 200 0 0 109
12-31 23:08:08 POST /.m/static/img/static.aspx - 80 - 14.125.36.190 Baiduspider 200 0 0 62
12-31 23:08:11 POST /.m/static/img/static.aspx - 80 - 14.125.36.190 Baiduspider 200 0 0 78
12-31 23:08:13 POST /.m/static/img/static.aspx - 80 - 14.125.36.190 Baiduspider 200 0 0 78
12-31 23:08:15 POST /.m/static/img/static.aspx - 80 - 14.125.36.190 Baiduspider 200 0 0 93
12-31 23:25:14 POST /.m/static/img/static.aspx - 80 - 14.125.36.190 Baiduspider 200 0 0 78
12-31 23:25:17 POST /.m/static/img/static.aspx - 80 - 14.125.36.190 Baiduspider 200 0 0 78
12-31 23:25:19 POST /.m/static/img/static.aspx - 80 - 14.125.36.190 Baiduspider 200 0 0 468
01-02 00:47:59 POST /.m/static/img/static.aspx - 80 - 113.76.129.248 Baiduspider 200 0 64 58858
01-02 00:48:00 POST /.m/static/img/static.aspx - 80 - 113.76.129.248 Baiduspider 200 0 0 18002
01-02 01:05:11 POST /.m/static/img/static.aspx - 80 - 113.76.129.248 Baiduspider 200 0 0 62
01-02 01:05:14 POST /.m/static/img/static.aspx - 80 - 113.76.129.248 Baiduspider 200 0 0 62
01-02 01:05:17 POST /.m/static/img/static.aspx - 80 - 113.76.129.248 Baiduspider 200 0 0 62
01-02 01:05:24 POST /.m/static/img/static.aspx - 80 - 113.76.129.248 Baiduspider 200 0 0 5101
01-02 01:05:27 POST /.m/static/img/static.aspx - 80 - 113.76.129.248 Baiduspider 200 0 0 62
01-02 01:05:29 POST /.m/static/img/static.aspx - 80 - 113.76.129.248 Baiduspider 200 0 0 62
01-02 01:05:34 POST /.m/static/img/static.aspx - 80 - 113.76.129.248 Baiduspider 200 0 0 78
01-02 01:05:44 POST /.m/static/img/static.aspx - 80 - 113.76.129.248 Baiduspider 200 0 0 62
01-02 03:12:41 POST /.m/static/img/static.aspx - 80 - 113.76.129.248 Baiduspider 200 0 0 3213
01-02 03:12:32 POST /.m/static/img/static.aspx - 80 - 113.76.129.248 Baiduspider 200 0 0 218
01-02 23:57:35 POST /aspnet_client/system_web/client/env.aspx - 80 - 14.123.240.85 Baiduspider 200 0 0 717
01-02 23:56:16 POST /.m/static/img/static.aspx - 80 - 14.123.240.85 Baiduspider 404 0 64 23446
01-03 00:03:01 POST /aspnet_client/system_web/client/env.aspx - 80 - 14.123.240.85 Baiduspider 200 0 0 6427
01-03 00:03:26 POST /aspnet_client/system_web/client/env.aspx - 80 - 14.123.240.85 Baiduspider 200 0 0 2854
01-03 00:38:42 POST /aspnet_client/system_web/client/env.aspx - 80 - 14.123.240.85 Baiduspider 200 0 0 1294
01-03 00:38:44 POST /aspnet_client/system_web/client/env.aspx - 80 - 14.123.240.85 Baiduspider 200 0 0 202
01-03 00:38:46 POST /aspnet_client/system_web/client/env.aspx - 80 - 14.123.240.85 Baiduspider 200 0 0
如果还时不时会来,可以用蜜罐,成功率看你蜜罐的水平了。即使蜜罐套住了,对方如果只是放普通webhook或者开端口当肉鸡或者脱你的裤子之类也没啥用
如果他不再来了,那只能反过来打对方的IP,即使能打进去很可能也就是肉鸡
不过以挂马还会留http log的水平,可能对方也就半桶水而已,即使能打到对方也说明不了什么
首先还是学学怎么防住半桶水的攻击吧,看看对方的入侵路径,该打补丁打补丁,该收紧权限的收紧权限,该封端口的封端口
可能性不大。
对方能伪装UA指不定也是伪装的IP
就算是对方的真实IP,先得报案,还得通过电信去查。
除非损失很大,一般jc的效率你懂的。
屏蔽ip或者ip段吧。