救命似乎又被挂马了！！！

monery2 · 发表于 2021-8-2 16:49:47

mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=9.3&archy_gzdy=2&archy_xlyq=8&archy_gznx=3&archy_zpzw=2&page=1 HTTP/1.1", host: "abcd.com"
2021/08/02 16:44:13 [error] 6118#6118: *20268 [lua] [string "local hOCvCfmVpL094={[1]=0,[2]=1,[3]=2,[4]=3,..."]:1: run(): failed to connect redis: timeout, client: 171.109.216.72, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=9.3&archy_gzdy=2&archy_xlyq=8&archy_gznx=3&archy_zpzw=2&page=1 HTTP/1.1", host: "abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20281 lua tcp socket connect timed out, when connecting to 127.0.0.1:6379, client: 171.109.216.126, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=22.10&archy_xlyq=4&archy_gzdy=1&archy_zpzw=1&archy_gznx=4&page=1 HTTP/1.1", host: "abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20281 [lua] [string "local hOCvCfmVpL094={[1]=0,[2]=1,[3]=2,[4]=3,..."]:1: run(): failed to connect redis: timeout, client: 171.109.216.126, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=22.10&archy_xlyq=4&archy_gzdy=1&archy_zpzw=1&archy_gznx=4&page=1 HTTP/1.1", host: "abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20282 lua tcp socket connect timed out, when connecting to 127.0.0.1:6379, client: 95.223.229.18, server: abcd.com, request: "GET /member.php?mod=logging&action=login&referer=https%3A%2F%2Frosyhub.com HTTP/1.1", host: "www.abcd.com", referrer: "https://www.abcd.com/"
2021/08/02 16:44:14 [error] 6118#6118: *20282 [lua] [string "local hOCvCfmVpL094={[1]=0,[2]=1,[3]=2,[4]=3,..."]:1: run(): failed to connect redis: timeout, client: 95.223.229.18, server: abcd.com, request: "GET /member.php?mod=logging&action=login&referer=https%3A%2F%2Frosyhub.com HTTP/1.1", host: "www.abcd.com", referrer: "https://www.abcd.com/"
2021/08/02 16:44:14 [error] 6118#6118: *20293 lua tcp socket connect timed out, when connecting to 127.0.0.1:6379, client: 171.109.216.108, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=1&archy_zpzw=2&archy_xlyq=2&archy_gznx=3&archy_gzdy=4&page=1 HTTP/1.1", host: "abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20293 [lua] [string "local hOCvCfmVpL094={[1]=0,[2]=1,[3]=2,[4]=3,..."]:1: run(): failed to connect redis: timeout, client: 171.109.216.108, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=1&archy_zpzw=2&archy_xlyq=2&archy_gznx=3&archy_gzdy=4&page=1 HTTP/1.1", host: "abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20295 lua tcp socket connect timed out, when connecting to 127.0.0.1:6379, client: 114.119.158.50, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=6&archy_gznx=3&archy_gzdy=2&archy_gsmc=all&archy_zpzw=all&archy_xlyq=7&page=1 HTTP/1.1", host: "www.abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20295 [lua] [string "local hOCvCfmVpL094={[1]=0,[2]=1,[3]=2,[4]=3,..."]:1: run(): failed to connect redis: timeout, client: 114.119.158.50, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=6&archy_gznx=3&archy_gzdy=2&archy_gsmc=all&archy_zpzw=all&archy_xlyq=7&page=1 HTTP/1.1", host: "www.abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20300 lua tcp socket connect timed out, when connecting to 127.0.0.1:6379, client: 114.119.134.230, server: abcd.com, request: "GET /home.php?mod=space&uid=22364&do=wall&from=space HTTP/1.1", host: "www.abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20300 [lua] [string "local hOCvCfmVpL094={[1]=0,[2]=1,[3]=2,[4]=3,..."]:1: run(): failed to connect redis: timeout, client: 114.119.134.230, server: abcd.com, request: "GET /home.php?mod=space&uid=22364&do=wall&from=space HTTP/1.1", host: "www.abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20249 lua tcp socket connect timed out, when connecting to 127.0.0.1:6379, client: 171.109.216.50, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=4&archy_zpzw=3&archy_gzdy=6&archy_xlyq=6&page=1 HTTP/1.1", host: "abcd.com"
2021/08/02 16:44:14 [error] 6118#6118: *20249 [lua] [string "local hOCvCfmVpL094={[1]=0,[2]=1,[3]=2,[4]=3,..."]:1: run(): failed to connect redis: timeout, client: 171.109.216.50, server: abcd.com, request: "GET /forum.php?mod=forumdisplay&fid=48&filter=sortid&sortid=4&searchsort=1&archy_qy_3=4&archy_zpzw=3&archy_gzdy=6&archy_xlyq=6&page=1 HTTP/1.1", host: "abcd.com"

只要一开php必定cpu100% php-cfm跟sql

我知道答案回答被采纳将会获得1 贡献已有8人回答

monery2 · 发表于 2021-8-2 17:13:02

别的网址都好的就不知道他挂哪了文件校验都是对的

罗永浩 · 发表于 2021-8-2 23:51:47

盗版插件？

老周部落 · 发表于 2021-8-3 10:54:30

看日志好像是 Redis 连接不上，先排查一下 Redis

monery2 · 发表于 2021-8-4 11:21:30

monery2 发表于 2021-8-2 17:13
别的网址都好的就不知道他挂哪了文件校验都是对的

后来后台查了nginx 查了php配置，最后发现是买的模板启用后cpu飙高的，用默认的就好了正在排查中。。。。

monery2 · 发表于 2021-8-4 11:33:06

https://pc6a.com/1540.html. 似乎跟这个有关被恶意爬虫了

monery2 · 发表于 2021-8-4 22:51:59

好像也不是在排查中插件全关了仍然没有解决奇怪

monery2 · 发表于 2021-8-7 16:13:31

因为上班，连续三天4个小时，终于找到了，查找过程是这样，查了nginx和php的配置正常，又查找死锁表没有，关闭所有插件仍然cpu飚高，还原默认模板，降到20%左右（但仍然不正常，测试新站3%以下），监听网卡发现一直有ip访问我的站，以为是哪个php被挂马了（因为之前就挂过），查找所有被改过的文件没有恶意挂马现象，仍然飚高，又记录调出mysql最近的查询语句，不停的在select，看了一下查询语句好像就是有ip不停的刷我的网站，换了域名CPU正常了（原理域名被cc了），换回域名，开启cc防护将http头记录在客户端cookie中验证无效，很有可能是木马肉鸡攻击，又开启cc防护将js验证在客户端cookie中正常了，期间开过阿里云的waf，理论上也可以防但收费无奈太贵放弃了

monery2 · 发表于 2021-8-10 14:29:17

再补充下 https://blog.csdn.net/weixin_34234823/article/details/89779113

[求助] 救命似乎又被挂马了！！！

产品服务

开发者服务

使用教程