Deprecated: Method ReflectionProperty::setAccessible() is deprecated since 8.5, as it has no effect since PHP 8.1 in /var/www/html/plugins/system/falangdriver/falangdriver.php on line 534

Deprecated: Using null as the key parameter for array_key_exists() is deprecated, use an empty string instead in /var/www/html/plugins/system/t4/src/t4/MVC/Router/T4.php on line 388
Joomla网站查找木马文件 - Bluetooth forum - bluetooth蓝牙技术

Deprecated: Using null as the key parameter for array_key_exists() is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/cbPluginHandler.php on line 323

Deprecated: Using null as the key parameter for array_key_exists() is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/cbPluginHandler.php on line 323

Deprecated: Using null as the key parameter for array_key_exists() is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/cbPluginHandler.php on line 323

Deprecated: Using null as the key parameter for array_key_exists() is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/cbPluginHandler.php on line 323

Deprecated: Using null as the key parameter for array_key_exists() is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/cbPluginHandler.php on line 323

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/components/com_comprofiler/plugin/user/plug_cbjdownloads/cbjdownloads.php on line 49

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/components/com_comprofiler/plugin/user/plug_cbblogs/cbblogs.php on line 48

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/components/com_comprofiler/plugin/user/plug_cbarticles/cbarticles.php on line 47

Deprecated: Using null as the key parameter for array_key_exists() is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/cbPluginHandler.php on line 323

Deprecated: Using null as the key parameter for array_key_exists() is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/cbPluginHandler.php on line 323

Deprecated: Using null as the key parameter for array_key_exists() is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/cbPluginHandler.php on line 323

Deprecated: Using null as the key parameter for array_key_exists() is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/cbPluginHandler.php on line 323

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 217

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 219

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 227

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 231

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 234

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 237

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 239
Technical discuss

Joomla网站查找木马文件


Deprecated: Using null as the key parameter for array_key_exists() is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/cbPluginHandler.php on line 323

Deprecated: Using null as the key parameter for array_key_exists() is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/cbPluginHandler.php on line 323

Deprecated: Using null as the key parameter for array_key_exists() is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/cbPluginHandler.php on line 323

  • Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 189

    Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 237

    Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 239
    service
  • [
    Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 189

    Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 237

    Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 239
    service]

  • Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 189

    Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 237

    Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 239
    帖子作者

  • Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 189

    Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 237

    Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 239
    离线
  • 管理员
  • 管理员
更多
2026-01-07 01:47 - 2026-01-07 02:01 #995
Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 189

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 237

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 239
by service
新帖
木马可能隐藏在Web目录中,特别是Joomla的目录。我们可以使用以下方法查找:
  • 查找最近修改的文件,特别是PHP文件。
  • 查找包含恶意代码的文件,例如使用特征码扫描(如eval(base64_decode()等)。
  • 检查是否有异常的计划任务。
步骤3:使用恶意软件扫描工具安装并运行ClamAV或rkhunter进行扫描。步骤4:检查Joomla核心文件的完整性使用Joomla官方版本的核心文件与当前文件进行比较,检查是否有修改。步骤5:清理并修复删除或隔离恶意文件,修复被篡改的文件,更改所有密码(数据库、管理员账户等)。步骤6:加强安全更新Joomla和所有扩展,使用安全插件,配置正确的文件权限。

查找恶意文件和进程# 在Joomla目录中搜索后门文件
Code:
find /var/www/html -name "*.php" -type f -exec grep -l "base64_decode\|eval(\$\|shell_exec\|system(\|passthru\|exec(" {} \;

# 查找最近修改的文件(木马通常最近修改)
Code:
find /var/www/html -type f -name "*.php" -mtime -3

# 查找包含可疑字符串的文件
Code:
find /var/www/html -type f -name "*.php" | xargs grep -l "mail(\|fsockopen\|curl_exec" 2>/dev/null

# 检查.htaccess是否被篡改
Code:
find /var/www/html -name ".htaccess" -exec grep -l "RewriteRule.*php" {} \;

检查隐藏文件:# 查找隐藏的PHP文件
Code:
find /var/www/html -name ".*.php" -o -name "*.php.*" -o -name "*.php.bak"

# 检查/tmp目录中的可疑文件
Code:
ls -la /tmp/*.php /tmp/*.ph* 2>/dev/null
分析邮件发送的源头
Code:
ps aux | grep php ps aux | grep -E "(mail|exim|sendmail)"
检查Web日志中的异常请求:# 查看Apache访问日志
Code:
tail -100 /var/log/apache2/access.log | grep -E "POST.*mail|GET.*mail|\.php\?"

# 查找大量请求的IP
Code:
awk '{print $1}' /var/log/apache2/access.log | sort | uniq -c | sort -nr | head -20

# 查找异常的User-Agent
Code:
grep -i "bot\|spider\|curl\|wget\|python\|perl" /var/log/apache2/access.log | head -20

使用专业工具扫描
Code:
apt-get install clamav clamav-daemon freshclam  # 更新病毒库 clamscan -r /var/www/html --infected --remove=yes
使用rkhunter检查rootkit:
Code:
apt-get install rkhunter rkhunter --check --skip-keypress
检查Joomla特定位置Joomla常见后门位置:
Code:
# 检查/templates目录 find /var/www/html/templates -name "*.php" -exec grep -l "eval\|base64" {} \; # 检查/modules目录 find /var/www/html/modules -name "*.php" -exec grep -l "mail\|fsockopen" {} \; # 检查/components目录 find /var/www/html/components -name "*.php" -mtime -7 # 检查/plugins目录 find /var/www/html/plugins -name "*.php" -exec grep -l "exec\|system" {} \;
创建检测脚本
Code:
创建find_malware.sh: #!/bin/bash echo "=== Joomla恶意文件扫描 ===" # 1. 检查文件修改时间 echo "最近3天修改的PHP文件:" find /var/www/html -name "*.php" -type f -mtime -3 -ls # 2. 检查包含恶意代码的文件 echo -e "\n包含可疑代码的文件:" find /var/www/html -name "*.php" -type f -exec grep -l "base64_decode\|@eval\|gzuncompress\|str_rot13" {} \; # 3. 检查文件权限 echo -e "\n异常权限的文件(可写):" find /var/www/html -type f -name "*.php" -perm /022 -ls # 4. 检查异常大小的文件 echo -e "\n异常大的PHP文件(>1MB):" find /var/www/html -name "*.php" -type f -size +1M -ls # 5. 检查包含邮件函数的文件 echo -e "\n包含mail()函数的文件:" find /var/www/html -name "*.php" -type f -exec grep -l "mail(" {} \;

赋予执行权限并运行:
Code:
chmod +x find_malware.sh ./find_malware.sh
修复步骤步骤1:备份当前网站
Code:
# 备份整个网站 tar czf /tmp/joomla_backup_$(date +%Y%m%d).tar.gz /var/www/html # 备份数据库 mysqldump -u root -p joomla_db > /tmp/joomla_db_$(date +%Y%m%d).sql
步骤2:清理发现的恶意文件
Code:
# 创建隔离目录 mkdir -p /tmp/quarantine # 移动可疑文件到隔离区 find /var/www/html -name "*.php" -exec grep -l "base64_decode.*@eval" {} \; | while read file; do     echo "隔离文件: $file"     mv "$file" /tmp/quarantine/ done
更新Joomla核心文件
Code:
# 下载最新版Joomla cd /tmp wget https://downloads.joomla.org/cms/joomla4/latest/Joomla_4.x-Stable-Full_Package.zip unzip Joomla_4.x-Stable-Full_Package.zip # 替换核心文件(注意:不要覆盖configuration.php和images目录) cp -r /tmp/joomla/libraries/* /var/www/html/libraries/ cp -r /tmp/joomla/includes/* /var/www/html/includes/ cp -r /tmp/joomla/media/* /var/www/html/media/
步骤4:检查和清理数据库# 查找数据库中可疑内容
mysql -u root -p -e "USE joomla_db; SHOW TABLES;" | while read table; do
mysql -u root -p -e "USE joomla_db; SELECT COUNT(*) FROM \`$table\` WHERE \`description\` LIKE '%<iframe%' OR \`text\` LIKE '%<iframe%' OR \`introtext\` LIKE '%<iframe%';"
done

# 检查用户表是否有异常用户
mysql -u root -p -e "USE joomla_db; SELECT id, username, email, registerDate FROM #__users ORDER BY registerDate DESC LIMIT 10;" 加强安全措施更新所有密码:# 修改数据库密码
mysql -u root -p -e "ALTER USER 'joomla_user'@'localhost' IDENTIFIED BY '新强密码';"

# 修改Joomla管理员密码
# 通过phpMyAdmin或使用以下SQL:
# UPDATE `#__users` SET `password` = MD5('新密码') WHERE username = 'admin';修复文件权限:
# 设置正确的文件权限
cd /var/www/html
find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;
chown -R www-data:www-data .
chmod 444 configuration.php安装安全扩展:

# 可以考虑安装Joomla安全扩展,如:
# 1. Akeeba Admin Tools
# 2. RSFirewall
# 3. JHackGuard监控和预防
创建监控脚本
Code:
monitor_joomla.sh


#!/bin/bash
# 监控Joomla文件变化
while true; do
    # 检查是否有新文件创建
    find /var/www/html -name "*.php" -cmin -5
    # 检查邮件发送
    tail -5 /var/log/exim4/mainlog
    # 检查Web请求
    tail -5 /var/log/apache2/access.log | grep -E "\.php\?|POST"
    sleep 60
done重要建议:
  1. 立即行动:木马正在大量发邮件,立即停止邮件服务
  2. 全面扫描:使用多个工具交叉验证
  3. 逐级恢复:不要一次性全部删除,先隔离再分析
  4. 更新所有:Joomla核心、模板、扩展全部更新到最新版
  5. 启用双因素认证:为Joomla管理员启用2FA
  6. 定期备份:建立自动备份机制
  7. 使用WAF:考虑安装Web应用防火墙
















 
Last edit: 2026-01-07 02:01 by service.

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 234

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 237

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 239

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 189

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 237

Deprecated: Using null as an array offset is deprecated, use an empty string instead in /var/www/html/libraries/CBLib/CB/Legacy/LegacyFoundationFunctions.php on line 239

登录注册一个帐号 参加讨论

核心: Kunena 论坛
FaLang translation system by Faboba

Deprecated: Method ReflectionProperty::setAccessible() is deprecated since 8.5, as it has no effect since PHP 8.1 in /var/www/html/plugins/system/falangdriver/falangdriver.php on line 100

Deprecated: Method ReflectionProperty::setAccessible() is deprecated since 8.5, as it has no effect since PHP 8.1 in /var/www/html/plugins/system/falangdriver/falangdriver.php on line 100
mysqli object is already closed (500 Whoops, looks like something went wrong.)

Error

HTTP 500 Whoops, looks like something went wrong.

mysqli object is already closed

Exception

Error

  1. */
  2. public function disconnect()
  3. {
  4. // Close the connection.
  5. if (\is_callable([$this->connection, 'close'])) {
  6. $this->connection->close();
  7. }
  8. parent::disconnect();
  9. }
  1. */
  2. public function disconnect()
  3. {
  4. // Close the connection.
  5. if (\is_callable([$this->connection, 'close'])) {
  6. $this->connection->close();
  7. }
  8. parent::disconnect();
  9. }
  1. *
  2. * @since 2.0.0
  3. */
  4. public function __destruct()
  5. {
  6. $this->disconnect();
  7. }
  8. /**
  9. * Alter database's character set.
  10. *
DatabaseDriver->__destruct()

Stack Trace

Error
Error:
mysqli object is already closed

  at /var/www/html/libraries/vendor/joomla/database/src/Mysqli/MysqliDriver.php:318
  at mysqli->close()
     (/var/www/html/libraries/vendor/joomla/database/src/Mysqli/MysqliDriver.php:318)
  at Joomla\Database\Mysqli\MysqliDriver->disconnect()
     (/var/www/html/libraries/vendor/joomla/database/src/DatabaseDriver.php:496)
  at Joomla\Database\DatabaseDriver->__destruct()                

Deprecated: Method ReflectionProperty::setAccessible() is deprecated since 8.5, as it has no effect since PHP 8.1 in /var/www/html/plugins/system/falangdriver/falangdriver.php on line 100

Deprecated: Method ReflectionProperty::setAccessible() is deprecated since 8.5, as it has no effect since PHP 8.1 in /var/www/html/plugins/system/falangdriver/falangdriver.php on line 100