On the morning of the next day, the first thing to do at work is to log on to the server and check the export results.
A total of 1127 logs are found. I sorted the logs in ascending chronological order.
First, you must determine whether the IP address is a public proxy or not-that is, this IP address is not used by many people. I checked the User-Agent in the log and the User-Agent recorded in Apache on Openshift, which is exactly the same. The system language is Chinese-it is the underground party in China.
Let's entertain what the hacker did recently:
On October 30, 360, the webpage was an article about "sexual posture" on a Health website. The Referer source was searches, and the search keyword was "sexual posture ".
On the evening of-30, a travel consulting site, from Baidu search, the keyword "Thailand tourism ".
At a.m. on November 11, a female sex net article about the combination of loose, thin, and masked clothes.
Let's assume what happened in the past three days (do not read the following content if you are under 18 years old ):
The hacker had a sleep all night and was so lonely that he could not stand it anymore. After learning some new positions on the internet, he was ready to use them now.
! @ # ¥ % ...... & @ # ¥ % ...... & × # ¥ % ...... &
After a round of bed tumbling, the hacker holds his girlfriend and falls into deep love...
"Do you love me ?", Female,
"Love ".
"Can we make a tour ?", Female asked.
"Okay, but let me go to bed for a while and get back to the Black website later. It's better if I look for a tour in the evening, OK ?"
The next night...
I think it is more appropriate to go to Thailand.
"Hey, baby, can we travel to Thailand ?"
"Well, you are the best, what"
"When will we go, dear," female asked.
"Let's leave in two days !"
A few days... Before departure
"You should pack your luggage first," said the hacker.
"Well, what clothes can I wear to cover the meat ?"
"Ah, I only know Black websites... I don't know this. I'll check it online ..."
! @ # ¥ % ...... & × (
After the assumption is complete, analyze it.
On the afternoon of November 3, I watched foreign exchange news, learned stock trading, and went to the stock forum. At three o'clock P.M., I went to an online school website (a website such as online education and qualification examination) for study. At 04:30 P.M., I browsed a wind network and learned about the stock.
On November 4, more than two o'clock in the morning, I was still paying attention to the stock market study site...
At eight o'clock A.M. a.m. on November 5, I searched for "Xia Yu Sun Dai photo" (it seems that this hacker is entertaining and smiling ).
Five o'clock P.M., search for the keyword "facial moles" in Baidu images ".
09. Visit the Webshell path of 9 websites.
At on January 8, hackers searched Baidu for "game team name list ".
At on Singles Day, search for "Zhang Xiaolong and hosyan ".
On the evening of February 13, I followed a news online article titled "13-year-old girl was raped by a 15-year-old boy and was not found pregnant for 7 months."
At a.m. on November 16, I searched for "decoration Wallpaper"-it seems that there is a house owner.
In addition to a poor educational background, the hacker has a house, a car, and a girlfriend. He can speculate on entertainment news and enjoy a wonderful life.