Discuz! The x2.5 website is infected with Trojans. Have you ever seen this logo?

Many directories and files are added to the root directory of the website, including the logo file below! At present, the problem has been solved temporarily, but I still don't know where the problem occurs. I am studying the code left by the bad guys... If you have encountered a similar problem, please share it and find it...

Many directories and files are added to the root directory of the website.Which also includes the following logo file!
At present, the problem has been solved temporarily, but I still don't know where the problem occurs. I am studying the code left by the bad guys...
I hope someone who has encountered similar problems can share their ideas and practices for finding the cause of the Trojan.~

PS. The website uses a HK virtual host, and the customer service does not regard it as a problem of their system.

The following code is attached to the directory (a small part of the code has been deleted:

Reply content:

Many directories and files are added to the root directory of the website.Which also includes the following logo file!
At present, the problem has been solved temporarily, but I still don't know where the problem occurs. I am studying the code left by the bad guys...
I hope someone who has encountered similar problems can share their ideas and practices for finding the cause of the Trojan.~

PS. The website uses a HK virtual host, and the customer service does not regard it as a problem of their system.

The following code is attached to the directory (a small part of the code has been deleted:

Can I paste the trojan code?
How do I think the appearance of many directories and files is similar to a parasite ...... After all, there are a lot of people growing vegetables now...
The most helpless thing about discuz is that a plug-in can crash the entire site ...... Virtual Hosts are even less secure...

The most basic requirement of discuz to prevent penetration is not to install plug-ins in disorder. Some plug-ins pose serious security risks. Previously, the getshell search engine used to master a toolbox directly collected the discuz 87% plug-in that matches the plug-in, even if there are different directory structures, all the variables are plug-ins or directly integrated into the template folder. Some of them are even more difficult for independent sites to directly run the toolbox without the discuz program.
The directory permission is locked. permissions are not granted to the places where the execution is not written or where the execution is not performed.

It is basically impossible to use Discuz to avoid being infected with a Trojan. the DZ station that is not infected with a Trojan is just something that others don't want to do.

Of course, if you are looking for someone to cut the Discuz function to register login posts and post posts, and then reasonably Configure permissions on the linux host, it is estimated that they will not be infected with Trojans.