Today, I finally got a taste of the website being hacked. I have always felt that being attacked by a hacker is far away from me. Today I have seen it. The page after the page is hacked is as follows:
This is a reminder on the website. Today, I go to my mailbox as usual. My blog has two messages, one of which tells me whether the website is hacked. I will check the above results immediately. I am very excited because I have never had such an experience. Of course, I have all kinds of feelings and excitement? Even my website will be hacked. That's enough. I don't expect to be noticed, let alone hacked, so I'm so excited. Sad? Yes, I am very sad, not only because of being hacked, but also wondering if my own code is poorly written and caused by being hacked, so I am too frustrated, although I do not have any security protection, if it is because the code I write is not good and the whole server is under attack, then I really cannot agree. OK. These are my feelings.
after tracing, I decided to troubleshoot the problem. The first thought was to view the log, go to management, and download the Apache log. The result showed that there was an IP address that was particularly strange and scanned the ASP file, the scan continued, so I checked the IP address in Shanghai, and then Google the IP address. The result is really scary. This IP address is often used for black scanning, you can check the IP address on Google. What's particularly funny is that there is a personal worry on the topic forum: IP address is 222.73.173.10 Shanghai turtle grandson. It seems that this IP address is the source of all evil, however, I am not sure whether it is a zombie IP. I think it may be a zombie. I just want to guess. I think there are not many PHP files in my project. Besides installing a few WordPress files, I just created the Code of the Shanghai map, however, the code I wrote is as simple as no, that is, connecting to the database. Will it be attacked? After downloading the hacked PHP file, we found that some PHP files were replaced, especially those such as index. php. I suspected the server was attacked, so I searched several websites through reverse IP addresses and found that many websites on the server were also hacked. In this way, I was a little relieved, I couldn't find out why, so I was prepared to give it up. Finally, I logged on to the background of the current network (I figure it was cheap, so I used the current virtual host) and received a notification, I told you that the server has security vulnerabilities and is ready to reload the system for maintenance tomorrow morning. Well, I don't have to think about how to recover it. I just hope everything will be okay after the system is reinstalled tomorrow. So I washed and went to bed. For the first time, it seems that the dreamhost or edong host will be used in the future. It seems that server security is really important. My eyelids are fighting, so I went to bed. Good night everyone.