设为首页收藏本站
切换到窄版

容器技术交流

 找回密码
 立即注册
容器技术交流»论坛首页 LuManager 主机管理面板 LuManager安装使用 我的网站是不是被挂马了!
返回列表 发新帖
查看: 2877|回复: 0

我的网站是不是被挂马了!

[复制链接]
发表于 2013-11-25 22:51:03 | 显示全部楼层 |阅读模式
最近一段时间经常收到linode vps的CPU超限警告信,用TOP命令查看,
进程里有2个php-cgi进程,每个都占用了80%-90%CPU,即使我把所有网站关闭了依然如此
用strace命令跟踪pid 得到以下信息(只是其中的一部分,未全贴出),请问是不是我的VPS被挂马了

llstat("/home/ftp/1520/notebookreview-20130324-DAH", {st_mode=S_IFDIR|0711, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins/ubermenu", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins/ubermenu/core", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins/ubermenu/core/ubermenu.core.php", {st_mode=S_IFREG|0555, st_size=1148, ...}) = 0
open("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins/ubermenu/core/ubermenu.core.php", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0555, st_size=1148, ...}) = 0
open("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins/ubermenu/core/ubermenu.core.php", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0555, st_size=1148, ...}) = 0
mmap(NULL, 1148, PROT_READ, MAP_SHARED, 6, 0) = 0x2b17acabc000
munmap(0x2b17acabc000, 1148)            = 0
close(6)                                = 0
fcntl(5, F_GETFL)                       = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(5, {st_mode=S_IFREG|0555, st_size=1148, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b17acabc000
lseek(5, 0, SEEK_CUR)                   = 0
lseek(5, 0, SEEK_SET)                   = 0
read(5, "<?php\n\ndefine('UBERMENU_NAV_LOCS"..., 4096) = 1148
lseek(5, 1148, SEEK_SET)                = 1148
stat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins/ubermenu/core/ubermenu.core.php", {st_mode=S_IFREG|0555, st_size=1148, ...}) = 0
lseek(5, -1148, SEEK_CUR)               = 0
close(5)                                = 0
munmap(0x2b17acabc000, 4096)            = 0
getcwd("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com", 4096) = 67
lstat("/home", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/home/ftp", {st_mode=S_IFDIR|0771, st_size=4096, ...}) = 0
lstat("/home/ftp/1520", {st_mode=S_IFDIR|0351, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH", {st_mode=S_IFDIR|0711, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/sparkoptions", 0x7fff37b70b60) = -1 ENOENT (No such file or y)
open("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/sparkoptions/SparkOptions.class.php", O_RDONLY) = -1 ENOENT (No such file or y)
lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/usr/local", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/usr/local/php_fcgi", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/usr/local/php_fcgi/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/usr/local/php_fcgi/lib/php", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/usr/local/php_fcgi/lib/php/sparkoptions", 0x7fff37b70b60) = -1 ENOENT (No such file or y)
open("/usr/local/php_fcgi/lib/php/sparkoptions/SparkOptions.class.php", O_RDONLY) = -1 ENOENT (No such file or y)
open("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins/ubermenu/core/sparkoptions/SparkOptions.class.php", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0555, st_size=20017, ...}) = 0
open("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins/ubermenu/core/sparkoptions/SparkOptions.class.php", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0555, st_size=20017, ...}) = 0
mmap(NULL, 20017, PROT_READ, MAP_SHARED, 6, 0) = 0x2b17ae635000
munmap(0x2b17ae635000, 20017)           = 0
close(6)                                = 0
fcntl(5, F_GETFL)                       = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(5, {st_mode=S_IFREG|0555, st_size=20017, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b17acabc000
lseek(5, 0, SEEK_CUR)                   = 0
lseek(5, 0, SEEK_SET)                   = 0
read(5, "<?php\n/*\n * SevenSpark Options F"..., 4096) = 4096
lseek(5, 4096, SEEK_SET)                = 4096
stat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins/ubermenu/core/sparkoptions/SparkOptions.class.php", {st_mode=S_IFREG|0555, st_size=20017, ...}) = 0
open("/tmp/2/a/eaccelerator-21715.458765", O_RDONLY) = 6
flock(6, LOCK_SH)                       = 0
read(6, "EACCELER\1\6\t\0\256\234\v\366\0\0\2\2\0\0\0\0\0\21\2\5\0@\f\376"..., 64) = 64
read(6, "p\246\352\1\0\0\0\0\0\312\0\0\0\0\0\0.\252\10\0\0\0\0\0001N\0\0\0\0\0\0"..., 186768) = 186768
flock(6, LOCK_UN)                       = 0
close(6)                                = 0
lseek(5, -4096, SEEK_CUR)               = 0
close(5)                                = 0
munmap(0x2b17acabc000, 4096)            = 0
getcwd("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com", 4096) = 67
lstat("/home", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/home/ftp", {st_mode=S_IFDIR|0771, st_size=4096, ...}) = 0
lstat("/home/ftp/1520", {st_mode=S_IFDIR|0351, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH", {st_mode=S_IFDIR|0711, st_size=4096, ...})
llstat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/UberOptions.class.php", 0x7fff37b70b60) = -1 ENOENT (No such file or y)
open("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/UberOptions.class.php", O_RDONLY) = -1 ENOENT (No such file or y)
lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/usr/local", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/usr/local/php_fcgi", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/usr/local/php_fcgi/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/usr/local/php_fcgi/lib/php", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/usr/local/php_fcgi/lib/php/UberOptions.class.php", 0x7fff37b70b60) = -1 ENOENT (No such file or y)
open("/usr/local/php_fcgi/lib/php/UberOptions.class.php", O_RDONLY) = -1 ENOENT (No such file or y)
lstat("/home", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/home/ftp", {st_mode=S_IFDIR|0771, st_size=4096, ...}) = 0
lstat("/home/ftp/1520", {st_mode=S_IFDIR|0351, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH", {st_mode=S_IFDIR|0711, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins/ubermenu", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins/ubermenu/core", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0
lstat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins/ubermenu/core/UberOptions.class.php", {st_mode=S_IFREG|0555, st_size=8047, ...}) = 0
open("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins/ubermenu/core/UberOptions.class.php", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0555, st_size=8047, ...}) = 0
open("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins/ubermenu/core/UberOptions.class.php", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0555, st_size=8047, ...}) = 0
mmap(NULL, 8047, PROT_READ, MAP_SHARED, 6, 0) = 0x2b17acabc000
munmap(0x2b17acabc000, 8047)            = 0
close(6)                                = 0
fcntl(5, F_GETFL)                       = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(5, {st_mode=S_IFREG|0555, st_size=8047, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b17acabc000
lseek(5, 0, SEEK_CUR)                   = 0
lseek(5, 0, SEEK_SET)                   = 0
read(5, "<?php\n\nclass UberOptions extends"..., 4096) = 4096
lseek(5, 4096, SEEK_SET)                = 4096
stat("/home/ftp/1520/notebookreview-20130324-DAH/bestnotebookreview.com/wp-content/plugins/ubermenu/core/UberOptions.class.php", {st_mode=S_IFREG|0555, st_size=8047, ...}) = 0
open("/tmp/c/9/eaccelerator-21715.557765", O_RDONLY) = 6
flock(6, LOCK_SH)                       = 0
read(6, "EACCELER\1\6\t\0\256\234\v\366\0\0\2\2\0\0\0\0\0\21\2\5\0@\f\376"..., 64) = 64
read(6, "\30/\353\1\0\0\0\0\0\312\0\0\0\0\0\0\313\251\10\0\0\0\0\0o\37\0\0\0\0\0\0"..., 46200) = 46200
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

手机版|小黑屋|Archiver|URLOS ( 粤ICP备18087780号 )

GMT+8, 2024-5-28 13:39 , Processed in 0.039227 second(s), 18 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表