2022.1.30 Record: WeiPan/Time Disk/Micro Trading/Foreign Exchange Disk/ThinkPHP5 Backdoor

Due to frequent attacks, it’s really annoying. After changing domain names and servers several times, I’ve summarized the following security issues. Let’s share this disgusting behavior.

Hacker @Ma.. (not disclosed) deletes the database every time and asks for 300.

Main exploitation methods:

– ThinkPHP vulnerabilities

– Scanning for IP addresses

– Using upload vulnerabilities: generating 1.php in the root directory, connecting with caodao, then uploading webshell

****************************** Solutions and Fixes ******************************

– Block hacker IP addresses

– Prevent server IP exposure

– Prohibit IP addresses from accessing the website

– Block all search engines from accessing any part of the website

robots:

User-agent: *

Disallow: /

– Modify website name to random English

– Disable random registration

– Fix vulnerability files

– Modify backend login address

– Backend has added security verification

– Domain/adminxxxxxxx

– Modify application/route.php