既然是被举爆wwWbytx888.com的缘故,那被用的bytx888.comcom是什么进口
点击联系发帖人
时间:2018-04-09 19:10
[www.bytx888.com] 扣篮是每个胖子都梦想达到的目标!【焦点暴走营】(流畅)【人人网 - 分享】
[www.bytx888.com] 扣篮是每个胖子都梦想达到的目标!【焦点暴走营】(流畅)
分享这个视频的人喜欢
分享这个视频的人也爱看
扎起马尾,你
热门视频推荐
热门日志推荐
同类视频推荐
北京千橡网景科技发展有限公司:
文网文[号··京公网安备号·甲测资字
文化部监督电子邮箱:wlwh@vip.sina.com··
文明办网文明上网举报电话: 举报邮箱:&&&&&&&&&&&&
请输入手机号,完成注册
请输入验证码
密码必须由6-20个字符组成
下载人人客户端
品评校花校草,体验校园广场再续服务器被肉鸡的经历-- struts2漏洞
时间: 22:36:46
&&&& 阅读:3126
&&&& 评论:
&&&& 收藏:0
标签:&&&&&&&&&&&&&&&&&&[root@app130-33&~]#&cat&myout.file&
YAM&-&Yet&Another&Miner&by&yvg1900
yam&M7v-linux64-core2/yvg1900
**********************************************************************************************************
*&Supported&coins:&PTS&MMC&MAX&GRS&DMD&DVK&MYR&BCN&QCN&FCN&XMR&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&Author:&yvg1900&(Twitter&@yvg1900)&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&XPT&protocol:&jh&(http://ypool.net)&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&Addresses&for&Thanks&and&Donations:&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&PTS:&PZxsEQoiMeB6tHcW2ZySBEiCPio1WkxbEL&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&XPM:&AW2388DEWNEfMH4rP9kcj9yKcMq1QywYT4&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&DTC:&D6PmUogMigWvXurgFTqm5VLxQeVpXdYQj3&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&MMC:&MVk7PuJCa9o6qTYeiQRJDd3uHxKXMrQuU6&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&<C:&Lby4YjhcAxhmbsdHFb4nYydrwGoiJezZt1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&BTC:&1FxekeK5La7AuF3oxiLzPKnjXyLMrux6VT&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&NMC:&N9KXqmzEqP7gB2dGHpEZiRMgFjUHNM38FR&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&MAX:&mTEsqg9dp3U9YXwduKxhhhDx1TRPBcNRvA&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&NRS:&9qwyC34MCZ9XGopaNDNTnaMBtjAZhHvBd3&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&GRS:&FpHaQNJ2nMUc2kgBbzYue13E9VUfL8YbQp&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&DMD:&dEQZa7W7AczvUsjJkvWWrim1j8ZtgbAwXv&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&DVK:&D9o66V4h75JzWNpsaPidmKFVgwEf2DcDAX&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&MYR:&MFDpLPThL6D6vtWW42XobFNBpPdrJFPQb6&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&XMR:&45w9aqVA6iVeMJ6jVHZPEyPqgVnBEAGhBBqGAW9ncXp44qbZy9vXkd2KpqYwcyVTQHF1kaSJm97GyceP3Y2dRMd7E9gyuZf&*
*&&&BCN:&2AcGMZmmNWTiLvAg5n7ywMCAxXTxysYGsi1xzba2ok4UPccWTLqRyKN7EnQYUpEWpqBw1c9EVZrqo2CUG8f8mbjG5NA9njF&*
*&&&QCN:&1V6wZP6aycYPbeafHxPcvaQfGs4M5kabHDQoTEsyCTT3HjccMyQbvEVNPoJuRc79XrPRYWESiAezyipWojpZ8bii3kczNgW&*
*&&&FCN:&6rNjXkY5YQzWiTMmDUbL5gYTWx9UTdUMSA98S1G3cTmhZN9Xp6kq4woGeoK5Q8B3fPZV6TFKs36zdHpZnYxA4BFK3fLpJzW&*
**********************************************************************************************************
Can¬&load&config&file&[x]
Miner&version:&yam&M7v-linux64-core2/yvg1900
Checking&target&[stratum+tcp://47CunEQ4v8FPVNnw9mDgNZeaiSo6SVDydB3AZM341ZtdYpBYNmYeqhh4mpU1X6RSmgBTfC8xqaAtUGC2DArotyaKSz1LJyj.f2bec1df3c6bf9a03c8ce785d333ff96bc65f9a2dfd6d26ae814:x@moria.dwarfpool.com:80:8100/xmr]...
Checking&XMR&optimizations&compatibility...
OK:&XMR&optimizations&are&compatible
Monero:&Determine&Algorithm&Variation&by&finetuning
Using&16&CPU&mining&threads
&&Will&mine&96&rounds&for&miner&developers&to&support&development&of&the&next&version
&&Follow&@yvg1900&on&Twitter&to&get&information&on&new&version&availability&on&time
Monero&Aggregated&Hash/sec:&?;&Rounds&Complete/Incomplete:&0/0,&Donated&Complete/Incomplete:&0/0;&Config/Worker&Hash/sec:&?/?&on&0&rounds&with&AV=1,&ART=?&&Fine-tuning:&IN&PROGRESS,&AV/RT:&1/0,&Best&AV/RT:&1/0
&&moria.dwarfpool.com:&Connecting,&Shares&Submitted&0,&Accepted&0
STRATUM-RPC2:&Logged&in&with&47CunEQ4v8FPVNnw9mDgNZeaiSo6SVDydB3AZM341ZtdYpBYNmYeqhh4mpU1X6RSmgBTfC8xqaAtUGC2DArotyaKSz1LJyj.f2bec1df3c6bf9a03c8ce785d333ff96bc65f9a2dfd6d26ae814
New&Monero&Block&nTime&
New&Monero&Block&nTime&
Monero&Aggregated&Hash/sec:&?;&Rounds&Complete/Incomplete:&0/0,&Donated&Complete/Incomplete:&0/0;&Config/Worker&Hash/sec:&?/?&on&0&rounds&with&AV=1,&ART=?&&Fine-tuning:&IN&PROGRESS,&AV/RT:&1/0,&Best&AV/RT:&1/0
&&moria.dwarfpool.com:&On-line,&Shares&Submitted&0,&Accepted&0
Monero&Aggregated&Hash/sec:&?;&Rounds&Complete/Incomplete:&16/0,&Donated&Complete/Incomplete:&0/0;&Config/Worker&Hash/sec:&?/21&on&16&rounds&with&AV=1,&ART=12474&&Fine-tuning:&IN&PROGRESS,&AV/RT:&1/0,&Best&AV/RT:&1/0
&&moria.dwarfpool.com:&On-line,&Shares&Submitted&0,&Accepted&0
Share&found&while&mining&for&developers处理过程:服务:
[root@app130-33&bin]#&date&-u
2017年&03月&14日&星期二&06:15:29&UTC
[root@app130-33&bin]#&date&-R
Tue,&14&Mar&:03&+0800
[root@app130-33&bin]#&ifconfig
eth0&Link&encap:Ethernet&HWaddr&00:50:56:B6:38:21
inet&addr:192.168.130.33&Bcast:192.168.130.255&Mask:255.255.255.0
inet6&addr:&fe80::250:56ff:feb6:3821/64&Scope:Link
UP&BROADCAST&RUNNING&MULTICAST&MTU:1500&Metric:1
RX&packets:&errors:0&dropped:0&overruns:0&frame:0
TX&packets:&errors:0&dropped:0&overruns:0&carrier:0
collisions:0&txqueuelen:1000
RX&bytes:&(472.3&GiB)&TX&bytes:&(591.2&GiB)
查看服务硬件
[root@app130-33&bin]#&lspci
00:18.4&PCI&bridge:&VMware&PCI&Express&Root&Port&(rev&01)
00:18.5&PCI&bridge:&VMware&PCI&Express&Root&Port&(rev&01)
00:18.6&PCI&bridge:&VMware&PCI&Express&Root&Port&(rev&01)
00:18.7&PCI&bridge:&VMware&PCI&Express&Root&Port&(rev&01)
显示为VMware的虚拟机
[root@app130-33&bin]#&ps&aux
USER&PID&%CPU&%MEM&VSZ&RSS&TTY&STAT&START&TIME&COMMAND
root&1&0.0&0.0&&?&Ss&&/sbin/init
root&2&0.0&0.0&0&0&?&S&&[kthreadd]
root&3&0.0&0.0&0&0&?&S&&[migration/0]
root&4&0.0&0.0&0&0&?&S&&[ksoftirqd/0]
root&5&0.0&0.0&0&0&?&S&&[migration/0]
root&6&0.0&0.0&0&0&?&S&&[watchdog/0]
root&7&0.0&0.0&0&0&?&S&&[migration/1]
root&8&0.0&0.0&0&0&?&S&&[migration/1]
root&9&0.0&0.0&0&0&?&S&&[ksoftirqd/1]
root&10&0.0&0.0&0&0&?&S&&[watchdog/1]
root&11&0.0&0.0&0&0&?&S&&[migration/2]
root&12&0.0&0.0&0&0&?&S&&[migration/2]
root&13&0.0&0.0&0&0&?&S&&[ksoftirqd/2]
root&14&0.0&0.0&0&0&?&S&&[watchdog/2]
root&15&0.0&0.0&0&0&?&S&&[migration/3]
root&16&0.0&0.0&0&0&?&S&&[migration/3]
root&17&0.0&0.0&0&0&?&S&&[ksoftirqd/3]
root&18&0.0&0.0&0&0&?&S&&[watchdog/3]
root&19&0.0&0.0&0&0&?&S&&[migration/4]
root&20&0.0&0.0&0&0&?&S&&[migration/4]
root&21&0.0&0.0&0&0&?&S&&[ksoftirqd/4]
root&22&0.0&0.0&0&0&?&S&&[watchdog/4]
root&23&0.0&0.0&0&0&?&S&&[migration/5]
root&24&0.0&0.0&0&0&?&S&&[migration/5]
root&25&0.0&0.0&0&0&?&S&&[ksoftirqd/5]
root&26&0.0&0.0&0&0&?&S&&[watchdog/5]
root&27&0.0&0.0&0&0&?&S&&[migration/6]
root&28&0.0&0.0&0&0&?&S&&[migration/6]
root&29&0.0&0.0&0&0&?&S&&[ksoftirqd/6]
root&30&0.0&0.0&0&0&?&S&&[watchdog/6]
root&31&0.0&0.0&0&0&?&S&&[migration/7]
root&32&0.0&0.0&0&0&?&S&&[migration/7]
root&33&0.0&0.0&0&0&?&S&&[ksoftirqd/7]
root&34&0.0&0.0&0&0&?&S&&[watchdog/7]
root&35&0.0&0.0&0&0&?&S&&[migration/8]
root&36&0.0&0.0&0&0&?&S&&[migration/8]
root&37&0.0&0.0&0&0&?&S&&[ksoftirqd/8]
root&38&0.0&0.0&0&0&?&S&&[watchdog/8]
root&39&0.0&0.0&0&0&?&S&&[migration/9]
root&40&0.0&0.0&0&0&?&S&&[migration/9]
root&41&0.0&0.0&0&0&?&S&&[ksoftirqd/9]
root&42&0.0&0.0&0&0&?&S&&[watchdog/9]
root&43&0.0&0.0&0&0&?&S&&[migration/10]
root&44&0.0&0.0&0&0&?&S&&[migration/10]
root&45&0.0&0.0&0&0&?&S&&[ksoftirqd/10]
root&46&0.0&0.0&0&0&?&S&&[watchdog/10]
root&47&0.0&0.0&0&0&?&S&&[migration/11]
root&48&0.0&0.0&0&0&?&S&&[migration/11]
root&49&0.0&0.0&0&0&?&S&&[ksoftirqd/11]
root&50&0.0&0.0&0&0&?&S&&[watchdog/11]
root&51&0.0&0.0&0&0&?&S&&[migration/12]
root&52&0.0&0.0&0&0&?&S&&[migration/12]
root&53&0.0&0.0&0&0&?&S&&[ksoftirqd/12]
root&54&0.0&0.0&0&0&?&S&&[watchdog/12]
root&55&0.0&0.0&0&0&?&S&&[migration/13]
root&56&0.0&0.0&0&0&?&S&&[migration/13]
root&57&0.0&0.0&0&0&?&S&&[ksoftirqd/13]
root&58&0.0&0.0&0&0&?&S&&[watchdog/13]
root&59&0.0&0.0&0&0&?&S&&[migration/14]
root&60&0.0&0.0&0&0&?&S&&[migration/14]
root&61&0.0&0.0&0&0&?&S&&[ksoftirqd/14]
root&62&0.0&0.0&0&0&?&S&&[watchdog/14]
root&63&0.0&0.0&0&0&?&S&&[migration/15]
root&64&0.0&0.0&0&0&?&S&&[migration/15]
root&65&0.0&0.0&0&0&?&S&&[ksoftirqd/15]
root&66&0.0&0.0&0&0&?&S&&[watchdog/15]
root&67&0.0&0.0&0&0&?&S&&[events/0]
root&68&0.0&0.0&0&0&?&S&&[events/1]
root&69&0.0&0.0&0&0&?&S&&[events/2]
root&70&0.0&0.0&0&0&?&S&&[events/3]
root&71&0.0&0.0&0&0&?&S&&[events/4]
root&72&0.0&0.0&0&0&?&S&&[events/5]
root&73&0.0&0.0&0&0&?&S&&[events/6]
root&74&0.0&0.0&0&0&?&S&&[events/7]
root&75&0.0&0.0&0&0&?&S&&[events/8]
root&76&0.0&0.0&0&0&?&S&&[events/9]
root&77&0.0&0.0&0&0&?&S&&[events/10]
root&78&0.0&0.0&0&0&?&S&&[events/11]
root&79&0.0&0.0&0&0&?&S&&[events/12]
root&80&0.0&0.0&0&0&?&S&&[events/13]
root&81&0.0&0.0&0&0&?&S&&[events/14]
root&82&0.0&0.0&0&0&?&S&&[events/15]
root&83&0.0&0.0&0&0&?&S&&[cgroup]
root&84&0.0&0.0&0&0&?&S&&[khelper]
root&85&0.0&0.0&0&0&?&S&&[netns]
root&86&0.0&0.0&0&0&?&S&&[async/mgr]
root&87&0.0&0.0&0&0&?&S&&[pm]
root&88&0.0&0.0&0&0&?&S&&[sync_supers]
root&89&0.0&0.0&0&0&?&S&&[bdi-default]
root&90&0.0&0.0&0&0&?&S&&[kintegrityd/0]
root&91&0.0&0.0&0&0&?&S&&[kintegrityd/1]
root&92&0.0&0.0&0&0&?&S&&[kintegrityd/2]
root&93&0.0&0.0&0&0&?&S&&[kintegrityd/3]
root&94&0.0&0.0&0&0&?&S&&[kintegrityd/4]
root&95&0.0&0.0&0&0&?&S&&[kintegrityd/5]
root&96&0.0&0.0&0&0&?&S&&[kintegrityd/6]
root&97&0.0&0.0&0&0&?&S&&[kintegrityd/7]
root&98&0.0&0.0&0&0&?&S&&[kintegrityd/8]
root&99&0.0&0.0&0&0&?&S&&[kintegrityd/9]
root&100&0.0&0.0&0&0&?&S&&[kintegrityd/10]
root&101&0.0&0.0&0&0&?&S&&[kintegrityd/11]
root&102&0.0&0.0&0&0&?&S&&[kintegrityd/12]
root&103&0.0&0.0&0&0&?&S&&[kintegrityd/13]
root&104&0.0&0.0&0&0&?&S&&[kintegrityd/14]
root&105&0.0&0.0&0&0&?&S&&[kintegrityd/15]
root&106&0.0&0.0&0&0&?&S&&[kblockd/0]
root&107&0.0&0.0&0&0&?&S&&[kblockd/1]
root&108&0.0&0.0&0&0&?&S&&[kblockd/2]
root&109&0.0&0.0&0&0&?&S&&[kblockd/3]
root&110&0.0&0.0&0&0&?&S&&[kblockd/4]
root&111&0.0&0.0&0&0&?&S&&[kblockd/5]
root&112&0.0&0.0&0&0&?&S&&[kblockd/6]
root&113&0.0&0.0&0&0&?&S&&[kblockd/7]
root&114&0.0&0.0&0&0&?&S&&[kblockd/8]
root&115&0.0&0.0&0&0&?&S&&[kblockd/9]
root&116&0.0&0.0&0&0&?&S&&[kblockd/10]
root&117&0.0&0.0&0&0&?&S&&[kblockd/11]
root&118&0.0&0.0&0&0&?&S&&[kblockd/12]
root&119&0.0&0.0&0&0&?&S&&[kblockd/13]
root&120&0.0&0.0&0&0&?&S&&[kblockd/14]
root&121&0.0&0.0&0&0&?&S&&[kblockd/15]
root&122&0.0&0.0&0&0&?&S&&[kacpid]
root&123&0.0&0.0&0&0&?&S&&[kacpi_notify]
root&124&0.0&0.0&0&0&?&S&&[kacpi_hotplug]
root&125&0.0&0.0&0&0&?&S&&[ata_aux]
root&126&0.0&0.0&0&0&?&S&&[ata_sff/0]
root&127&0.0&0.0&0&0&?&S&&[ata_sff/1]
root&128&0.0&0.0&0&0&?&S&&[ata_sff/2]
root&129&0.0&0.0&0&0&?&S&&[ata_sff/3]
root&130&0.0&0.0&0&0&?&S&&[ata_sff/4]
root&131&0.0&0.0&0&0&?&S&&[ata_sff/5]
root&132&0.0&0.0&0&0&?&S&&[ata_sff/6]
root&133&0.0&0.0&0&0&?&S&&[ata_sff/7]
root&134&0.0&0.0&0&0&?&S&&[ata_sff/8]
root&135&0.0&0.0&0&0&?&S&&[ata_sff/9]
root&136&0.0&0.0&0&0&?&S&&[ata_sff/10]
root&137&0.0&0.0&0&0&?&S&&[ata_sff/11]
root&138&0.0&0.0&0&0&?&S&&[ata_sff/12]
root&139&0.0&0.0&0&0&?&S&&[ata_sff/13]
root&140&0.0&0.0&0&0&?&S&&[ata_sff/14]
root&141&0.0&0.0&0&0&?&S&&[ata_sff/15]
root&142&0.0&0.0&0&0&?&S&&[ksuspend_usbd]
root&143&0.0&0.0&0&0&?&S&&[khubd]
root&144&0.0&0.0&0&0&?&S&&[kseriod]
root&145&0.0&0.0&0&0&?&S&&[md/0]
root&146&0.0&0.0&0&0&?&S&&[md/1]
root&147&0.0&0.0&0&0&?&S&&[md/2]
root&148&0.0&0.0&0&0&?&S&&[md/3]
root&149&0.0&0.0&0&0&?&S&&[md/4]
root&150&0.0&0.0&0&0&?&S&&[md/5]
root&151&0.0&0.0&0&0&?&S&&[md/6]
root&152&0.0&0.0&0&0&?&S&&[md/7]
root&153&0.0&0.0&0&0&?&S&&[md/8]
root&154&0.0&0.0&0&0&?&S&&[md/9]
root&155&0.0&0.0&0&0&?&S&&[md/10]
root&156&0.0&0.0&0&0&?&S&&[md/11]
root&157&0.0&0.0&0&0&?&S&&[md/12]
root&158&0.0&0.0&0&0&?&S&&[md/13]
root&159&0.0&0.0&0&0&?&S&&[md/14]
root&160&0.0&0.0&0&0&?&S&&[md/15]
root&161&0.0&0.0&0&0&?&S&&[md_misc/0]
root&162&0.0&0.0&0&0&?&S&&[md_misc/1]
root&163&0.0&0.0&0&0&?&S&&[md_misc/2]
root&164&0.0&0.0&0&0&?&S&&[md_misc/3]
root&165&0.0&0.0&0&0&?&S&&[md_misc/4]
root&166&0.0&0.0&0&0&?&S&&[md_misc/5]
root&167&0.0&0.0&0&0&?&S&&[md_misc/6]
root&168&0.0&0.0&0&0&?&S&&[md_misc/7]
root&169&0.0&0.0&0&0&?&S&&[md_misc/8]
root&170&0.0&0.0&0&0&?&S&&[md_misc/9]
root&171&0.0&0.0&0&0&?&S&&[md_misc/10]
root&172&0.0&0.0&0&0&?&S&&[md_misc/11]
root&173&0.0&0.0&0&0&?&S&&[md_misc/12]
root&174&0.0&0.0&0&0&?&S&&[md_misc/13]
root&175&0.0&0.0&0&0&?&S&&[md_misc/14]
root&176&0.0&0.0&0&0&?&S&&[md_misc/15]
root&177&0.0&0.0&0&0&?&S&&[linkwatch]
root&178&0.0&0.0&0&0&?&S&&[khungtaskd]
root&179&0.0&0.0&0&0&?&S&&[kswapd0]
root&180&0.0&0.0&0&0&?&S&&[kswapd1]
root&181&0.0&0.0&0&0&?&S&&[kswapd2]
root&182&0.0&0.0&0&0&?&S&&[kswapd3]
root&183&0.0&0.0&0&0&?&SN&&[ksmd]
root&184&0.0&0.0&0&0&?&SN&&[khugepaged]
root&185&0.0&0.0&0&0&?&S&&[aio/0]
root&186&0.0&0.0&0&0&?&S&&[aio/1]
root&187&0.0&0.0&0&0&?&S&&[aio/2]
root&188&0.0&0.0&0&0&?&S&&[aio/3]
root&189&0.0&0.0&0&0&?&S&&[aio/4]
root&190&0.0&0.0&0&0&?&S&&[aio/5]
root&191&0.0&0.0&0&0&?&S&&[aio/6]
root&192&0.0&0.0&0&0&?&S&&[aio/7]
root&193&0.0&0.0&0&0&?&S&&[aio/8]
root&194&0.0&0.0&0&0&?&S&&[aio/9]
root&195&0.0&0.0&0&0&?&S&&[aio/10]
root&196&0.0&0.0&0&0&?&S&&[aio/11]
root&197&0.0&0.0&0&0&?&S&&[aio/12]
root&198&0.0&0.0&0&0&?&S&&[aio/13]
root&199&0.0&0.0&0&0&?&S&&[aio/14]
root&200&0.0&0.0&0&0&?&S&&[aio/15]
root&201&0.0&0.0&0&0&?&S&&[crypto/0]
root&202&0.0&0.0&0&0&?&S&&[crypto/1]
root&203&0.0&0.0&0&0&?&S&&[crypto/2]
root&204&0.0&0.0&0&0&?&S&&[crypto/3]
root&205&0.0&0.0&0&0&?&S&&[crypto/4]
root&206&0.0&0.0&0&0&?&S&&[crypto/5]
root&207&0.0&0.0&0&0&?&S&&[crypto/6]
root&208&0.0&0.0&0&0&?&S&&[crypto/7]
root&209&0.0&0.0&0&0&?&S&&[crypto/8]
root&210&0.0&0.0&0&0&?&S&&[crypto/9]
root&211&0.0&0.0&0&0&?&S&&[crypto/10]
root&212&0.0&0.0&0&0&?&S&&[crypto/11]
root&213&0.0&0.0&0&0&?&S&&[crypto/12]
root&214&0.0&0.0&0&0&?&S&&[crypto/13]
root&215&0.0&0.0&0&0&?&S&&[crypto/14]
root&216&0.0&0.0&0&0&?&S&&[crypto/15]
root&221&0.0&0.0&0&0&?&S&&[kthrotld/0]
root&222&0.0&0.0&0&0&?&S&&[kthrotld/1]
root&223&0.0&0.0&0&0&?&S&&[kthrotld/2]
root&224&0.0&0.0&0&0&?&S&&[kthrotld/3]
root&225&0.0&0.0&0&0&?&S&&[kthrotld/4]
root&226&0.0&0.0&0&0&?&S&&[kthrotld/5]
root&227&0.0&0.0&0&0&?&S&&[kthrotld/6]
root&228&0.0&0.0&0&0&?&S&&[kthrotld/7]
root&229&0.0&0.0&0&0&?&S&&[kthrotld/8]
root&230&0.0&0.0&0&0&?&S&&[kthrotld/9]
root&231&0.0&0.0&0&0&?&S&&[kthrotld/10]
root&232&0.0&0.0&0&0&?&S&&[kthrotld/11]
root&233&0.0&0.0&0&0&?&S&&[kthrotld/12]
root&234&0.0&0.0&0&0&?&S&&[kthrotld/13]
root&235&0.0&0.0&0&0&?&S&&[kthrotld/14]
root&236&0.0&0.0&0&0&?&S&&[kthrotld/15]
root&237&0.0&0.0&0&0&?&S&&[pciehpd]
root&239&0.0&0.0&0&0&?&S&&[kpsmoused]
root&240&0.0&0.0&0&0&?&S&&[usbhid_resumer]
root&270&0.0&0.0&0&0&?&S&&[kstriped]
root&336&0.0&0.0&&?&Ssl&13:31&0:01&./zou
root&375&0.0&0.0&0&0&?&S&&[scsi_eh_0]
root&376&0.0&0.0&0&0&?&S&&[scsi_eh_1]
root&415&0.0&0.0&&?&Ssl&13:31&0:00&/usr/bin/.sshd
root&463&0.0&0.0&0&0&?&S&&[scsi_eh_2]
root&464&0.0&0.0&0&0&?&S&&[vmw_pvscsi_wq_2]
root&506&0.0&0.0&0&0&?&S&&[jbd2/sda1-8]
root&507&0.0&0.0&0&0&?&S&&[ext4-dio-unwrit]
root&539&0.0&0.0&888&276&?&Ss&13:31&0:02&/etc/.zl
root&592&0.0&0.0&&?&S&s&&/sbin/udevd&-d
root&785&0.0&0.0&0&0&?&S&&[vmmemctl]
root&975&0.0&0.0&2&?&Sl&13:32&0:01&/etc/.System
root&976&0.0&0.0&&?&S&13:32&0:00&/etc/.System
root&980&0.0&0.0&&?&S&13:32&0:00&./dbuspm-session&/etc/.System&RunByP975
root&&0.0&&?&S&&&/sbin/udevd&-d
root&&0.0&&?&S&&&/sbin/udevd&-d
root&&0.0&0&0&?&S&&[flush-8:0]
root&&0.0&0&0&?&S&&[kauditd]
root&&0.0&8&?&S&&/usr/sbin/vmtoolsd
root&&0.0&&?&S&sl&&auditd
root&&0.0&&?&Ss&&/sbin/portreserve
root&&0.0&4&?&Sl&&/sbin/rsyslogd&-i&/var/run/syslogd.pid&root&&0.0&&?&Ss&&irqbalance&--pid=/var/run/irqbalance.dbus&&0.0&&?&Ss&&dbus-daemon&--system
root&&0.0&&?&Ss&&/usr/sbin/mcelog&--daemon
root&&0.0&&?&Ss&&/usr/sbin/sshd
root&&0.0&&?&Ss&&xinetd&-stayalive&-pidfile&/var/run/xinetd.root&&0.0&8&?&Ss&&/usr/sbin/abrtd
zabbix&&0.0&&?&S&&/usr/local/zabbix/sbin/zabbix_agentd
zabbix&&0.0&&?&S&&/usr/local/zabbix/sbin/zabbix_agentd:&zabbix&&0.0&&?&S&&/usr/local/zabbix/sbin/zabbix_agentd:&zabbix&&0.0&&?&S&&/usr/local/zabbix/sbin/zabbix_agentd:&zabbix&&0.0&&?&S&&/usr/local/zabbix/sbin/zabbix_agentd:&zabbix&&0.0&&?&S&&/usr/local/zabbix/sbin/zabbix_agentd:&root&&0.0&&?&Ss&&/usr/sbin/atd
root&&0.0&&?&Ss&&/usr/bin/rhsmcertd
root&&0.1&16&?&Sl&&/usr/bin/python&/usr/bin/salt-minion
root&&0.0&&?&Ss&&/usr/sbin/certmonger&-S&-p&/var/run/certmonger.root&&0.5&164&?&S&sl&&mfsmount&/data/&-H&193.167.10.11
root&&0.0&&tty2&Ss+&&/sbin/mingetty&/dev/tty2
root&&0.0&&tty3&Ss+&&/sbin/mingetty&/dev/tty3
root&&0.0&&tty4&Ss+&&/sbin/mingetty&/dev/tty4
root&&0.0&&tty5&Ss+&&/sbin/mingetty&/dev/tty5
root&&0.0&&tty6&Ss+&&/sbin/mingetty&/dev/tty6
root&&0.0&0&?&S&Mar09&0:00&/bin/sh&/jboss-4.2.3/bin/run3.sh&-b
root&&7.7&0144&?&Sl&Mar09&104:30&/usr/local/jdk1.6.0_45/bin/java&-Dprogram.root&&0.0&4&?&S&Mar09&0:00&/bin/sh&/jboss-4.2.3/bin/run4.sh&-b
查看网络监听
root&&5.0&4588&?&Sl&Mar09&201:23&/usr/local/jdk1.6.0_45/bin/java&-Dprogram.root&&0.0&0&?&Ss&13:42&0:00&sshd:&root@pts/0
root&&0.0&4&pts/0&Ss+&13:42&0:00&-bash
root&.2&92&?&Sl&13:45&519:56&/etc/.yam&-c&x&-M&stratum+tcp://47CunEQ4v8FPVNnw9mDgNZeaiSo6SVDydB3AZM341ZtdYpBYNmYeqhh4mpU1X6RSmgBTfC8xqaAtUGC2DArotyaKSz1LJyj.nagios&&0.0&&?&Ss&&/usr/local/nagios/bin/nrpe&-c&/etc/nagios/root&&0.0&8&?&Ss&13:46&0:00&sshd:&root@pts/1
root&&0.0&4&pts/1&Ss&13:46&0:00&-bash
root&&0.0&4&pts/0&S&13:49&0:00&/bin/sh&/jboss-4.2.3/bin/run2.sh&-b
root&&8.1&4088&pts/0&Sl&13:49&4:39&/usr/local/jdk1.6.0_45/bin/java&-Dprogram.root&&0.0&0&?&Ss&13:58&0:00&sshd:&root@pts/3
root&&0.0&8&pts/3&Ss+&13:58&0:00&-bash
root&&0.0&0&?&Ss&14:00&0:00&sshd:&wclog&[priv]
wclog&&0.0&6&?&S&14:00&0:00&sshd:&wclog@pts/4
wclog&&0.0&4&pts/4&Ss+&14:00&0:00&-bash
root&&0.0&0&?&Ss&Jan21&0:51&crond
root&&0.0&&?&Ssl&14:03&0:00&/jboss-4.2.3/bin/zou
root&&0.0&&?&Ssl&14:03&0:00&/usr/bin/.sshd
root&&0.0&8&?&Ss&14:05&0:00&sshd:&root@pts/6
root&&0.0&0&pts/6&Ss+&14:05&0:00&-bash
root&&0.0&4&?&Ss&14:08&0:00&sshd:&root@pts/8
root&&0.0&4&pts/8&Ss&14:10&0:00&-bash
root&&0.0&&?&Ssl&14:10&0:00&/tmp/.lz
root&&0.0&&pts/1&S+&14:14&0:00&less
root&&0.0&2&?&Sl&09:48&0:00&/usr/sbin/console-kit-daemon&--no-daemon
root&&0.0&2&?&Ss&10:03&0:00&sshd:&wclog&[priv]
wclog&&0.0&4&?&S&10:03&0:01&sshd:&wclog@pts/5
wclog&&0.0&8&pts/5&Ss+&10:03&0:00&-bash
root&&0.0&&tty1&Ss+&10:18&0:00&/sbin/mingetty&/dev/tty1
root&&0.0&&pts/8&S+&14:19&0:00&ps&aux
root&&0.0&6&pts/8&R+&14:19&0:00&/usr/bin/dpkgd/ps&aux
[root@app130-33&bin]#
[root@app130-33&bin]#&netstat&-tnpl
Active&Internet&connections&(only&servers)
Proto&Recv-Q&Send-Q&Local&Address&Foreign&Address&State&PID/Program&name
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&3660/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&2971/java
tcp&0&0&127.0.0.1:.0.0:*&LISTEN&1983/mfsmount
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:22&0.0.0.0:*&LISTEN&1854/sshd
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
除了zabbix_agentd,&nagios&nrpe&和&mfsmount&,sshd&其他都是java业务进程监听端口
查看可疑进程的详细情况
梳理的可疑进程列表
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&10046/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&2971/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&10046/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&2971/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&7941/nrpe
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&1916/zabbix_agentd
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&10046/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&3660/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&10046/java
tcp&0&0&:::22&:::*&LISTEN&1854/sshd
tcp&0&0&:::5666&:::*&LISTEN&7941/nrpe
root&336&0.0&0.0&&?&Ssl&13:31&0:01&./zou
root&415&0.0&0.0&&?&Ssl&13:31&0:00&/usr/bin/.sshd
root&539&0.0&0.0&888&276&?&Ss&13:31&0:02&/etc/.zl
root&975&0.0&0.0&2&?&Sl&13:32&0:01&/etc/.System
root&976&0.0&0.0&&?&S&13:32&0:00&/etc/.System
root&980&0.0&0.0&&?&S&13:32&0:00&./dbuspm-session&/etc/.System&RunByP975
root&.2&92&?&Sl&13:45&519:56&/etc/.yam&-c&x&-M&stratum+tcp:/
root&&0.0&&?&Ssl&14:03&0:00&/jboss-4.2.3/bin/zou
root&&0.0&&?&Ssl&14:03&0:00&/usr/bin/.sshd
root&&0.0&&?&Ssl&14:10&0:00&/tmp/.lz
[root@app130-33&bin]#&lsof&-p&336
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
zou&336&root&cwd&DIR&8,1&&/jboss-4.2.3/bin
zou&336&root&rtd&DIR&8,1&4096&2&/
zou&336&root&txt®&8,1&0013&/jboss-4.2.3/bin/zou&(deleted)
zou&336&root&0u&CHR&1,3&0t0&3968&/dev/null
zou&336&root&1u&CHR&1,3&0t0&3968&/dev/null
zou&336&root&2u&CHR&1,3&0t0&3968&/dev/null
zou&336&root&3uW®&8,1&3&1704074&/tmp/gates.lod&(deleted)
[root@app130-33&bin]#&lsof&-p&415
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
.sshd&415&root&cwd&DIR&8,1&&/jboss-4.2.3/bin
.sshd&415&root&rtd&DIR&8,1&4096&2&/
.sshd&415&root&txt®&8,1&307&/usr/bin/.sshd&(deleted)
.sshd&415&root&0u&CHR&1,3&0t0&3968&/dev/null
.sshd&415&root&1u&CHR&1,3&0t0&3968&/dev/null
.sshd&415&root&2u&CHR&1,3&0t0&3968&/dev/null
.sshd&415&root&3uW®&8,1&3&1704082&/tmp/moni.lod&(deleted)
[root@app130-33&bin]#&lsof&-p&539
‘COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
.zl&539&root&cwd&DIR&8,1&&/jboss-4.2.3/bin
.zl&539&root&rtd&DIR&8,1&4096&2&/
.zl&539&root&txt®&8,1&0898&/etc/.zl
.zl&539&root&0r&CHR&1,3&0t0&3968&/dev/null
.zl&539&root&1w&FIFO&0,8&0t0&&pipe
.zl&539&root&2w&FIFO&0,8&0t0&&pipe
[root@app130-33&bin]#&lsof&-p&976
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
.System&976&root&cwd&DIR&8,1&3937&/tmp
.System&976&root&rtd&DIR&8,1&4096&2&/
.System&976&root&txt®&8,1&0903&/etc/.System
.System&976&root&0u&sock&0,6&0t0&&can‘t&identify&protocol
[root@app130-33&bin]#
[root@app130-33&bin]#&lsof&-p&980
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
dbuspm-se&980&root&cwd&DIR&8,1&3937&/tmp
dbuspm-se&980&root&rtd&DIR&8,1&4096&2&/
dbuspm-se&980&root&txt®&8,1&5&/tmp/dbuspm-session&(deleted)
dbuspm-se&980&root&mem®&8,1&038&/lib64/ld-2.12.so
dbuspm-se&980&root&mem®&8,1&039&/lib64/libc-2.12.so
dbuspm-se&980&root&0r&CHR&1,3&0t0&3968&/dev/null
zou&336&root&3uW®&8,1&3&1704074&/tmp/gates.lod&(deleted)
zou&336&root&4u&IPv4&t0&TCP&app130-33:2.218.121:7759&(ESTABLISHED)
[root@app130-33&bin]#&lsof&-p&975
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
.System&975&root&cwd&DIR&8,1&3937&/tmp
.System&975&root&rtd&DIR&8,1&4096&2&/
.System&975&root&txt®&8,1&0903&/etc/.System
.System&975&root&mem®&8,1&038&/lib64/ld-2.12.so
.System&975&root&mem®&8,1&039&/lib64/libc-2.12.so
.System&975&root&mem®&8,1&046&/lib64/libresolv-2.12.so
.System&975&root&mem®&8,1&&/lib64/libnss_dns-2.12.so
.System&975&root&mem®&8,1&&/lib64/libnss_files-2.12.so
.System&975&root&0u&IPv4&t0&TCP&app130-33:55.128.178:29135&(ESTABLISHED)
[root@app130-33&bin]#&lsof&-p&7601
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
.yam&7601&root&cwd&DIR&8,1&&/root
.yam&7601&root&rtd&DIR&8,1&4096&2&/
.yam&7601&root&txt®&8,1&0905&/etc/.yam
.yam&7601&root&mem®&8,1&038&/lib64/ld-2.12.so
[root@app130-33&bin]#&lsof&-p&18894
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
.sshd&18894&root&cwd&DIR&8,1&&/jboss-4.2.3/bin
.sshd&18894&root&rtd&DIR&8,1&4096&2&/
.sshd&18894&root&txt®&8,1&354&/usr/bin/.sshd
.sshd&18894&root&0u&CHR&1,3&0t0&3968&/dev/null
.sshd&18894&root&1u&CHR&1,3&0t0&3968&/dev/null
.sshd&18894&root&2u&CHR&1,3&0t0&3968&/dev/null
.sshd&18894&root&3uW®&8,1&5&1703947&/tmp/moni.lod
服务登陆记录
[root@app130-33&bin]#&last
root&pts/2&193.167.10.47&Tue&Mar&14&14:36&still&logged&in
root&pts/8&193.167.10.86&Tue&Mar&14&14:10&still&logged&in
root&pts/7&193.167.10.47&Tue&Mar&14&14:07&-&14:13&(00:05)
root&pts/6&10.8.0.118&Tue&Mar&14&14:05&still&logged&in
root&pts/6&10.8.0.118&Tue&Mar&14&14:00&-&14:04&(00:04)
wclog&pts/4&10.8.1.158&Tue&Mar&14&14:00&-&14:30&(00:30)
root&pts/3&10.8.0.6&Tue&Mar&14&13:58&still&logged&in
root&pts/1&10.8.0.14&Tue&Mar&14&13:46&still&logged&in
root&pts/0&10.8.0.242&Tue&Mar&14&13:42&still&logged&in
wclog&pts/0&10.8.1.158&Tue&Mar&14&12:19&-&12:49&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&11:49&-&12:19&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&11:19&-&11:49&(00:30)
.yam&7601&root&mem®&8,1&039&/lib64/libc-2.12.so
.yam&7601&root&mem®&8,1&046&/lib64/libresolv-2.12.so
.yam&7601&root&mem®&8,1&&/lib64/libnss_dns-2.12.so
.yam&7601&root&mem®&8,1&&/lib64/libnss_files-2.12.so
.yam&7601&root&0r&CHR&1,3&0t0&3968&/dev/null
.yam&7601&root&1w®&8,1&2&/root/myout.file
.yam&7601&root&2w®&8,1&2&/root/myout.file
.yam&7601&root&3u®&0,9&0&3966&[eventfd]
.yam&7601&root&4u®&0,9&0&3966&[eventpoll]
.yam&7601&root&5u®&0,9&0&3966&[timerfd]
.yam&7601&root&6u&IPv4&t0&TCP&app130-33:22516-&ns377151.ip-94-23-55.eu:mxi&.yam&7601&root&7r&FIFO&0,8&0t0&&pipe
.yam&7601&root&8w&FIFO&0,8&0t0&&pipe
[root@app130-33&bin]#&lsof&-p&18785
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
zou&18785&root&cwd&DIR&8,1&&/jboss-4.2.3/bin
zou&18785&root&rtd&DIR&8,1&4096&2&/
zou&18785&root&txt®&8,1&9010&/jboss-4.2.3/bin/zou
zou&18785&root&0u&CHR&1,3&0t0&3968&/dev/null
zou&18785&root&1u&CHR&1,3&0t0&3968&/dev/null
zou&18785&root&2u&CHR&1,3&0t0&3968&/dev/null
zou&18785&root&3uW®&8,1&5&1703940&/tmp/gates.lod
zou&18785&root&4u&IPv4&t0&TCP&app130-33:2.218.121:7759&(SYN_SENT)
[root@app130-33&bin]#&lsof&-p&23720
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
.lz20&root&cwd&DIR&8,1&&/jboss-4.2.3/bin
.lz20&root&rtd&DIR&8,1&4096&2&/
.lz20&root&txt®&8,1&3943&/tmp/.lz
.lz20&root&0r&CHR&1,3&0t0&3968&/dev/null
.lz20&root&1w&FIFO&0,8&0t0&&pipe
.lz20&root&2w&FIFO&0,8&0t0&&pipe
.lz20&root&3r&IPv4&t0&TCP&app130-33:ewctsp-&222.186.59.156:exp1
服务登陆记录
[root@app130-33&bin]#&last
root&pts/2&193.167.10.47&Tue&Mar&14&14:36&still&logged&in
root&pts/8&193.167.10.86&Tue&Mar&14&14:10&still&logged&in
root&pts/7&193.167.10.47&Tue&Mar&14&14:07&-&14:13&(00:05)
root&pts/6&10.8.0.118&Tue&Mar&14&14:05&still&logged&in
root&pts/6&10.8.0.118&Tue&Mar&14&14:00&-&14:04&(00:04)
wclog&pts/4&10.8.1.158&Tue&Mar&14&14:00&-&14:30&(00:30)
root&pts/3&10.8.0.6&Tue&Mar&14&13:58&still&logged&in
root&pts/1&10.8.0.14&Tue&Mar&14&13:46&still&logged&in
root&pts/0&10.8.0.242&Tue&Mar&14&13:42&still&logged&in
wclog&pts/0&10.8.1.158&Tue&Mar&14&12:19&-&12:49&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&11:49&-&12:19&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&11:19&-&11:49&(00:30)
root&pts/1&10.8.0.6&Tue&Mar&14&11:08&-&11:38&(00:30)
wclog&pts/2&10.8.0.90&Tue&Mar&14&10:51&-&14:13&(03:21)
wclog&pts/2&10.8.0.90&Tue&Mar&14&10:50&-&10:51&(00:00)
wclog&pts/0&10.8.1.158&Tue&Mar&14&10:49&-&11:19&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&10:19&-&10:49&(00:30)
root&pts/1&10.8.0.118&Tue&Mar&14&10:12&-&10:56&(00:43)
wclog&pts/6&10.8.0.90&Tue&Mar&14&10:04&-&10:52&(00:48)
wclog&pts/5&10.8.0.26&Tue&Mar&14&10:03&-&14:31&(04:27)
root&pts/4&10.8.0.242&Tue&Mar&14&10:00&-&10:21&(00:21)
root&pts/3&10.8.0.6&Tue&Mar&14&09:55&-&10:25&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&09:48&-&10:18&(00:30)
root&tty1&Tue&Mar&14&09:48&-&10:18&(00:30)
wclog&pts/2&10.8.0.38&Tue&Mar&14&09:43&-&10:13&(00:30)
root&pts/1&10.8.0.14&Tue&Mar&14&09:40&-&10:10&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&09:18&-&09:48&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&08:48&-&09:18&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&08:18&-&08:48&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&07:48&-&08:18&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&07:18&-&07:48&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&06:48&-&07:18&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&06:18&-&06:48&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&05:48&-&06:18&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&05:17&-&05:48&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&04:47&-&05:17&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&04:17&-&04:47&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&03:47&-&04:17&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&03:17&-&03:47&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&02:47&-&03:17&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&02:17&-&02:47&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&01:47&-&02:17&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&01:17&-&01:47&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&00:47&-&01:17&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&00:17&-&00:47&(00:30)
sshd在线情况
[root@app130-33&bin]#&w
14:38:45&up&105&days,&2:57,&6&users,&load&average:&11.31,&12.82,&13.96
USER&TTY&FROM&LOGIN@&IDLE&JCPU&PCPU&WHAT
root&pts/0&10.8.0.242&13:42&26.00s&6:01&0.39s&-bash
root&pts/1&10.8.0.14&13:46&3:15&0.11s&0.11s&-bash
root&pts/2&193.167.10.47&14:36&2.00s&0.03s&0.03s&-bash
root&pts/3&10.8.0.6&13:58&41.00s&0.06s&0.06s&-bash
root&pts/6&10.8.0.118&14:05&2:46&0.30s&0.30s&-bash
root&pts/8&193.167.10.86&14:10&0.00s&0.30s&0.00s&w
杀掉可以进程,中断黑客活动
[root@app130-33&bin]#&kill&-9&336&415&539&975&976&980&&
查黑客文件的时间
[root@app130-33&tmp]#&stat&.lz
File:&".lz"
Size:&727556&Blocks:&1424&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&1703943&Links:&1
Access:&(0777/-rwxrwxrwx)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&14:10:11.&+0800
Modify:&&20:27:26.&+0800
Change:&&14:10:11.&+0800
[root@app130-33&tmp]#&stat&/jboss-4.2.3/bin/zou
File:&"/jboss-4.2.3/bin/zou"
Size:&1223123&Blocks:&2392&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&1839010&Links:&1
Access:&(0644/-rw-r--r--)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&14:03:13.&+0800
Modify:&&14:03:12.&+0800
Change:&&14:44:23.&+0800
[root@app130-33&tmp]#&stat&/usr/bin/.sshd
File:&"/usr/bin/.sshd"
Size:&1223123&Blocks:&2392&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&298354&Links:&1
Access:&(0755/-rwxr-xr-x)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&14:03:22.&+0800
Modify:&&14:03:21.&+0800
Change:&&14:03:21.&+0800
[root@app130-33&tmp]#&stat&/tmp/moni.lod
File:&"/tmp/moni.lod"
Size:&5&Blocks:&8&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&1703947&Links:&1
Access:&(0777/-rwxrwxrwx)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&14:26:49.&+0800
Modify:&&14:03:23.&+0800
Change:&&14:10:09.&+0800
[root@app130-33&tmp]#&stat&/etc/.zl
File:&"/etc/.zl"
Size:&727556&Blocks:&1424&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&1450898&Links:&1
Access:&(0777/-rwxrwxrwx)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&13:31:28.&+0800
Modify:&&20:27:26.&+0800
Change:&&13:31:28.&+0800
[root@app130-33&tmp]#&stat&/etc/.System
File:&"/etc/.System"
Size:&1820918&Blocks:&3560&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&1450903&Links:&1
Access:&(0777/-rwxrwxrwx)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&13:32:05.&+0800
Modify:&&01:30:04.&+0800
Change:&&13:32:05.&+0800
[root@app130-33&tmp]#&stat&/tmp/dbuspm-session
stat:&无法获取"/tmp/dbuspm-session"&的文件状态(stat):&没有那个文件或目录
[root@app130-33&tmp]#&stat&/etc/.yam
File:&"/etc/.yam"
Size:&3867096&Blocks:&7560&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&1450905&Links:&1
Access:&(0777/-rwxrwxrwx)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&13:45:01.&+0800
Modify:&&03:24:45.&+0800
Change:&&13:44:44.&+0800
[root@app130-33&tmp]#&stat&/root/myout.file
File:&"/root/myout.file"
Size:&21706&Blocks:&56&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&1190862&Links:&1
Access:&(0644/-rw-r--r--)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&14:38:03.&+0800
Modify:&&14:47:42.&+0800
Change:&&14:47:42.&+0800
[root@app130-33&tmp]#&stat&/tmp/gates.lod
File:&"/tmp/gates.lod"
Size:&5&Blocks:&8&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&1703940&Links:&1
Access:&(0777/-rwxrwxrwx)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&14:03:16.&+0800
Modify:&&14:03:16.&+0800
Change:&&14:10:09.&+0800问题分析:已经确认漏洞点是在struts2,在几个确定的版本中,struts2会执行http请求header的content-type中的代码,攻击者可以直接利用这个漏洞在应用所在的服务器上篡改各种命令,生成各种木马,从而导致应用所在的服务器轮为DDOS的肉鸡或挖矿工具,更为甚者导致数据泄露。解决方案:1. 根据木马的特征,编写相应的脚本每分钟做扫描,定时终止木马进程,保证木马没有可执行环境。2. 根据木马目前入侵的位置,定时删除相应目录下的可执行文件,保证木马没有可执行的内容。3. 降低jboss进程在操作系统的权限,改为非root用户启动,预防被攻入后木马可以随意在系统篡改内容。4. 根据apache官方和安全网站的建议,修改struts2对于content-type执行的判断,拒绝非法内容的执行。5. 升级struts2的版本到制定版本参考资料:本文出自 “” 博客,请务必保留此出处标签:&&&&&&&&&&&&&&&&&&原文:http://strongit.blog.51cto.com/7248
教程昨日排行
&&国之画&&&& &&&&&&
&& &&&&&&&&&&&&&&
鲁ICP备号-4
打开技术之扣,分享程序人生!}
[www.bytx888.com] 扣篮是每个胖子都梦想达到的目标!【焦点暴走营】(流畅)
分享这个视频的人喜欢
分享这个视频的人也爱看
扎起马尾,你
热门视频推荐
热门日志推荐
同类视频推荐
北京千橡网景科技发展有限公司:
文网文[号··京公网安备号·甲测资字
文化部监督电子邮箱:wlwh@vip.sina.com··
文明办网文明上网举报电话: 举报邮箱:&&&&&&&&&&&&
请输入手机号,完成注册
请输入验证码
密码必须由6-20个字符组成
下载人人客户端
品评校花校草,体验校园广场再续服务器被肉鸡的经历-- struts2漏洞
时间: 22:36:46
&&&& 阅读:3126
&&&& 评论:
&&&& 收藏:0
标签:&&&&&&&&&&&&&&&&&&[root@app130-33&~]#&cat&myout.file&
YAM&-&Yet&Another&Miner&by&yvg1900
yam&M7v-linux64-core2/yvg1900
**********************************************************************************************************
*&Supported&coins:&PTS&MMC&MAX&GRS&DMD&DVK&MYR&BCN&QCN&FCN&XMR&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&Author:&yvg1900&(Twitter&@yvg1900)&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&XPT&protocol:&jh&(http://ypool.net)&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&Addresses&for&Thanks&and&Donations:&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&PTS:&PZxsEQoiMeB6tHcW2ZySBEiCPio1WkxbEL&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&XPM:&AW2388DEWNEfMH4rP9kcj9yKcMq1QywYT4&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&DTC:&D6PmUogMigWvXurgFTqm5VLxQeVpXdYQj3&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&MMC:&MVk7PuJCa9o6qTYeiQRJDd3uHxKXMrQuU6&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&<C:&Lby4YjhcAxhmbsdHFb4nYydrwGoiJezZt1&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&BTC:&1FxekeK5La7AuF3oxiLzPKnjXyLMrux6VT&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&NMC:&N9KXqmzEqP7gB2dGHpEZiRMgFjUHNM38FR&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&MAX:&mTEsqg9dp3U9YXwduKxhhhDx1TRPBcNRvA&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&NRS:&9qwyC34MCZ9XGopaNDNTnaMBtjAZhHvBd3&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&GRS:&FpHaQNJ2nMUc2kgBbzYue13E9VUfL8YbQp&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&DMD:&dEQZa7W7AczvUsjJkvWWrim1j8ZtgbAwXv&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&DVK:&D9o66V4h75JzWNpsaPidmKFVgwEf2DcDAX&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&MYR:&MFDpLPThL6D6vtWW42XobFNBpPdrJFPQb6&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*
*&&&XMR:&45w9aqVA6iVeMJ6jVHZPEyPqgVnBEAGhBBqGAW9ncXp44qbZy9vXkd2KpqYwcyVTQHF1kaSJm97GyceP3Y2dRMd7E9gyuZf&*
*&&&BCN:&2AcGMZmmNWTiLvAg5n7ywMCAxXTxysYGsi1xzba2ok4UPccWTLqRyKN7EnQYUpEWpqBw1c9EVZrqo2CUG8f8mbjG5NA9njF&*
*&&&QCN:&1V6wZP6aycYPbeafHxPcvaQfGs4M5kabHDQoTEsyCTT3HjccMyQbvEVNPoJuRc79XrPRYWESiAezyipWojpZ8bii3kczNgW&*
*&&&FCN:&6rNjXkY5YQzWiTMmDUbL5gYTWx9UTdUMSA98S1G3cTmhZN9Xp6kq4woGeoK5Q8B3fPZV6TFKs36zdHpZnYxA4BFK3fLpJzW&*
**********************************************************************************************************
Can¬&load&config&file&[x]
Miner&version:&yam&M7v-linux64-core2/yvg1900
Checking&target&[stratum+tcp://47CunEQ4v8FPVNnw9mDgNZeaiSo6SVDydB3AZM341ZtdYpBYNmYeqhh4mpU1X6RSmgBTfC8xqaAtUGC2DArotyaKSz1LJyj.f2bec1df3c6bf9a03c8ce785d333ff96bc65f9a2dfd6d26ae814:x@moria.dwarfpool.com:80:8100/xmr]...
Checking&XMR&optimizations&compatibility...
OK:&XMR&optimizations&are&compatible
Monero:&Determine&Algorithm&Variation&by&finetuning
Using&16&CPU&mining&threads
&&Will&mine&96&rounds&for&miner&developers&to&support&development&of&the&next&version
&&Follow&@yvg1900&on&Twitter&to&get&information&on&new&version&availability&on&time
Monero&Aggregated&Hash/sec:&?;&Rounds&Complete/Incomplete:&0/0,&Donated&Complete/Incomplete:&0/0;&Config/Worker&Hash/sec:&?/?&on&0&rounds&with&AV=1,&ART=?&&Fine-tuning:&IN&PROGRESS,&AV/RT:&1/0,&Best&AV/RT:&1/0
&&moria.dwarfpool.com:&Connecting,&Shares&Submitted&0,&Accepted&0
STRATUM-RPC2:&Logged&in&with&47CunEQ4v8FPVNnw9mDgNZeaiSo6SVDydB3AZM341ZtdYpBYNmYeqhh4mpU1X6RSmgBTfC8xqaAtUGC2DArotyaKSz1LJyj.f2bec1df3c6bf9a03c8ce785d333ff96bc65f9a2dfd6d26ae814
New&Monero&Block&nTime&
New&Monero&Block&nTime&
Monero&Aggregated&Hash/sec:&?;&Rounds&Complete/Incomplete:&0/0,&Donated&Complete/Incomplete:&0/0;&Config/Worker&Hash/sec:&?/?&on&0&rounds&with&AV=1,&ART=?&&Fine-tuning:&IN&PROGRESS,&AV/RT:&1/0,&Best&AV/RT:&1/0
&&moria.dwarfpool.com:&On-line,&Shares&Submitted&0,&Accepted&0
Monero&Aggregated&Hash/sec:&?;&Rounds&Complete/Incomplete:&16/0,&Donated&Complete/Incomplete:&0/0;&Config/Worker&Hash/sec:&?/21&on&16&rounds&with&AV=1,&ART=12474&&Fine-tuning:&IN&PROGRESS,&AV/RT:&1/0,&Best&AV/RT:&1/0
&&moria.dwarfpool.com:&On-line,&Shares&Submitted&0,&Accepted&0
Share&found&while&mining&for&developers处理过程:服务:
[root@app130-33&bin]#&date&-u
2017年&03月&14日&星期二&06:15:29&UTC
[root@app130-33&bin]#&date&-R
Tue,&14&Mar&:03&+0800
[root@app130-33&bin]#&ifconfig
eth0&Link&encap:Ethernet&HWaddr&00:50:56:B6:38:21
inet&addr:192.168.130.33&Bcast:192.168.130.255&Mask:255.255.255.0
inet6&addr:&fe80::250:56ff:feb6:3821/64&Scope:Link
UP&BROADCAST&RUNNING&MULTICAST&MTU:1500&Metric:1
RX&packets:&errors:0&dropped:0&overruns:0&frame:0
TX&packets:&errors:0&dropped:0&overruns:0&carrier:0
collisions:0&txqueuelen:1000
RX&bytes:&(472.3&GiB)&TX&bytes:&(591.2&GiB)
查看服务硬件
[root@app130-33&bin]#&lspci
00:18.4&PCI&bridge:&VMware&PCI&Express&Root&Port&(rev&01)
00:18.5&PCI&bridge:&VMware&PCI&Express&Root&Port&(rev&01)
00:18.6&PCI&bridge:&VMware&PCI&Express&Root&Port&(rev&01)
00:18.7&PCI&bridge:&VMware&PCI&Express&Root&Port&(rev&01)
显示为VMware的虚拟机
[root@app130-33&bin]#&ps&aux
USER&PID&%CPU&%MEM&VSZ&RSS&TTY&STAT&START&TIME&COMMAND
root&1&0.0&0.0&&?&Ss&&/sbin/init
root&2&0.0&0.0&0&0&?&S&&[kthreadd]
root&3&0.0&0.0&0&0&?&S&&[migration/0]
root&4&0.0&0.0&0&0&?&S&&[ksoftirqd/0]
root&5&0.0&0.0&0&0&?&S&&[migration/0]
root&6&0.0&0.0&0&0&?&S&&[watchdog/0]
root&7&0.0&0.0&0&0&?&S&&[migration/1]
root&8&0.0&0.0&0&0&?&S&&[migration/1]
root&9&0.0&0.0&0&0&?&S&&[ksoftirqd/1]
root&10&0.0&0.0&0&0&?&S&&[watchdog/1]
root&11&0.0&0.0&0&0&?&S&&[migration/2]
root&12&0.0&0.0&0&0&?&S&&[migration/2]
root&13&0.0&0.0&0&0&?&S&&[ksoftirqd/2]
root&14&0.0&0.0&0&0&?&S&&[watchdog/2]
root&15&0.0&0.0&0&0&?&S&&[migration/3]
root&16&0.0&0.0&0&0&?&S&&[migration/3]
root&17&0.0&0.0&0&0&?&S&&[ksoftirqd/3]
root&18&0.0&0.0&0&0&?&S&&[watchdog/3]
root&19&0.0&0.0&0&0&?&S&&[migration/4]
root&20&0.0&0.0&0&0&?&S&&[migration/4]
root&21&0.0&0.0&0&0&?&S&&[ksoftirqd/4]
root&22&0.0&0.0&0&0&?&S&&[watchdog/4]
root&23&0.0&0.0&0&0&?&S&&[migration/5]
root&24&0.0&0.0&0&0&?&S&&[migration/5]
root&25&0.0&0.0&0&0&?&S&&[ksoftirqd/5]
root&26&0.0&0.0&0&0&?&S&&[watchdog/5]
root&27&0.0&0.0&0&0&?&S&&[migration/6]
root&28&0.0&0.0&0&0&?&S&&[migration/6]
root&29&0.0&0.0&0&0&?&S&&[ksoftirqd/6]
root&30&0.0&0.0&0&0&?&S&&[watchdog/6]
root&31&0.0&0.0&0&0&?&S&&[migration/7]
root&32&0.0&0.0&0&0&?&S&&[migration/7]
root&33&0.0&0.0&0&0&?&S&&[ksoftirqd/7]
root&34&0.0&0.0&0&0&?&S&&[watchdog/7]
root&35&0.0&0.0&0&0&?&S&&[migration/8]
root&36&0.0&0.0&0&0&?&S&&[migration/8]
root&37&0.0&0.0&0&0&?&S&&[ksoftirqd/8]
root&38&0.0&0.0&0&0&?&S&&[watchdog/8]
root&39&0.0&0.0&0&0&?&S&&[migration/9]
root&40&0.0&0.0&0&0&?&S&&[migration/9]
root&41&0.0&0.0&0&0&?&S&&[ksoftirqd/9]
root&42&0.0&0.0&0&0&?&S&&[watchdog/9]
root&43&0.0&0.0&0&0&?&S&&[migration/10]
root&44&0.0&0.0&0&0&?&S&&[migration/10]
root&45&0.0&0.0&0&0&?&S&&[ksoftirqd/10]
root&46&0.0&0.0&0&0&?&S&&[watchdog/10]
root&47&0.0&0.0&0&0&?&S&&[migration/11]
root&48&0.0&0.0&0&0&?&S&&[migration/11]
root&49&0.0&0.0&0&0&?&S&&[ksoftirqd/11]
root&50&0.0&0.0&0&0&?&S&&[watchdog/11]
root&51&0.0&0.0&0&0&?&S&&[migration/12]
root&52&0.0&0.0&0&0&?&S&&[migration/12]
root&53&0.0&0.0&0&0&?&S&&[ksoftirqd/12]
root&54&0.0&0.0&0&0&?&S&&[watchdog/12]
root&55&0.0&0.0&0&0&?&S&&[migration/13]
root&56&0.0&0.0&0&0&?&S&&[migration/13]
root&57&0.0&0.0&0&0&?&S&&[ksoftirqd/13]
root&58&0.0&0.0&0&0&?&S&&[watchdog/13]
root&59&0.0&0.0&0&0&?&S&&[migration/14]
root&60&0.0&0.0&0&0&?&S&&[migration/14]
root&61&0.0&0.0&0&0&?&S&&[ksoftirqd/14]
root&62&0.0&0.0&0&0&?&S&&[watchdog/14]
root&63&0.0&0.0&0&0&?&S&&[migration/15]
root&64&0.0&0.0&0&0&?&S&&[migration/15]
root&65&0.0&0.0&0&0&?&S&&[ksoftirqd/15]
root&66&0.0&0.0&0&0&?&S&&[watchdog/15]
root&67&0.0&0.0&0&0&?&S&&[events/0]
root&68&0.0&0.0&0&0&?&S&&[events/1]
root&69&0.0&0.0&0&0&?&S&&[events/2]
root&70&0.0&0.0&0&0&?&S&&[events/3]
root&71&0.0&0.0&0&0&?&S&&[events/4]
root&72&0.0&0.0&0&0&?&S&&[events/5]
root&73&0.0&0.0&0&0&?&S&&[events/6]
root&74&0.0&0.0&0&0&?&S&&[events/7]
root&75&0.0&0.0&0&0&?&S&&[events/8]
root&76&0.0&0.0&0&0&?&S&&[events/9]
root&77&0.0&0.0&0&0&?&S&&[events/10]
root&78&0.0&0.0&0&0&?&S&&[events/11]
root&79&0.0&0.0&0&0&?&S&&[events/12]
root&80&0.0&0.0&0&0&?&S&&[events/13]
root&81&0.0&0.0&0&0&?&S&&[events/14]
root&82&0.0&0.0&0&0&?&S&&[events/15]
root&83&0.0&0.0&0&0&?&S&&[cgroup]
root&84&0.0&0.0&0&0&?&S&&[khelper]
root&85&0.0&0.0&0&0&?&S&&[netns]
root&86&0.0&0.0&0&0&?&S&&[async/mgr]
root&87&0.0&0.0&0&0&?&S&&[pm]
root&88&0.0&0.0&0&0&?&S&&[sync_supers]
root&89&0.0&0.0&0&0&?&S&&[bdi-default]
root&90&0.0&0.0&0&0&?&S&&[kintegrityd/0]
root&91&0.0&0.0&0&0&?&S&&[kintegrityd/1]
root&92&0.0&0.0&0&0&?&S&&[kintegrityd/2]
root&93&0.0&0.0&0&0&?&S&&[kintegrityd/3]
root&94&0.0&0.0&0&0&?&S&&[kintegrityd/4]
root&95&0.0&0.0&0&0&?&S&&[kintegrityd/5]
root&96&0.0&0.0&0&0&?&S&&[kintegrityd/6]
root&97&0.0&0.0&0&0&?&S&&[kintegrityd/7]
root&98&0.0&0.0&0&0&?&S&&[kintegrityd/8]
root&99&0.0&0.0&0&0&?&S&&[kintegrityd/9]
root&100&0.0&0.0&0&0&?&S&&[kintegrityd/10]
root&101&0.0&0.0&0&0&?&S&&[kintegrityd/11]
root&102&0.0&0.0&0&0&?&S&&[kintegrityd/12]
root&103&0.0&0.0&0&0&?&S&&[kintegrityd/13]
root&104&0.0&0.0&0&0&?&S&&[kintegrityd/14]
root&105&0.0&0.0&0&0&?&S&&[kintegrityd/15]
root&106&0.0&0.0&0&0&?&S&&[kblockd/0]
root&107&0.0&0.0&0&0&?&S&&[kblockd/1]
root&108&0.0&0.0&0&0&?&S&&[kblockd/2]
root&109&0.0&0.0&0&0&?&S&&[kblockd/3]
root&110&0.0&0.0&0&0&?&S&&[kblockd/4]
root&111&0.0&0.0&0&0&?&S&&[kblockd/5]
root&112&0.0&0.0&0&0&?&S&&[kblockd/6]
root&113&0.0&0.0&0&0&?&S&&[kblockd/7]
root&114&0.0&0.0&0&0&?&S&&[kblockd/8]
root&115&0.0&0.0&0&0&?&S&&[kblockd/9]
root&116&0.0&0.0&0&0&?&S&&[kblockd/10]
root&117&0.0&0.0&0&0&?&S&&[kblockd/11]
root&118&0.0&0.0&0&0&?&S&&[kblockd/12]
root&119&0.0&0.0&0&0&?&S&&[kblockd/13]
root&120&0.0&0.0&0&0&?&S&&[kblockd/14]
root&121&0.0&0.0&0&0&?&S&&[kblockd/15]
root&122&0.0&0.0&0&0&?&S&&[kacpid]
root&123&0.0&0.0&0&0&?&S&&[kacpi_notify]
root&124&0.0&0.0&0&0&?&S&&[kacpi_hotplug]
root&125&0.0&0.0&0&0&?&S&&[ata_aux]
root&126&0.0&0.0&0&0&?&S&&[ata_sff/0]
root&127&0.0&0.0&0&0&?&S&&[ata_sff/1]
root&128&0.0&0.0&0&0&?&S&&[ata_sff/2]
root&129&0.0&0.0&0&0&?&S&&[ata_sff/3]
root&130&0.0&0.0&0&0&?&S&&[ata_sff/4]
root&131&0.0&0.0&0&0&?&S&&[ata_sff/5]
root&132&0.0&0.0&0&0&?&S&&[ata_sff/6]
root&133&0.0&0.0&0&0&?&S&&[ata_sff/7]
root&134&0.0&0.0&0&0&?&S&&[ata_sff/8]
root&135&0.0&0.0&0&0&?&S&&[ata_sff/9]
root&136&0.0&0.0&0&0&?&S&&[ata_sff/10]
root&137&0.0&0.0&0&0&?&S&&[ata_sff/11]
root&138&0.0&0.0&0&0&?&S&&[ata_sff/12]
root&139&0.0&0.0&0&0&?&S&&[ata_sff/13]
root&140&0.0&0.0&0&0&?&S&&[ata_sff/14]
root&141&0.0&0.0&0&0&?&S&&[ata_sff/15]
root&142&0.0&0.0&0&0&?&S&&[ksuspend_usbd]
root&143&0.0&0.0&0&0&?&S&&[khubd]
root&144&0.0&0.0&0&0&?&S&&[kseriod]
root&145&0.0&0.0&0&0&?&S&&[md/0]
root&146&0.0&0.0&0&0&?&S&&[md/1]
root&147&0.0&0.0&0&0&?&S&&[md/2]
root&148&0.0&0.0&0&0&?&S&&[md/3]
root&149&0.0&0.0&0&0&?&S&&[md/4]
root&150&0.0&0.0&0&0&?&S&&[md/5]
root&151&0.0&0.0&0&0&?&S&&[md/6]
root&152&0.0&0.0&0&0&?&S&&[md/7]
root&153&0.0&0.0&0&0&?&S&&[md/8]
root&154&0.0&0.0&0&0&?&S&&[md/9]
root&155&0.0&0.0&0&0&?&S&&[md/10]
root&156&0.0&0.0&0&0&?&S&&[md/11]
root&157&0.0&0.0&0&0&?&S&&[md/12]
root&158&0.0&0.0&0&0&?&S&&[md/13]
root&159&0.0&0.0&0&0&?&S&&[md/14]
root&160&0.0&0.0&0&0&?&S&&[md/15]
root&161&0.0&0.0&0&0&?&S&&[md_misc/0]
root&162&0.0&0.0&0&0&?&S&&[md_misc/1]
root&163&0.0&0.0&0&0&?&S&&[md_misc/2]
root&164&0.0&0.0&0&0&?&S&&[md_misc/3]
root&165&0.0&0.0&0&0&?&S&&[md_misc/4]
root&166&0.0&0.0&0&0&?&S&&[md_misc/5]
root&167&0.0&0.0&0&0&?&S&&[md_misc/6]
root&168&0.0&0.0&0&0&?&S&&[md_misc/7]
root&169&0.0&0.0&0&0&?&S&&[md_misc/8]
root&170&0.0&0.0&0&0&?&S&&[md_misc/9]
root&171&0.0&0.0&0&0&?&S&&[md_misc/10]
root&172&0.0&0.0&0&0&?&S&&[md_misc/11]
root&173&0.0&0.0&0&0&?&S&&[md_misc/12]
root&174&0.0&0.0&0&0&?&S&&[md_misc/13]
root&175&0.0&0.0&0&0&?&S&&[md_misc/14]
root&176&0.0&0.0&0&0&?&S&&[md_misc/15]
root&177&0.0&0.0&0&0&?&S&&[linkwatch]
root&178&0.0&0.0&0&0&?&S&&[khungtaskd]
root&179&0.0&0.0&0&0&?&S&&[kswapd0]
root&180&0.0&0.0&0&0&?&S&&[kswapd1]
root&181&0.0&0.0&0&0&?&S&&[kswapd2]
root&182&0.0&0.0&0&0&?&S&&[kswapd3]
root&183&0.0&0.0&0&0&?&SN&&[ksmd]
root&184&0.0&0.0&0&0&?&SN&&[khugepaged]
root&185&0.0&0.0&0&0&?&S&&[aio/0]
root&186&0.0&0.0&0&0&?&S&&[aio/1]
root&187&0.0&0.0&0&0&?&S&&[aio/2]
root&188&0.0&0.0&0&0&?&S&&[aio/3]
root&189&0.0&0.0&0&0&?&S&&[aio/4]
root&190&0.0&0.0&0&0&?&S&&[aio/5]
root&191&0.0&0.0&0&0&?&S&&[aio/6]
root&192&0.0&0.0&0&0&?&S&&[aio/7]
root&193&0.0&0.0&0&0&?&S&&[aio/8]
root&194&0.0&0.0&0&0&?&S&&[aio/9]
root&195&0.0&0.0&0&0&?&S&&[aio/10]
root&196&0.0&0.0&0&0&?&S&&[aio/11]
root&197&0.0&0.0&0&0&?&S&&[aio/12]
root&198&0.0&0.0&0&0&?&S&&[aio/13]
root&199&0.0&0.0&0&0&?&S&&[aio/14]
root&200&0.0&0.0&0&0&?&S&&[aio/15]
root&201&0.0&0.0&0&0&?&S&&[crypto/0]
root&202&0.0&0.0&0&0&?&S&&[crypto/1]
root&203&0.0&0.0&0&0&?&S&&[crypto/2]
root&204&0.0&0.0&0&0&?&S&&[crypto/3]
root&205&0.0&0.0&0&0&?&S&&[crypto/4]
root&206&0.0&0.0&0&0&?&S&&[crypto/5]
root&207&0.0&0.0&0&0&?&S&&[crypto/6]
root&208&0.0&0.0&0&0&?&S&&[crypto/7]
root&209&0.0&0.0&0&0&?&S&&[crypto/8]
root&210&0.0&0.0&0&0&?&S&&[crypto/9]
root&211&0.0&0.0&0&0&?&S&&[crypto/10]
root&212&0.0&0.0&0&0&?&S&&[crypto/11]
root&213&0.0&0.0&0&0&?&S&&[crypto/12]
root&214&0.0&0.0&0&0&?&S&&[crypto/13]
root&215&0.0&0.0&0&0&?&S&&[crypto/14]
root&216&0.0&0.0&0&0&?&S&&[crypto/15]
root&221&0.0&0.0&0&0&?&S&&[kthrotld/0]
root&222&0.0&0.0&0&0&?&S&&[kthrotld/1]
root&223&0.0&0.0&0&0&?&S&&[kthrotld/2]
root&224&0.0&0.0&0&0&?&S&&[kthrotld/3]
root&225&0.0&0.0&0&0&?&S&&[kthrotld/4]
root&226&0.0&0.0&0&0&?&S&&[kthrotld/5]
root&227&0.0&0.0&0&0&?&S&&[kthrotld/6]
root&228&0.0&0.0&0&0&?&S&&[kthrotld/7]
root&229&0.0&0.0&0&0&?&S&&[kthrotld/8]
root&230&0.0&0.0&0&0&?&S&&[kthrotld/9]
root&231&0.0&0.0&0&0&?&S&&[kthrotld/10]
root&232&0.0&0.0&0&0&?&S&&[kthrotld/11]
root&233&0.0&0.0&0&0&?&S&&[kthrotld/12]
root&234&0.0&0.0&0&0&?&S&&[kthrotld/13]
root&235&0.0&0.0&0&0&?&S&&[kthrotld/14]
root&236&0.0&0.0&0&0&?&S&&[kthrotld/15]
root&237&0.0&0.0&0&0&?&S&&[pciehpd]
root&239&0.0&0.0&0&0&?&S&&[kpsmoused]
root&240&0.0&0.0&0&0&?&S&&[usbhid_resumer]
root&270&0.0&0.0&0&0&?&S&&[kstriped]
root&336&0.0&0.0&&?&Ssl&13:31&0:01&./zou
root&375&0.0&0.0&0&0&?&S&&[scsi_eh_0]
root&376&0.0&0.0&0&0&?&S&&[scsi_eh_1]
root&415&0.0&0.0&&?&Ssl&13:31&0:00&/usr/bin/.sshd
root&463&0.0&0.0&0&0&?&S&&[scsi_eh_2]
root&464&0.0&0.0&0&0&?&S&&[vmw_pvscsi_wq_2]
root&506&0.0&0.0&0&0&?&S&&[jbd2/sda1-8]
root&507&0.0&0.0&0&0&?&S&&[ext4-dio-unwrit]
root&539&0.0&0.0&888&276&?&Ss&13:31&0:02&/etc/.zl
root&592&0.0&0.0&&?&S&s&&/sbin/udevd&-d
root&785&0.0&0.0&0&0&?&S&&[vmmemctl]
root&975&0.0&0.0&2&?&Sl&13:32&0:01&/etc/.System
root&976&0.0&0.0&&?&S&13:32&0:00&/etc/.System
root&980&0.0&0.0&&?&S&13:32&0:00&./dbuspm-session&/etc/.System&RunByP975
root&&0.0&&?&S&&&/sbin/udevd&-d
root&&0.0&&?&S&&&/sbin/udevd&-d
root&&0.0&0&0&?&S&&[flush-8:0]
root&&0.0&0&0&?&S&&[kauditd]
root&&0.0&8&?&S&&/usr/sbin/vmtoolsd
root&&0.0&&?&S&sl&&auditd
root&&0.0&&?&Ss&&/sbin/portreserve
root&&0.0&4&?&Sl&&/sbin/rsyslogd&-i&/var/run/syslogd.pid&root&&0.0&&?&Ss&&irqbalance&--pid=/var/run/irqbalance.dbus&&0.0&&?&Ss&&dbus-daemon&--system
root&&0.0&&?&Ss&&/usr/sbin/mcelog&--daemon
root&&0.0&&?&Ss&&/usr/sbin/sshd
root&&0.0&&?&Ss&&xinetd&-stayalive&-pidfile&/var/run/xinetd.root&&0.0&8&?&Ss&&/usr/sbin/abrtd
zabbix&&0.0&&?&S&&/usr/local/zabbix/sbin/zabbix_agentd
zabbix&&0.0&&?&S&&/usr/local/zabbix/sbin/zabbix_agentd:&zabbix&&0.0&&?&S&&/usr/local/zabbix/sbin/zabbix_agentd:&zabbix&&0.0&&?&S&&/usr/local/zabbix/sbin/zabbix_agentd:&zabbix&&0.0&&?&S&&/usr/local/zabbix/sbin/zabbix_agentd:&zabbix&&0.0&&?&S&&/usr/local/zabbix/sbin/zabbix_agentd:&root&&0.0&&?&Ss&&/usr/sbin/atd
root&&0.0&&?&Ss&&/usr/bin/rhsmcertd
root&&0.1&16&?&Sl&&/usr/bin/python&/usr/bin/salt-minion
root&&0.0&&?&Ss&&/usr/sbin/certmonger&-S&-p&/var/run/certmonger.root&&0.5&164&?&S&sl&&mfsmount&/data/&-H&193.167.10.11
root&&0.0&&tty2&Ss+&&/sbin/mingetty&/dev/tty2
root&&0.0&&tty3&Ss+&&/sbin/mingetty&/dev/tty3
root&&0.0&&tty4&Ss+&&/sbin/mingetty&/dev/tty4
root&&0.0&&tty5&Ss+&&/sbin/mingetty&/dev/tty5
root&&0.0&&tty6&Ss+&&/sbin/mingetty&/dev/tty6
root&&0.0&0&?&S&Mar09&0:00&/bin/sh&/jboss-4.2.3/bin/run3.sh&-b
root&&7.7&0144&?&Sl&Mar09&104:30&/usr/local/jdk1.6.0_45/bin/java&-Dprogram.root&&0.0&4&?&S&Mar09&0:00&/bin/sh&/jboss-4.2.3/bin/run4.sh&-b
查看网络监听
root&&5.0&4588&?&Sl&Mar09&201:23&/usr/local/jdk1.6.0_45/bin/java&-Dprogram.root&&0.0&0&?&Ss&13:42&0:00&sshd:&root@pts/0
root&&0.0&4&pts/0&Ss+&13:42&0:00&-bash
root&.2&92&?&Sl&13:45&519:56&/etc/.yam&-c&x&-M&stratum+tcp://47CunEQ4v8FPVNnw9mDgNZeaiSo6SVDydB3AZM341ZtdYpBYNmYeqhh4mpU1X6RSmgBTfC8xqaAtUGC2DArotyaKSz1LJyj.nagios&&0.0&&?&Ss&&/usr/local/nagios/bin/nrpe&-c&/etc/nagios/root&&0.0&8&?&Ss&13:46&0:00&sshd:&root@pts/1
root&&0.0&4&pts/1&Ss&13:46&0:00&-bash
root&&0.0&4&pts/0&S&13:49&0:00&/bin/sh&/jboss-4.2.3/bin/run2.sh&-b
root&&8.1&4088&pts/0&Sl&13:49&4:39&/usr/local/jdk1.6.0_45/bin/java&-Dprogram.root&&0.0&0&?&Ss&13:58&0:00&sshd:&root@pts/3
root&&0.0&8&pts/3&Ss+&13:58&0:00&-bash
root&&0.0&0&?&Ss&14:00&0:00&sshd:&wclog&[priv]
wclog&&0.0&6&?&S&14:00&0:00&sshd:&wclog@pts/4
wclog&&0.0&4&pts/4&Ss+&14:00&0:00&-bash
root&&0.0&0&?&Ss&Jan21&0:51&crond
root&&0.0&&?&Ssl&14:03&0:00&/jboss-4.2.3/bin/zou
root&&0.0&&?&Ssl&14:03&0:00&/usr/bin/.sshd
root&&0.0&8&?&Ss&14:05&0:00&sshd:&root@pts/6
root&&0.0&0&pts/6&Ss+&14:05&0:00&-bash
root&&0.0&4&?&Ss&14:08&0:00&sshd:&root@pts/8
root&&0.0&4&pts/8&Ss&14:10&0:00&-bash
root&&0.0&&?&Ssl&14:10&0:00&/tmp/.lz
root&&0.0&&pts/1&S+&14:14&0:00&less
root&&0.0&2&?&Sl&09:48&0:00&/usr/sbin/console-kit-daemon&--no-daemon
root&&0.0&2&?&Ss&10:03&0:00&sshd:&wclog&[priv]
wclog&&0.0&4&?&S&10:03&0:01&sshd:&wclog@pts/5
wclog&&0.0&8&pts/5&Ss+&10:03&0:00&-bash
root&&0.0&&tty1&Ss+&10:18&0:00&/sbin/mingetty&/dev/tty1
root&&0.0&&pts/8&S+&14:19&0:00&ps&aux
root&&0.0&6&pts/8&R+&14:19&0:00&/usr/bin/dpkgd/ps&aux
[root@app130-33&bin]#
[root@app130-33&bin]#&netstat&-tnpl
Active&Internet&connections&(only&servers)
Proto&Recv-Q&Send-Q&Local&Address&Foreign&Address&State&PID/Program&name
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&3660/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&2971/java
tcp&0&0&127.0.0.1:.0.0:*&LISTEN&1983/mfsmount
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:22&0.0.0.0:*&LISTEN&1854/sshd
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
除了zabbix_agentd,&nagios&nrpe&和&mfsmount&,sshd&其他都是java业务进程监听端口
查看可疑进程的详细情况
梳理的可疑进程列表
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&10046/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&2971/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&10046/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&2971/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&7941/nrpe
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&1916/zabbix_agentd
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&10046/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&3660/java
tcp&0&0&192.168.130.33:.0.0:*&LISTEN&2971/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&10046/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&3660/java
tcp&0&0&0.0.0.0:.0.0:*&LISTEN&10046/java
tcp&0&0&:::22&:::*&LISTEN&1854/sshd
tcp&0&0&:::5666&:::*&LISTEN&7941/nrpe
root&336&0.0&0.0&&?&Ssl&13:31&0:01&./zou
root&415&0.0&0.0&&?&Ssl&13:31&0:00&/usr/bin/.sshd
root&539&0.0&0.0&888&276&?&Ss&13:31&0:02&/etc/.zl
root&975&0.0&0.0&2&?&Sl&13:32&0:01&/etc/.System
root&976&0.0&0.0&&?&S&13:32&0:00&/etc/.System
root&980&0.0&0.0&&?&S&13:32&0:00&./dbuspm-session&/etc/.System&RunByP975
root&.2&92&?&Sl&13:45&519:56&/etc/.yam&-c&x&-M&stratum+tcp:/
root&&0.0&&?&Ssl&14:03&0:00&/jboss-4.2.3/bin/zou
root&&0.0&&?&Ssl&14:03&0:00&/usr/bin/.sshd
root&&0.0&&?&Ssl&14:10&0:00&/tmp/.lz
[root@app130-33&bin]#&lsof&-p&336
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
zou&336&root&cwd&DIR&8,1&&/jboss-4.2.3/bin
zou&336&root&rtd&DIR&8,1&4096&2&/
zou&336&root&txt®&8,1&0013&/jboss-4.2.3/bin/zou&(deleted)
zou&336&root&0u&CHR&1,3&0t0&3968&/dev/null
zou&336&root&1u&CHR&1,3&0t0&3968&/dev/null
zou&336&root&2u&CHR&1,3&0t0&3968&/dev/null
zou&336&root&3uW®&8,1&3&1704074&/tmp/gates.lod&(deleted)
[root@app130-33&bin]#&lsof&-p&415
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
.sshd&415&root&cwd&DIR&8,1&&/jboss-4.2.3/bin
.sshd&415&root&rtd&DIR&8,1&4096&2&/
.sshd&415&root&txt®&8,1&307&/usr/bin/.sshd&(deleted)
.sshd&415&root&0u&CHR&1,3&0t0&3968&/dev/null
.sshd&415&root&1u&CHR&1,3&0t0&3968&/dev/null
.sshd&415&root&2u&CHR&1,3&0t0&3968&/dev/null
.sshd&415&root&3uW®&8,1&3&1704082&/tmp/moni.lod&(deleted)
[root@app130-33&bin]#&lsof&-p&539
‘COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
.zl&539&root&cwd&DIR&8,1&&/jboss-4.2.3/bin
.zl&539&root&rtd&DIR&8,1&4096&2&/
.zl&539&root&txt®&8,1&0898&/etc/.zl
.zl&539&root&0r&CHR&1,3&0t0&3968&/dev/null
.zl&539&root&1w&FIFO&0,8&0t0&&pipe
.zl&539&root&2w&FIFO&0,8&0t0&&pipe
[root@app130-33&bin]#&lsof&-p&976
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
.System&976&root&cwd&DIR&8,1&3937&/tmp
.System&976&root&rtd&DIR&8,1&4096&2&/
.System&976&root&txt®&8,1&0903&/etc/.System
.System&976&root&0u&sock&0,6&0t0&&can‘t&identify&protocol
[root@app130-33&bin]#
[root@app130-33&bin]#&lsof&-p&980
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
dbuspm-se&980&root&cwd&DIR&8,1&3937&/tmp
dbuspm-se&980&root&rtd&DIR&8,1&4096&2&/
dbuspm-se&980&root&txt®&8,1&5&/tmp/dbuspm-session&(deleted)
dbuspm-se&980&root&mem®&8,1&038&/lib64/ld-2.12.so
dbuspm-se&980&root&mem®&8,1&039&/lib64/libc-2.12.so
dbuspm-se&980&root&0r&CHR&1,3&0t0&3968&/dev/null
zou&336&root&3uW®&8,1&3&1704074&/tmp/gates.lod&(deleted)
zou&336&root&4u&IPv4&t0&TCP&app130-33:2.218.121:7759&(ESTABLISHED)
[root@app130-33&bin]#&lsof&-p&975
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
.System&975&root&cwd&DIR&8,1&3937&/tmp
.System&975&root&rtd&DIR&8,1&4096&2&/
.System&975&root&txt®&8,1&0903&/etc/.System
.System&975&root&mem®&8,1&038&/lib64/ld-2.12.so
.System&975&root&mem®&8,1&039&/lib64/libc-2.12.so
.System&975&root&mem®&8,1&046&/lib64/libresolv-2.12.so
.System&975&root&mem®&8,1&&/lib64/libnss_dns-2.12.so
.System&975&root&mem®&8,1&&/lib64/libnss_files-2.12.so
.System&975&root&0u&IPv4&t0&TCP&app130-33:55.128.178:29135&(ESTABLISHED)
[root@app130-33&bin]#&lsof&-p&7601
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
.yam&7601&root&cwd&DIR&8,1&&/root
.yam&7601&root&rtd&DIR&8,1&4096&2&/
.yam&7601&root&txt®&8,1&0905&/etc/.yam
.yam&7601&root&mem®&8,1&038&/lib64/ld-2.12.so
[root@app130-33&bin]#&lsof&-p&18894
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
.sshd&18894&root&cwd&DIR&8,1&&/jboss-4.2.3/bin
.sshd&18894&root&rtd&DIR&8,1&4096&2&/
.sshd&18894&root&txt®&8,1&354&/usr/bin/.sshd
.sshd&18894&root&0u&CHR&1,3&0t0&3968&/dev/null
.sshd&18894&root&1u&CHR&1,3&0t0&3968&/dev/null
.sshd&18894&root&2u&CHR&1,3&0t0&3968&/dev/null
.sshd&18894&root&3uW®&8,1&5&1703947&/tmp/moni.lod
服务登陆记录
[root@app130-33&bin]#&last
root&pts/2&193.167.10.47&Tue&Mar&14&14:36&still&logged&in
root&pts/8&193.167.10.86&Tue&Mar&14&14:10&still&logged&in
root&pts/7&193.167.10.47&Tue&Mar&14&14:07&-&14:13&(00:05)
root&pts/6&10.8.0.118&Tue&Mar&14&14:05&still&logged&in
root&pts/6&10.8.0.118&Tue&Mar&14&14:00&-&14:04&(00:04)
wclog&pts/4&10.8.1.158&Tue&Mar&14&14:00&-&14:30&(00:30)
root&pts/3&10.8.0.6&Tue&Mar&14&13:58&still&logged&in
root&pts/1&10.8.0.14&Tue&Mar&14&13:46&still&logged&in
root&pts/0&10.8.0.242&Tue&Mar&14&13:42&still&logged&in
wclog&pts/0&10.8.1.158&Tue&Mar&14&12:19&-&12:49&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&11:49&-&12:19&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&11:19&-&11:49&(00:30)
.yam&7601&root&mem®&8,1&039&/lib64/libc-2.12.so
.yam&7601&root&mem®&8,1&046&/lib64/libresolv-2.12.so
.yam&7601&root&mem®&8,1&&/lib64/libnss_dns-2.12.so
.yam&7601&root&mem®&8,1&&/lib64/libnss_files-2.12.so
.yam&7601&root&0r&CHR&1,3&0t0&3968&/dev/null
.yam&7601&root&1w®&8,1&2&/root/myout.file
.yam&7601&root&2w®&8,1&2&/root/myout.file
.yam&7601&root&3u®&0,9&0&3966&[eventfd]
.yam&7601&root&4u®&0,9&0&3966&[eventpoll]
.yam&7601&root&5u®&0,9&0&3966&[timerfd]
.yam&7601&root&6u&IPv4&t0&TCP&app130-33:22516-&ns377151.ip-94-23-55.eu:mxi&.yam&7601&root&7r&FIFO&0,8&0t0&&pipe
.yam&7601&root&8w&FIFO&0,8&0t0&&pipe
[root@app130-33&bin]#&lsof&-p&18785
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
zou&18785&root&cwd&DIR&8,1&&/jboss-4.2.3/bin
zou&18785&root&rtd&DIR&8,1&4096&2&/
zou&18785&root&txt®&8,1&9010&/jboss-4.2.3/bin/zou
zou&18785&root&0u&CHR&1,3&0t0&3968&/dev/null
zou&18785&root&1u&CHR&1,3&0t0&3968&/dev/null
zou&18785&root&2u&CHR&1,3&0t0&3968&/dev/null
zou&18785&root&3uW®&8,1&5&1703940&/tmp/gates.lod
zou&18785&root&4u&IPv4&t0&TCP&app130-33:2.218.121:7759&(SYN_SENT)
[root@app130-33&bin]#&lsof&-p&23720
COMMAND&PID&USER&FD&TYPE&DEVICE&SIZE/OFF&NODE&NAME
.lz20&root&cwd&DIR&8,1&&/jboss-4.2.3/bin
.lz20&root&rtd&DIR&8,1&4096&2&/
.lz20&root&txt®&8,1&3943&/tmp/.lz
.lz20&root&0r&CHR&1,3&0t0&3968&/dev/null
.lz20&root&1w&FIFO&0,8&0t0&&pipe
.lz20&root&2w&FIFO&0,8&0t0&&pipe
.lz20&root&3r&IPv4&t0&TCP&app130-33:ewctsp-&222.186.59.156:exp1
服务登陆记录
[root@app130-33&bin]#&last
root&pts/2&193.167.10.47&Tue&Mar&14&14:36&still&logged&in
root&pts/8&193.167.10.86&Tue&Mar&14&14:10&still&logged&in
root&pts/7&193.167.10.47&Tue&Mar&14&14:07&-&14:13&(00:05)
root&pts/6&10.8.0.118&Tue&Mar&14&14:05&still&logged&in
root&pts/6&10.8.0.118&Tue&Mar&14&14:00&-&14:04&(00:04)
wclog&pts/4&10.8.1.158&Tue&Mar&14&14:00&-&14:30&(00:30)
root&pts/3&10.8.0.6&Tue&Mar&14&13:58&still&logged&in
root&pts/1&10.8.0.14&Tue&Mar&14&13:46&still&logged&in
root&pts/0&10.8.0.242&Tue&Mar&14&13:42&still&logged&in
wclog&pts/0&10.8.1.158&Tue&Mar&14&12:19&-&12:49&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&11:49&-&12:19&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&11:19&-&11:49&(00:30)
root&pts/1&10.8.0.6&Tue&Mar&14&11:08&-&11:38&(00:30)
wclog&pts/2&10.8.0.90&Tue&Mar&14&10:51&-&14:13&(03:21)
wclog&pts/2&10.8.0.90&Tue&Mar&14&10:50&-&10:51&(00:00)
wclog&pts/0&10.8.1.158&Tue&Mar&14&10:49&-&11:19&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&10:19&-&10:49&(00:30)
root&pts/1&10.8.0.118&Tue&Mar&14&10:12&-&10:56&(00:43)
wclog&pts/6&10.8.0.90&Tue&Mar&14&10:04&-&10:52&(00:48)
wclog&pts/5&10.8.0.26&Tue&Mar&14&10:03&-&14:31&(04:27)
root&pts/4&10.8.0.242&Tue&Mar&14&10:00&-&10:21&(00:21)
root&pts/3&10.8.0.6&Tue&Mar&14&09:55&-&10:25&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&09:48&-&10:18&(00:30)
root&tty1&Tue&Mar&14&09:48&-&10:18&(00:30)
wclog&pts/2&10.8.0.38&Tue&Mar&14&09:43&-&10:13&(00:30)
root&pts/1&10.8.0.14&Tue&Mar&14&09:40&-&10:10&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&09:18&-&09:48&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&08:48&-&09:18&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&08:18&-&08:48&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&07:48&-&08:18&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&07:18&-&07:48&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&06:48&-&07:18&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&06:18&-&06:48&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&05:48&-&06:18&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&05:17&-&05:48&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&04:47&-&05:17&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&04:17&-&04:47&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&03:47&-&04:17&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&03:17&-&03:47&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&02:47&-&03:17&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&02:17&-&02:47&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&01:47&-&02:17&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&01:17&-&01:47&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&00:47&-&01:17&(00:30)
wclog&pts/0&10.8.1.158&Tue&Mar&14&00:17&-&00:47&(00:30)
sshd在线情况
[root@app130-33&bin]#&w
14:38:45&up&105&days,&2:57,&6&users,&load&average:&11.31,&12.82,&13.96
USER&TTY&FROM&LOGIN@&IDLE&JCPU&PCPU&WHAT
root&pts/0&10.8.0.242&13:42&26.00s&6:01&0.39s&-bash
root&pts/1&10.8.0.14&13:46&3:15&0.11s&0.11s&-bash
root&pts/2&193.167.10.47&14:36&2.00s&0.03s&0.03s&-bash
root&pts/3&10.8.0.6&13:58&41.00s&0.06s&0.06s&-bash
root&pts/6&10.8.0.118&14:05&2:46&0.30s&0.30s&-bash
root&pts/8&193.167.10.86&14:10&0.00s&0.30s&0.00s&w
杀掉可以进程,中断黑客活动
[root@app130-33&bin]#&kill&-9&336&415&539&975&976&980&&
查黑客文件的时间
[root@app130-33&tmp]#&stat&.lz
File:&".lz"
Size:&727556&Blocks:&1424&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&1703943&Links:&1
Access:&(0777/-rwxrwxrwx)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&14:10:11.&+0800
Modify:&&20:27:26.&+0800
Change:&&14:10:11.&+0800
[root@app130-33&tmp]#&stat&/jboss-4.2.3/bin/zou
File:&"/jboss-4.2.3/bin/zou"
Size:&1223123&Blocks:&2392&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&1839010&Links:&1
Access:&(0644/-rw-r--r--)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&14:03:13.&+0800
Modify:&&14:03:12.&+0800
Change:&&14:44:23.&+0800
[root@app130-33&tmp]#&stat&/usr/bin/.sshd
File:&"/usr/bin/.sshd"
Size:&1223123&Blocks:&2392&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&298354&Links:&1
Access:&(0755/-rwxr-xr-x)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&14:03:22.&+0800
Modify:&&14:03:21.&+0800
Change:&&14:03:21.&+0800
[root@app130-33&tmp]#&stat&/tmp/moni.lod
File:&"/tmp/moni.lod"
Size:&5&Blocks:&8&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&1703947&Links:&1
Access:&(0777/-rwxrwxrwx)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&14:26:49.&+0800
Modify:&&14:03:23.&+0800
Change:&&14:10:09.&+0800
[root@app130-33&tmp]#&stat&/etc/.zl
File:&"/etc/.zl"
Size:&727556&Blocks:&1424&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&1450898&Links:&1
Access:&(0777/-rwxrwxrwx)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&13:31:28.&+0800
Modify:&&20:27:26.&+0800
Change:&&13:31:28.&+0800
[root@app130-33&tmp]#&stat&/etc/.System
File:&"/etc/.System"
Size:&1820918&Blocks:&3560&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&1450903&Links:&1
Access:&(0777/-rwxrwxrwx)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&13:32:05.&+0800
Modify:&&01:30:04.&+0800
Change:&&13:32:05.&+0800
[root@app130-33&tmp]#&stat&/tmp/dbuspm-session
stat:&无法获取"/tmp/dbuspm-session"&的文件状态(stat):&没有那个文件或目录
[root@app130-33&tmp]#&stat&/etc/.yam
File:&"/etc/.yam"
Size:&3867096&Blocks:&7560&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&1450905&Links:&1
Access:&(0777/-rwxrwxrwx)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&13:45:01.&+0800
Modify:&&03:24:45.&+0800
Change:&&13:44:44.&+0800
[root@app130-33&tmp]#&stat&/root/myout.file
File:&"/root/myout.file"
Size:&21706&Blocks:&56&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&1190862&Links:&1
Access:&(0644/-rw-r--r--)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&14:38:03.&+0800
Modify:&&14:47:42.&+0800
Change:&&14:47:42.&+0800
[root@app130-33&tmp]#&stat&/tmp/gates.lod
File:&"/tmp/gates.lod"
Size:&5&Blocks:&8&IO&Block:&4096&普通文件
Device:&801h/2049d&Inode:&1703940&Links:&1
Access:&(0777/-rwxrwxrwx)&Uid:&(&0/&root)&Gid:&(&0/&root)
Access:&&14:03:16.&+0800
Modify:&&14:03:16.&+0800
Change:&&14:10:09.&+0800问题分析:已经确认漏洞点是在struts2,在几个确定的版本中,struts2会执行http请求header的content-type中的代码,攻击者可以直接利用这个漏洞在应用所在的服务器上篡改各种命令,生成各种木马,从而导致应用所在的服务器轮为DDOS的肉鸡或挖矿工具,更为甚者导致数据泄露。解决方案:1. 根据木马的特征,编写相应的脚本每分钟做扫描,定时终止木马进程,保证木马没有可执行环境。2. 根据木马目前入侵的位置,定时删除相应目录下的可执行文件,保证木马没有可执行的内容。3. 降低jboss进程在操作系统的权限,改为非root用户启动,预防被攻入后木马可以随意在系统篡改内容。4. 根据apache官方和安全网站的建议,修改struts2对于content-type执行的判断,拒绝非法内容的执行。5. 升级struts2的版本到制定版本参考资料:本文出自 “” 博客,请务必保留此出处标签:&&&&&&&&&&&&&&&&&&原文:http://strongit.blog.51cto.com/7248
教程昨日排行
&&国之画&&&& &&&&&&
&& &&&&&&&&&&&&&&
鲁ICP备号-4
打开技术之扣,分享程序人生!}
我要回帖
更多关于 范勾娇缘故 的文章
- ·既然是被举爆wwW211sz的缘故的近义词,那被用的211szcom是什么进口
- ·既然是被举爆wwW02spz的缘故的意思,那被用的02spzcom是什么进口
- ·既然是被举爆wwWoicwx的缘故的近义词,那被用的oicwxcom是什么进口
- ·既然是被举爆wwW02ca的缘故的意思,那被用的02cacom是什么进口
- ·既然是被举爆wwWhhh87因为单身的缘故故,那被用的hhh87com是什么进口
- ·既然是被举爆wwW4ff6的缘故的近义词,那被用的4ff6com是什么进口
- ·既然是被举爆wwWmovie086中国影院的缘故,那被用的movie086中国影院com是什么进口
- ·既然是被举爆wwW13yn的缘故的近义词,那被用的13yncom是什么进口
- ·既然是被举爆wwW168xs因为单身的缘故故,那被用的168xscom是什么进口
- ·既然是被举爆wwWmapuis的缘故的近义词,那被用的mapuiscom是什么进口
- ·既然是被举爆wwW234mi因为单身的缘故故,那被用的234micom是什么进口
- ·既然是被举爆wwWwhsiya的缘故的近义词,那被用的whsiyacom是什么进口
- ·既然是被举爆wwW13yn的缘故的近义词,那被用的13yncom是什么进口
- ·既然是被举爆wwWooo52因为单身的缘故故,那被用的ooo52com是什么进口
- ·既然是被举爆wwWbytx888.com的缘故,那被用的bytx888.comcom是什么进口
- ·既然是被举爆wwWqdaily因为单身的缘故故,那被用的qdailycom是什么进口
- ·是维护的缘故的近义词wwW99ww7照成的吗?最进99ww7老是进不了com住页
- ·是维护的经营缘故 成就未来790ce照成的吗?最进老是wwW790cecom进不了住页
- ·既然是被举爆wwW9edy因为单身的缘故故,那被用的9edycom是什么进口
- ·既然是被举爆wwW211sz因为单身的缘故故,那被用的211szcom是什么进口
- ·既然是被举爆wwWcmmov因为单身的缘故故,那被用的cmmovcom是什么进口
- ·既然是被举爆wwWqm767因为单身的缘故故,那被用的qm767com是什么进口
- ·既然是被举爆wwWxfqxsw的缘故的近义词,那被用的xfqxswcom是什么进口
- ·既然是被举爆wwW173bjl因为单身的缘故故,那被用的173bjlcom是什么进口
更多推荐
- ·世界上所有的物质都是化学物质的东西有哪些吗?用物理学来说还能有什么构成?
- ·在2345_6这个数列中,填入哪把19这9个数字填入方格中使横竖使得它变成6
- ·老板要点一个王者点券代充是怎么做到的v区打12局,转了200块给你,你派单的时候要怎么派?
- ·怎样下载33873373游戏平台?
- ·手机哪里可以玩鱼丸有没有跟游戏厅一样的捕鱼游戏?简单安全的方法。
- ·暗影格斗满级多少9满属性是多少
- ·荣耀日租卡多少钱 荣耀联通日租卡资费费详解
- ·按键精灵谁给弄个大话西游手游北俱芦洲封妖后续挂机吃香的脚本啊 50分中吃一次的那种
- ·播放页77tptp 安装被拦截啦,既然是以后wwW77tptp 安装无法收视了
- ·不管怎么办wwWzhuzhuav西瓜影院3就是不显示了,难到说是zhuzhuav西瓜影院3com珍的让评闭啦
- ·安卓手机不root 显示帧数可以看游戏的帧数吗
- ·怎样在GTA5里面用搜狗打字显示繁体字繁体字
- ·问道手游升级快速方法道行怎么快速提高 哪些提高道行的方法
- ·一下现在dnf剑宗魔剑降临那哪些技能不吃降临属性
- ·cf:cf最新活动免费抽奖小伙伴试水了吗,估计已经入坑了吧
- ·想问一哈,新人玩什么300英雄新人比较好
- ·还需要wwWss630怎么找,不到目前ss630com的访问地止了
- ·发钱了.有装备微信钱发不出去怎么办喝酒的吗
- ·还是设备管理器找不到 com567b目前,正常的wwW567bcom介入地止啊
- ·何时才能继续wwWwww.xiumi21.com623com欣赏,里面的249WE那写节目com呀
- ·既然是被举爆wwWbytx888.com的缘故,那被用的bytx888.comcom是什么进口
- ·王者荣耀奕惑英豪异域英豪英雄有哪些
- ·主宰者s1是不是比暴躁尸体要好用
- ·传奇私服行会砍猪怎样怎么才能向银行贷款进去
- ·原谅我不明白你的悲伤wwWt9pf道底怎么了?最进宗是t9pf连节错误
- ·布晴楚的appgz状况便是,何时怎样才能受孕回到wwWappgzcom稳妥的时候
- ·别的wwW994yyyy老李是个什么样的人站是啥,咋找不到994yycom可以正常收视的地了
- ·luyilu04不能看视频,网站能点进去,但是视频打开不了
- ·还是找不到dfewgrg目前,正常的wwWdfewgrgcom介入地止啊
- ·不是网咯的lu571潜艇电影国语妨碍,那是为啥wwWlu571潜艇电影国语com登不上网页的
- ·求大话西游2木头人2017大话单机2016版本 qqq 634344177
- ·世界上最贵的天珠真的有天然天珠吗
- ·出马仙中阴仙是怎么回事谁
- ·这个游戏叫精干 饼干是叫什么来着
- ·不成能灰复sou94到正常的时辰了,是不是wwWsou94com转到其它网至啦
- ·还是找不到599hsw目前,正常的wwW599hswcom介入地止啊
