Hôm nay ngày 18/9/2023, đang code C# để sử dụng Web Browser vào trang web bỗng dưng thấy báo lỗi tải thư viện.
Quái lạ, mấy hôm nay đâu có chỉnh gì liên quan đến code và hệ thống đâu.
Sau một buổi xem log, xóa file.... thì phát hiện các manh mối
209.127.76.105 - - [16/Sep/2023:01:36:11 +0700] "GET /teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php HTTP/1.1" 200 97 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.68 YaBrowser/14.2.1700.8706 Safari/537.3620070189"
140.238.6.80 - - [16/Sep/2023:08:45:32 +0700] "GET /favicon.ico HTTP/1.1" 404 1238 "https://thiencntt.ats.edu.vn/teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
103.135.103.38 - - [16/Sep/2023:08:55:50 +0700] "POST /teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php HTTP/1.1" 200 3899 "https://thiencntt.ats.edu.vn/teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
103.135.103.38 - - [16/Sep/2023:08:55:56 +0700] "POST /teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php HTTP/1.1" 200 3835 "https://thiencntt.ats.edu.vn/teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
103.135.103.38 - - [16/Sep/2023:08:56:01 +0700] "POST /teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php HTTP/1.1" 200 3148 "https://thiencntt.ats.edu.vn/teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
103.135.103.38 - - [16/Sep/2023:08:56:03 +0700] "POST /teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php HTTP/1.1" 200 2731 "https://thiencntt.ats.edu.vn/teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
103.135.103.38 - - [16/Sep/2023:08:56:09 +0700] "POST /teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php HTTP/1.1" 200 3906 "https://thiencntt.ats.edu.vn/teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
103.135.103.38 - - [16/Sep/2023:08:56:17 +0700] "GET /style2.php? HTTP/1.1" 200 369 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
103.135.103.38 - - [16/Sep/2023:08:56:18 +0700] "GET /style2.php?action=modify HTTP/1.1" 200 401 "https://thiencntt.ats.edu.vn/style2.php?" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
103.135.103.38 - - [16/Sep/2023:08:56:22 +0700] "POST /teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php HTTP/1.1" 200 3142 "https://thiencntt.ats.edu.vn/teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
103.135.103.38 - - [16/Sep/2023:08:56:24 +0700] "POST /teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php HTTP/1.1" 200 3186 "https://thiencntt.ats.edu.vn/teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
2405:4800:5f0a:2a00:1d5a:56d3:f468:beb0 - - [16/Sep/2023:08:56:34 +0700] "GET /share/batchadmin.txt HTTP/1.1" 200 171 "-" "python-requests/2.30.0"
2405:4800:5f0a:2a00:1d5a:56d3:f468:beb0 - - [16/Sep/2023:08:56:35 +0700] "GET /share/sublab403.txt HTTP/1.1" 200 2285 "-" "python-requests/2.30.0"
103.135.103.38 - - [16/Sep/2023:08:56:35 +0700] "POST /teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php HTTP/1.1" 200 18500 "https://thiencntt.ats.edu.vn/teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
103.135.103.38 - - [16/Sep/2023:08:56:37 +0700] "POST /teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php HTTP/1.1" 200 18501 "https://thiencntt.ats.edu.vn/teaching/diemdanh/vendor/markbaker/matrix/classes/src/Operators/lib.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
Chắc anh Trung Của nào dựa theo các thư viện trong code điểm danh lâu ngày của mình chưa update để vào phá hoại đây mà.
Hình như hắn cũng mở truy cập SQL từ xa luôn nhưng xóa IP rồi quên lưu lại.
Bây giờ vẫn còn 2 PID chạy để tự động chép đè file index.php mà không truy cập được Terminal của CPanel để xóa được.
Thôi kệ, khắc phục hậu quả và xóa mấy code lỗi thời luôn cho chắc ăn.