我在电脑上安装了IIS和WordPress,使用花生壳的免费域名建立了一个站点。但是我今天看我IIS的日志的时候,发现下面诡异的LOG。
从23号到25号连续三天,每天中午,都会有下面的日志。
我解释一下。
23号到25号,我上班,一天都不在家,而且房门是关的,不会有人进去开机的!而且我的IIS是要手动开的。根本就不应该有日志的吧。
怎么会有这个时候的日志呢?
我是不是被人肉鸡了?安了个木马,到时间自动开机,启动IIS。用WordPress的漏洞入侵的呢?
注:WordPress 2.8 Windows XP Sp3,安装所有安全补丁。
杀毒软件Avast!
#Software: Microsoft Internet Information Services 5.1
#Version: 1.0
#Date: 2009-06-24 12:44:17
#Fields: time c-ip cs-method cs-uri-stem sc-status
12:44:17 114.92.xxx.xxx GET /press/index.php 200
12:44:17 114.92.xxx.xxx GET /press/wp-content/themes/default/style.css 304
12:44:17 114.92.xxx.xxx GET /press/wp-content/themes/default/images/kubrickbgcolor.jpg 304
12:44:17 114.92.xxx.xxx GET /press/wp-content/themes/default/images/kubrickbg-ltr.jpg 304
12:44:18 114.92.xxx.xxx GET /press/wp-content/themes/default/images/kubrickheader.jpg 304
12:44:18 114.92.xxx.xxx GET /press/wp-content/themes/default/images/kubrickfooter.jpg 304
12:44:24 114.92.xxx.xxx POST /press/wp-cron.php 200
14:59:20 114.92.xxx.xxx GET /press/wp-includes/wlwmanifest.xml 304
14:59:28 114.92.xxx.xxx POST /press/xmlrpc.php 200
14:59:30 114.92.xxx.xxx POST /press/wp-cron.php 200
14:59:32 114.92.xxx.xxx POST /press/xmlrpc.php 200
14:59:33 114.92.xxx.xxx POST /press/xmlrpc.php 200
14:59:34 114.92.xxx.xxx POST /press/xmlrpc.php 200
14:59:35 114.92.xxx.xxx POST /press/xmlrpc.php 200
14:59:39 114.92.xxx.xxx GET /press/index.php 200
14:59:39 114.92.xxx.xxx GET /press/wp-content/themes/default/style.css 304
14:59:39 114.92.xxx.xxx GET /press/wp-content/themes/default/images/kubrickbgcolor.jpg 304
14:59:39 114.92.xxx.xxx GET /press/wp-content/themes/default/images/kubrickheader.jpg 304
14:59:39 114.92.xxx.xxx GET /press/wp-content/themes/default/images/kubrickbg-ltr.jpg 304
14:59:39 114.92.xxx.xxx GET /press/wp-content/themes/default/images/kubrickfooter.jpg 304
15:05:41 118.170.248.138 CONNECT - 501
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法