站长们注意：宝塔面板疑似漏洞或Nginx异常

The following is the content published by the Pagoda Forum. Because many friends are currently using Pagoda, everyone must take a look at it. Those who build the website should make regular backups every day and back up the website data and database.

Obvious phenomenon: Visiting your own website jumps to other illegal websites If the above phenomenon occurs, check whether it meets the following characteristics 1. Use incognito mode to access the js file of the target website. The content contains: _0xd4d9 or _0x2551 keywords. 2. Panel logs and system logs have been cleared. 3. /www/server/nginx/sbin/nginx has been replaced, or the /www/server/nginx/conf/btwaf/config file exists 4. The nginx installed in the first stage exists in the /www/server/panel/data/nginx_md5.pl file, which can be compared with the existing file to confirm whether it has been modified (nginx_md5.pl file is the md5 we use to record the last time we installed nginx value, if your website is abnormal, you can open this file and compare it with the current /www/server/nginx/sbin/nginx file md5) In addition, for users who are using it normally without any abnormal problems, we give reinforcement suggestions. If you are worried about the risks of the panel, you can log in to the terminal and execute the bt stop command to stop the panel service (the command to start the service is bt restart). Stopping the panel service will not affect you. The normal operation of the website. Secondly, the following measures can be taken in the Pagoda panel to strengthen the website, panel, and server. 1. Upgrade the panel to the latest version. It is already the latest version. Repair the panel on the homepage and enable BasicAuth authentication. 2. Upgrade nginx to the latest sub-version of the current main version number. For example, if 1.22.0 is upgraded to 1.22.1, it is already the latest version. Please uninstall and reinstall. 3. If the panel or nginx cannot be upgraded temporarily due to production needs, enable BasicAuth authentication and set the authorization IP conditionally. 5. [Enterprise version anti-tampering-reconstructed version] plug-in can effectively prevent the website from being tampered with. It is recommended to enable and set the root user to prohibit modifying files (then release it when needed). In addition, change the nginx key execution directory (/www/server /nginx/sbin) locked 6. The [Key Directory Reinforcement] function in the [Pagoda System Reinforcement] plug-in can lock the nginx key execution directory (/www/server/nginx/sbin).

1234567891011121314

Obvious phenomenon: Visiting your own website jumps to other illegal websites. If the above phenomenon occurs, check whether it meets the following characteristics 1. Use incognito mode to access the target website js file, the content contains: _0xd4d9 or _0x2551 keywords 2. Panel logs and system logs have been cleared 3. /www/server/nginx/sbin/nginx has been replaced, or /www/server/nginx/ exists conf/btwaf/config file 4. The nginx installed in the first stage exists in the /www/server/panel/data/nginx_md5.pl file, which can be compared with the existing file to confirm whether it has been modified (nginx_md5.pl file is what we use to record The md5 value when nginx was last installed. If your website is abnormal, you can open this file and compare it with the current /www/server/nginx/sbin/nginx file md5) In addition, for users who use it normally without abnormal problems, we Reinforcement suggestions are given. If you are worried about the risk of the panel, you can log in to the terminal and execute the bt stop command to stop the panel service (the command to start the service is bt restart). Stopping the panel service will not affect the normal operation of your website. Secondly, the following measures can be taken in the Pagoda panel to strengthen the website, panel, and server. 1. Upgrade the panel to the latest version. It is already the latest version. Repair the panel on the homepage and enable BasicAuth authentication. 2. Upgrade nginx to the current main version number. The latest sub-version, such as 1.22.0 upgraded to 1.22.1, is already the latest version. Please uninstall and reinstall. 3. If the panel or nginx cannot be upgraded temporarily due to production needs, enable BasicAuth authentication and conditionally set authorization IP5, [ Enterprise version anti-tampering-reconstructed version] plug-in can effectively prevent the website from being tampered with. It is recommended to enable and set the root user to prohibit modifying files (then release it when needed). In addition, change the nginx key execution directory (/www/server/nginx/ sbin) lock 6. The [Key Directory Reinforcement] function in the [Pagoda System Reinforcement] plug-in can lock the nginx key execution directory (/www/server/nginx/sbin).

Recommended site searches: Hong Kong server rental, Ministry of Industry and Information Technology registration, site group server, Alibaba Cloud free virtual host, game high defense server rental, independent IP space, domain name expiration query, high defense server rental, how to purchase virtual host, server What defense to use?