![图片](https://private-user-images.githubusercontent.com/38940994/279733068-d7c76996-d97a-4156-9bc1-463e1c11b8af.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE0MjU5MTMsIm5iZiI6MTcyMTQyNTYxMywicGF0aCI6Ii8zODk0MDk5NC8yNzk3MzMwNjgtZDdjNzY5OTYtZDk3YS00MTU2LTliYzEtNDYzZTFjMTFiOGFmLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MTklMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzE5VDIxNDY1M1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTczNjE3NmU0OGFkZThkODdlOTFjM2ZmNTllODVhMTdjMDcyMjlhNTBjMTNhNDZmNDc2MTY0NzFhZTFhZWQzNTcmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.6WGZaeHoRNHXpRBLJWe62_cNDx3_QhCR2EnibITdH1M)
bunkerweb log:
2023/11/01 16:16:26 [warn] 730#730: 372 [lua] _G write guard:12: __newindex(): writing a global Lua variable ('iend') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables
stack traceback:
/etc/bunkerweb/plugins/clamav/clamav.lua:236: in function 'scan'
/etc/bunkerweb/plugins/clamav/clamav.lua:85: in function </etc/bunkerweb/plugins/clamav/clamav.lua:67>
[C]: in function 'pcall'
/usr/share/bunkerweb/lua/bunkerweb/helpers.lua:126: in function 'call_plugin'
access_by_lua(suc.snagou.com/access-lua.conf:1):73: in main chunk, client: x.x.x.x, server: xxxx.com, request: "POST /@yang/index.php?c=uploadfile&a=ueditor&action=uploadfile HTTP/1.0", host: "xxxx.com", referrer: "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38"
2023/11/01 16:16:26 [warn] 730#730: 372 [ACCESS] denied access from clamav : file with checksum d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010is detected : Win.Test.EICAR_HDB-1, client: x.x.x.x, server: xxxx.com, request: "POST /@yang/index.php?c=uploadfile&a=ueditor&action=uploadfile HTTP/1.0", host: "xxxx.com", referrer: "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38"
xxxx.com x.x.x.x - - [01/Nov/2023:16:16:26 +0000] "GET /data/upload/image/20231102/1698854501958921.pdf HTTP/1.0" 200 184 "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36"
---pODs2Bt4---A--
[01/Nov/2023:16:16:26 +0000] 16988553868.563090 x.x.x.x 0 192.168.32.3 8080
---pODs2Bt4---B--
GET /data/upload/image/20231102/1698854501958921.pdf HTTP/1.0
Host: xxxx.com
X-Real-IP: x.x.x.x
X-Forwarded-For: x.x.x.x
Referer: http://xxxx.com/@yang/index.php?c=content&a=edit&id=38
X-Forwarded-Proto: http
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36
Cookie: PHPSESSID=38mgt0rq9n74b3jhcbjb5pv1to
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
---pODs2Bt4---F--
HTTP/1.0 200
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Referrer-Policy: strict-origin-when-cross-origin
ETag: "65427665-b8"
Last-Modified: Wed, 01 Nov 2023 16:01:41 GMT
Last-Modified: Wed, 01 Nov 2023 16:01:41 GMT
Connection: close
X-Powered-By:
Content-Type: application/pdf
Content-Length: 184
Date: Wed, 01 Nov 2023 16:16:26 GMT
Feature-Policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';
Server:
Server:
Content-Security-Policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';
X-Content-Type-Options: nosniff
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()
X-XSS-Protection: 1; mode=block
Expect-CT:
X-AspNet-Version:
X-AspNetMvc-Version:
---pODs2Bt4---H--
---pODs2Bt4---Z--
xxxx.com x.x.x.x - - [01/Nov/2023:16:16:26 +0000] "POST /@yang/index.php?c=uploadfile&a=ueditor&action=uploadfile HTTP/1.0" 403 703540 "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36"
xxxx.com x.x.x.x - - [01/Nov/2023:16:16:33 +0000] "POST /@yang/index.php?c=content&a=edit&id=38 HTTP/1.0" 200 655 "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36"
---8W6ch3Jr---A--
[01/Nov/2023:16:16:33 +0000] 169885539399.701045 x.x.x.x 0 192.168.32.3 8080
---8W6ch3Jr---B--
POST /@yang/index.php?c=content&a=edit&id=38 HTTP/1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36
X-Forwarded-Proto: http
Content-Type: application/x-www-form-urlencoded
Upgrade-Insecure-Requests: 1
Content-Length: 180
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Connection: close
Origin: http://xxxx.com
X-Forwarded-For: x.x.x.x
X-Real-IP: x.x.x.x
Host: xxxx.com
Referer: http://xxxx.com/@yang/index.php?c=content&a=edit&id=38
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=38mgt0rq9n74b3jhcbjb5pv1to
Accept-Language: zh-CN,zh;q=0.9
---8W6ch3Jr---C--
data%5Bcatid%5D=34&data%5Btitle%5D=%E8%BE%BE%E5%B0%94%E6%96%87%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95&data%5Bxiazai%5D=&file=eicar_com.pdf&data%5Bstatus%5D=1&submit=%E6%8F%90%E4%BA%A4
---8W6ch3Jr---F--
HTTP/1.0 200
Referrer-Policy: strict-origin-when-cross-origin
X-Frame-Options: SAMEORIGIN
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Security-Policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';
X-Powered-By:
Connection: close
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Wed, 01 Nov 2023 16:16:33 GMT
Feature-Policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';
Server:
Server:
X-Content-Type-Options: nosniff
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()
X-XSS-Protection: 1; mode=block
Expect-CT:
X-AspNet-Version:
X-AspNetMvc-Version:
---8W6ch3Jr---H--
---8W6ch3Jr---Z--
xxxx.com x.x.x.x - - [01/Nov/2023:16:16:35 +0000] "GET /@yang/index.php?c=content&a=edit&id=38 HTTP/1.0" 200 4623 "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36"
---Mru2hNOq---A--
[01/Nov/2023:16:16:35 +0000] 169885539523.818664 x.x.x.x 0 192.168.32.3 8080
---Mru2hNOq---B--
GET /@yang/index.php?c=content&a=edit&id=38 HTTP/1.0
Accept-Language: zh-CN,zh;q=0.9
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=38mgt0rq9n74b3jhcbjb5pv1to
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36
X-Forwarded-Proto: http
Upgrade-Insecure-Requests: 1
Connection: close
Referer: http://xxxx.com/@yang/index.php?c=content&a=edit&id=38
X-Forwarded-For: x.x.x.x
X-Real-IP: x.x.x.x
Host: xxxx.com
---Mru2hNOq---F--
HTTP/1.0 200
Referrer-Policy: strict-origin-when-cross-origin
X-Frame-Options: SAMEORIGIN
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Security-Policy: object-src 'none'; form-action 'self'; frame-ancestors 'self';
X-Powered-By:
Connection: close
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Wed, 01 Nov 2023 16:16:35 GMT
Feature-Policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';
Server:
Server:
X-Content-Type-Options: nosniff
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()
X-XSS-Protection: 1; mode=block
Expect-CT:
X-AspNet-Version:
X-AspNetMvc-Version:
---Mru2hNOq---H--
---Mru2hNOq---Z--
clamav log:
![图片](https://private-user-images.githubusercontent.com/38940994/279734687-b5b9f702-62a2-43f7-af1b-aed859edb796.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE0MjU5MTMsIm5iZiI6MTcyMTQyNTYxMywicGF0aCI6Ii8zODk0MDk5NC8yNzk3MzQ2ODctYjViOWY3MDItNjJhMi00M2Y3LWFmMWItYWVkODU5ZWRiNzk2LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MTklMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzE5VDIxNDY1M1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWVlMjExMzM3MGExMWQ4MTEwNTUyMWYwYTcwYTliOTA4NWI0ZjNmNTFhOGVlMzA5OTE0NThmZDNiZGM0ODRjNzImWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.QesLogQafssicuLQM-QXB9dlYFACA8g8qU0_-_z0bAs)