有木马,千万别用

Question

有木马,千万别用

freeflyfree opened this issue a year ago · 8 comments

freeflyfree commented a year ago

我才用了两天，我的电脑密码就被改了，我的密码有字母，有数字，有符号，以前从来没有发生过，用了这个就马上被别人入侵了。安装的时候，杀毒软件提示有木马，我就想应该是误报，谁知道！

Answer 1 · 2023-12-10T02:29:25.000Z

这个不是开源的吗?有木马的话自己看源代码自己编译啊

Answer 2 · 2023-12-10T02:33:42.000Z

这个不是开源的吗?有木马的话自己看源代码自己编译啊

可惜我不是直接用的源码编译, 用的是编译好的, 我想大部分人应该用的都是编译好的版本, 所以在前面有人说最好用源码自己编译,不要用编译好的版本.

Answer 3 · 2023-12-25T14:34:19.000Z

怎么更改呢

Answer 4 · 2024-01-24T13:25:05.000Z

这个好久没更新了，有漏洞的。你可以去用别人改的版本，也可以自己修复一下。https://blog.hgtrojan.com/index.php/archives/247/
上面这篇博文的评论区有修复教程。
这个是别人推出漏洞修复版：
https://github.com/yisier/nps

Answer 5 · 2024-02-04T02:36:03.000Z

漏洞挺严重的
https://github.com/weishen250/npscrack

Answer 6 · 2024-02-04T06:26:46.000Z

腾讯云发提醒短信了。

Answer 7 · 2024-06-20T17:57:28.000Z

0.26.10版本有确定的SSH字典攻击，只要启动npc，在secure日志中就可以看到大量的ssh攻击，我也是花费了几天的时间查清楚的，幸好没有被攻破。
Jun 21 01:42:54 P40 sshd[90342]: Failed password for invalid user rootuser from 127.0.0.1 port 41392 ssh2
Jun 21 01:42:56 P40 sshd[90342]: Connection closed by invalid user rootuser 127.0.0.1 port 41392 [preauth]
Jun 21 01:44:21 P40 sshd[90513]: Invalid user rfm from 127.0.0.1 port 52754
Jun 21 01:44:21 P40 sshd[90513]: pam_unix(sshd:auth): check pass; user unknown
Jun 21 01:44:21 P40 sshd[90513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1
Jun 21 01:44:22 P40 sshd[90513]: Failed password for invalid user rfm from 127.0.0.1 port 52754 ssh2
Jun 21 01:44:23 P40 sshd[90513]: Connection closed by invalid user rfm 127.0.0.1 port 52754 [preauth]
Jun 21 01:44:36 P40 sshd[90537]: Invalid user huangmengqi from 127.0.0.1 port 38172
Jun 21 01:44:37 P40 sshd[90537]: pam_unix(sshd:auth): check pass; user unknown
Jun 21 01:44:37 P40 sshd[90537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1
Jun 21 01:44:39 P40 sshd[90537]: Failed password for invalid user huangmengqi from 127.0.0.1 port 38172 ssh2
Jun 21 01:44:41 P40 sshd[90537]: Connection closed by invalid user huangmengqi 127.0.0.1 port 38172 [preauth]
Jun 21 01:45:07 P40 sshd[90585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=root
Jun 21 01:45:10 P40 sshd[90585]: Failed password for root from 127.0.0.1 port 50230 ssh2
Jun 21 01:45:10 P40 sshd[90585]: Connection closed by authenticating user root 127.0.0.1 port 50230 [preauth]

Answer 8 · 2024-06-21T15:54:53.000Z

是的，这个是有鉴权漏洞，Github中搜索一下就能找到

…

------------------ 原始邮件 ------------------ 发件人: atomsi ***@***.***> 发送时间: 2024年6月21日 01:57 收件人: ehang-io/nps ***@***.***> 抄送: xrmhxj ***@***.***>, Comment ***@***.***> 主题: Re: [ehang-io/nps] 有木马,千万别用 (Issue #1264) 0.26.10版本有确定的SSH字典攻击，只要启动npc，在secure日志中就可以看到大量的ssh攻击，我也是花费了几天的时间查清楚的，幸好没有被攻破。 Jun 21 01:42:54 P40 sshd[90342]: Failed password for invalid user rootuser from 127.0.0.1 port 41392 ssh2 Jun 21 01:42:56 P40 sshd[90342]: Connection closed by invalid user rootuser 127.0.0.1 port 41392 [preauth] Jun 21 01:44:21 P40 sshd[90513]: Invalid user rfm from 127.0.0.1 port 52754 Jun 21 01:44:21 P40 sshd[90513]: pam_unix(sshd:auth): check pass; user unknown Jun 21 01:44:21 P40 sshd[90513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 Jun 21 01:44:22 P40 sshd[90513]: Failed password for invalid user rfm from 127.0.0.1 port 52754 ssh2 Jun 21 01:44:23 P40 sshd[90513]: Connection closed by invalid user rfm 127.0.0.1 port 52754 [preauth] Jun 21 01:44:36 P40 sshd[90537]: Invalid user huangmengqi from 127.0.0.1 port 38172 Jun 21 01:44:37 P40 sshd[90537]: pam_unix(sshd:auth): check pass; user unknown Jun 21 01:44:37 P40 sshd[90537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 Jun 21 01:44:39 P40 sshd[90537]: Failed password for invalid user huangmengqi from 127.0.0.1 port 38172 ssh2 Jun 21 01:44:41 P40 sshd[90537]: Connection closed by invalid user huangmengqi 127.0.0.1 port 38172 [preauth] Jun 21 01:45:07 P40 sshd[90585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=root Jun 21 01:45:10 P40 sshd[90585]: Failed password for root from 127.0.0.1 port 50230 ssh2 Jun 21 01:45:10 P40 sshd[90585]: Connection closed by authenticating user root 127.0.0.1 port 50230 [preauth] — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: ***@***.***>