sudo lsof -i :80어떤 포트 80이 수신 대기하고 있는지 확인하기 위해 포트 80에서 실행했으며 다음과 같은 출력을 얻었습니다 .
이것이 무엇을 의미하는지 이해하지 못합니다. 일부 프로그램이 우리 서버에서 실행되고 Tor 종료 노드를 사용하는 것으로 보입니다.
이 악성 프로그램을 죽이는 방법은 무엇입니까?
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 5372 root 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5375 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5375 www-data 12u IPv6 52941 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:54796 (ESTABLISHED)
apache2 5376 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5376 www-data 12u IPv6 52939 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:54734 (ESTABLISHED)
apache2 5377 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5377 www-data 12u IPv6 52938 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:54732 (ESTABLISHED)
apache2 5378 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5378 www-data 12u IPv6 52940 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:54738 (ESTABLISHED)
apache2 5379 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5379 www-data 12u IPv6 52942 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:54908 (ESTABLISHED)
apache2 5382 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5382 www-data 12u IPv6 52956 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:54942 (ESTABLISHED)
apache2 5383 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5383 www-data 12u IPv6 52958 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:54976 (ESTABLISHED)
apache2 5384 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5384 www-data 12u IPv6 52957 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:54940 (ESTABLISHED)
apache2 5385 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5385 www-data 12u IPv6 52962 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:54994 (ESTABLISHED)
apache2 5386 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5386 www-data 12u IPv6 52961 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:54992 (ESTABLISHED)
apache2 5387 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5387 www-data 12u IPv6 52960 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:54996 (ESTABLISHED)
apache2 5388 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5388 www-data 12u IPv6 52959 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:54998 (ESTABLISHED)
apache2 5389 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5389 www-data 12u IPv6 52968 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:26567 (ESTABLISHED)
apache2 5390 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5390 www-data 12u IPv6 52966 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55104 (ESTABLISHED)
apache2 5391 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5391 www-data 12u IPv6 52964 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55094 (ESTABLISHED)
apache2 5392 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5392 www-data 12u IPv6 52963 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55054 (ESTABLISHED)
apache2 5393 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5393 www-data 12u IPv6 52965 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55102 (ESTABLISHED)
apache2 5394 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5394 www-data 12u IPv6 52969 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:26568 (ESTABLISHED)
apache2 5395 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5395 www-data 12u IPv6 53110 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:31376 (ESTABLISHED)
apache2 5396 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5396 www-data 12u IPv6 52970 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:26645 (ESTABLISHED)
apache2 5397 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5397 www-data 12u IPv6 52981 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55274 (ESTABLISHED)
apache2 5398 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5398 www-data 12u IPv6 52976 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55222 (ESTABLISHED)
apache2 5399 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5399 www-data 12u IPv6 52975 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55220 (ESTABLISHED)
apache2 5400 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5400 www-data 12u IPv6 52974 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:26789 (ESTABLISHED)
apache2 5401 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5401 www-data 12u IPv6 52973 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55182 (ESTABLISHED)
apache2 5402 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5402 www-data 12u IPv6 52977 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55224 (ESTABLISHED)
apache2 5403 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5403 www-data 12u IPv6 52979 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55256 (ESTABLISHED)
apache2 5404 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5404 www-data 12u IPv6 52978 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55252 (ESTABLISHED)
apache2 5405 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5405 www-data 12u IPv6 52980 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55254 (ESTABLISHED)
apache2 5406 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5406 www-data 12u IPv6 52984 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55276 (ESTABLISHED)
apache2 5407 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5407 www-data 12u IPv6 52982 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:26913 (ESTABLISHED)
apache2 5408 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5408 www-data 12u IPv6 52983 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55272 (ESTABLISHED)
apache2 5409 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5409 www-data 12u IPv6 52985 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55322 (ESTABLISHED)
apache2 5410 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5410 www-data 12u IPv6 52987 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:27036 (ESTABLISHED)
apache2 5411 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5411 www-data 12u IPv6 52986 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55320 (ESTABLISHED)
apache2 5412 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5412 www-data 12u IPv6 52988 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55344 (ESTABLISHED)
apache2 5413 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5413 www-data 12u IPv6 53002 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55418 (ESTABLISHED)
apache2 5414 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5414 www-data 12u IPv6 52997 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55376 (ESTABLISHED)
apache2 5415 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5415 www-data 12u IPv6 52996 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55342 (ESTABLISHED)
apache2 5416 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5416 www-data 12u IPv6 52999 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55372 (ESTABLISHED)
apache2 5417 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5417 www-data 12u IPv6 53001 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55420 (ESTABLISHED)
apache2 5418 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5418 www-data 12u IPv6 52998 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55374 (ESTABLISHED)
apache2 5419 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5419 www-data 12u IPv6 53000 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55408 (ESTABLISHED)
apache2 5420 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5420 www-data 12u IPv6 53003 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:55422 (ESTABLISHED)
apache2 5421 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5421 www-data 12u IPv6 53004 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:27391 (ESTABLISHED)
apache2 5422 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5422 www-data 12u IPv6 53007 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:27573 (ESTABLISHED) ttp->exit4.tor-network.net:56150 (ESTABLISHED)
apache2 5462 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5462 www-data 12u IPv6 53045 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:64248 (ESTABLISHED)
apache2 5463 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5463 www-data 12u IPv6 53046 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:19251 (ESTABLISHED)
apache2 5464 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5464 www-data 12u IPv6 53048 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:29429 (ESTABLISHED)
apache2 5465 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5465 www-data 12u IPv6 53047 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:29430 (ESTABLISHED)
apache2 5466 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5466 www-data 12u IPv6 53050 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:29501 (ESTABLISHED)
apache2 5467 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5467 www-data 12u IPv6 53051 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:29531 (ESTABLISHED)
apache2 5468 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5468 www-data 12u IPv6 53049 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:29471 (ESTABLISHED)
apache2 5469 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5469 www-data 12u IPv6 53052 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:56268 (ESTABLISHED)
apache2 5470 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5470 www-data 12u IPv6 53053 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:56266 (ESTABLISHED)
apache2 5471 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5471 www-data 12u IPv6 53054 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:56276 (ESTABLISHED)
apache2 5472 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5472 www-data 12u IPv6 53055 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:29649 (ESTABLISHED)
apache2 5473 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5473 www-data 12u IPv6 53056 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:29694 (ESTABLISHED)
apache2 5474 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5474 www-data 12u IPv6 53057 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:29692 (ESTABLISHED)
apache2 5475 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5475 www-data 12u IPv6 53058 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:56314 (ESTABLISHED)
apache2 5476 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5476 www-data 12u IPv6 53059 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:56316 (ESTABLISHED)
apache2 5477 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5477 www-data 12u IPv6 53063 0t0 TCP 207.246.94.76.vultr.com:h
apache2 5488 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5488 www-data 12u IPv6 53071 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:56476 (ESTABLISHED)
apache2 5489 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5489 www-data 12u IPv6 53075 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:30309 (ESTABLISHED)
apache2 5490 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5490 www-data 12u IPv6 53072 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:56474 (ESTABLISHED)
apache2 5491 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5491 www-data 12u IPv6 53073 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:56518 (ESTABLISHED)
apache2 5492 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5492 www-data 12u IPv6 53074 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:56568 (ESTABLISHED)
apache2 5493 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5493 www-data 12u IPv6 53077 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:30412 (ESTABLISHED)
apache2 5494 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5494 www-data 12u IPv6 53076 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:56628 (ESTABLISHED)
apache2 5495 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5495 www-data 12u IPv6 53078 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:56676 (ESTABLISHED)
apache2 5496 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5496 www-data 12u IPv6 53080 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:30559 (ESTABLISHED)
apache2 5497 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5497 www-data 12u IPv6 53079 0t0 TCP 207.246.94.76.vultr.com:h ttp->exit4.tor-network.net:56678 (ESTABLISHED)
apache2 5498 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5498 www-data 12u IPv6 53081 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:30572 (ESTABLISHED)
apache2 5499 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5499 www-data 12u IPv6 53082 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:30595 (ESTABLISHED)
apache2 5500 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5500 www-data 12u IPv6 53084 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:30596 (ESTABLISHED)
apache2 5526 www-data 4u IPv6 52924 0t0 TCP *:http (LISTEN)
apache2 5526 www-data 12u IPv6 53109 0t0 TCP 207.246.94.76.vultr.com:h ttp->tor-exit-anonymizer-10.appliedprivacy.net:31386 (ESTABLISHED)
답변1
명령 출력의 첫 번째 필드는 lsof이것이 apache2포트 80에서 수신 대기하는 "악성" 프로그램임을 보여줍니다. Apache는 포트 80(기본적으로 어디에서나)에서 연결을 수신하고 기다립니다. 서버 설정에 대한 배경 정보를 많이 제공하지 않고 컨텍스트가 없으면 출력은 lsof웹 서버를 실행하고 누군가가 Tor를 사용하여 연결하는 것처럼 보입니다. 나는 개인적으로 많은 웹 서버를 유지 관리하고 있으며 일반적으로 클라이언트가 어디에서 연결되는지 신경 쓰지 않습니다.
Tor 클라이언트 연결에 대한 자세한 내용을 보려면 Apache 로그 파일을 확인해야 합니다. 실제로 Apache가 설치되어 있지 않은 경우큰문제이고 꼭 해야 할 일감염된 서버 처리.