企业必看:黑客入侵网站的十个信号,你中招了吗?
<h1 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 24px; line-height: 34px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">企业必看:黑客入侵网站的十个信号,你中招了吗?</h1><h2 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 22px; line-height: 32px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">摘要</h2><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">对于企业而言,黑客入侵往往不是“会不会”的问题,而是“什么时候”和“能否及时发现”的问题。数据显示,从黑客成功入侵到被企业发现,平均需要197天。在这段时间里,黑客早已窃取数据、植入后门、横向移动。及时发现入侵信号,是减少损失的关键。本文总结黑客入侵网站的十个典型信号,从服务器异常、网络流量异常、账户行为异常到文件变化、日志异常,帮助企业安全团队建立“入侵雷达”,第一时间发现并响应威胁。</p><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><span style="font-weight: 600;">关键词:</span> 企业安全;入侵检测;黑客信号;服务器异常;流量异常;日志审计;应急响应</p><hr style="background: none 0% 0% / auto repeat scroll padding-box border-box rgba(0, 0, 0, 0.1); border: none; height: 1px; margin-top: 32px; margin-bottom: 32px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><h2 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 22px; line-height: 32px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">第一章 引言:看不见的敌人</h2><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">作为企业IT运维或安全负责人,你可能每天检查服务器状态、查看流量曲线、扫描漏洞。但在你眼皮底下,可能早已有黑客潜伏——几个月前就进来了,现在正在慢慢窃取你的数据。</p><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">这听起来像恐怖故事,却是无数企业的真实经历。根据行业报告,从黑客成功入侵到被企业发现,平均需要197天。在这197天里,黑客可以:</p><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">窃取所有客户数据</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">植入多个后门</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">横向移动到核心系统</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">甚至早已离开,留下随时可进的“后门”</p></li></ul><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">为什么发现这么慢?因为入侵往往是“静默”的——黑客不会敲锣打鼓告诉你“我来了”。他们小心翼翼地操作,尽量不触发任何警报。</p><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">但没有任何入侵是100%无痕迹的。总有一些“信号”会暴露他们的存在。问题在于:你知道该看什么吗?</p><h2 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 22px; line-height: 32px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">第二章 信号一:服务器资源异常飙升</h2><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">2.1 现象</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">CPU使用率长期居高不下</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">内存占用异常增加</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">磁盘I/O持续高位</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">系统响应变慢</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">2.2 可能的原因</h3><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">黑客可能在你的服务器上:</p><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph"><span style="font-weight: 600;">挖矿</span>:植入挖矿程序,占用CPU挖掘加密货币</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">暴力破解</span>:正在尝试破解其他系统</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">数据打包</span>:正在压缩窃取的数据,准备外传</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">运行扫描工具</span>:扫描内网其他主机</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">2.3 如何检查</h3><ol start="1" style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">使用<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">top</code>、<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">htop</code>查看CPU占用最高的进程</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">检查这些进程的路径、启动时间、数字签名</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">搜索可疑进程名(可能是随机字符串或伪装成系统进程)</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">使用<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">netstat -anp</code>查看异常进程的网络连接</p></li></ol><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">2.4 真实案例</h3><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">某公司运维发现服务器CPU持续100%,查了半天发现是<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">httpd</code>进程异常。仔细一看,真正的<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">httpd</code>在<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">/usr/sbin/</code>,而这个在<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">/tmp</code>下——明显是挖矿木马。</p><h2 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 22px; line-height: 32px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">第三章 信号二:网络流量异常</h2><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">3.1 现象</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">出口流量激增(特别在非工作时间)</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">出现连接已知恶意IP的通信</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">大量DNS请求指向可疑域名</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">非标准端口出现大量数据</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">3.2 可能的原因</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph"><span style="font-weight: 600;">数据外传</span>:黑客正在将窃取的数据打包发送出去</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">C2通信</span>:后门程序与黑客的C2服务器保持心跳连接</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">DDoS攻击</span>:你的服务器被用作“肉鸡”攻击别人</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">扫描行为</span>:黑客通过你的服务器扫描其他目标</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">3.3 如何检查</h3><ol start="1" style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">部署流量分析工具(如ntopng、Zeek)</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">建立流量基线,监控异常峰值</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">使用威胁情报,检测连接恶意IP</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">分析DNS日志,发现DGA(域名生成算法)特征</p></li></ol><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">3.4 真实案例</h3><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">某企业发现每天凌晨3点出口流量暴涨。追踪发现,一台服务器定时向某海外IP发送大量压缩包。经查,该服务器已被植入后门3个月,窃取了近2TB数据。</p><h2 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 22px; line-height: 32px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">第四章 信号三:异常账户活动</h2><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">4.1 现象</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">出现未知的系统账户</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">已有账户在异常时间登录</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">来自异常IP的登录成功</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">多次登录失败记录</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">4.2 可能的原因</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph"><span style="font-weight: 600;">后门账户</span>:黑客创建隐藏账户用于持久化</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">账户被盗</span>:合法账户被黑客使用</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">暴力破解</span>:黑客正在尝试登录</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">4.3 如何检查</h3><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">Linux检查:</p><div class="md-code-block md-code-block-light" style="--ds-md-code-banner-background-color: #f9fafb; --ds-md-code-block-border-radius: 12px; --ds-md-code-block-font-size: calc(1.143*11px); color: rgb(15, 17, 21); background: none 0% 0% / auto repeat scroll padding-box border-box rgb(249, 250, 251); border-radius: 12px; margin-top: 16px; margin-bottom: 11.43px; position: relative; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><div class="md-code-block-banner-wrap" style="z-index: 6; background-color: rgb(255, 255, 255); position: sticky; top: 0px;"><div class="md-code-block-banner md-code-block-banner-lite" style="background: none 0% 0% / auto repeat scroll padding-box border-box rgb(249, 250, 251); font-size: 12.573px; line-height: 12.573px; justify-content: space-between; display: flex; border-top-left-radius: 12px; border-top-right-radius: 12px;"><div class="_121d384" style="justify-content: space-between; align-items: center; width: 740px; padding: 6px; display: flex;"><div class="d2a24f03" style="flex-shrink: 0;"><span class="d813de27" style="font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; margin-left: 8px; font-size: 12px; line-height: 18px;">bash</span></div></div></div></div><pre style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 13px; line-height: 22px; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; overflow: auto; text-wrap-mode: wrap; word-break: break-all; padding: 16px;"><span class="token function" style="color: rgb(64, 120, 242);">cat</span> /etc/passwd <span class="token comment" style="color: rgb(160, 161, 167); font-style: italic;"># 查看所有账户</span><span class="token function" style="color: rgb(64, 120, 242);">grep</span> :0: /etc/passwd <span class="token comment" style="color: rgb(160, 161, 167); font-style: italic;"># 查看UID为0的账户(超级权限)</span>
last <span class="token comment" style="color: rgb(160, 161, 167); font-style: italic;"># 查看登录历史</span>
lastlog <span class="token comment" style="color: rgb(160, 161, 167); font-style: italic;"># 查看所有账户最后登录时间</span></pre><svg xmlns="http://www.w3.org/2000/svg" width="12" height="12" viewBox="0 0 12 12" fill="none" class="_9bc997d _33882ae"><path d="M-5.24537e-07 0C-2.34843e-07 6.62742 5.37258 12 12 12L0 12L-5.24537e-07 0Z" fill="currentColor"></path></svg><svg xmlns="http://www.w3.org/2000/svg" width="12" height="12" viewBox="0 0 12 12" fill="none" class="_9bc997d _28d7e84"><path d="M-5.24537e-07 0C-2.34843e-07 6.62742 5.37258 12 12 12L0 12L-5.24537e-07 0Z" fill="currentColor"></path></svg></div><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">Windows检查:</p><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">计算机管理 → 本地用户和组</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">事件查看器 → 安全日志(登录事件ID 4624/4625)</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">4.4 特殊关注</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">用户名以<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">$</code>结尾的隐藏账户(Windows)</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">UID为0的非root账户(Linux)</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">非工作时间登录</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">来自非常用地区的IP</p></li></ul><h2 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 22px; line-height: 32px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">第五章 信号四:文件系统异常变化</h2><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">5.1 现象</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">出现不明文件(特别是Web目录)</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">系统文件被修改</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">文件权限被更改</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">大量文件批量修改</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">5.2 可能的原因</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph"><span style="font-weight: 600;">WebShell上传</span>:黑客在Web目录留后门</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">Rootkit安装</span>:替换系统文件</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">勒索软件</span>:批量加密文件</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">配置篡改</span>:修改系统配置维持权限</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">5.3 如何检查</h3><ol start="1" style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">使用文件完整性监控(如Tripwire、AIDE)</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">定期扫描Web目录的新文件</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">检查系统文件修改时间</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">搜索常见WebShell特征(<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">eval(</code>、<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">base64_decode(</code>等)</p></li></ol><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">5.4 重点关注目录</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">Linux:<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">/tmp</code>、<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">/var/tmp</code>、<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">/dev/shm</code>、Web目录、<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">/etc/</code>、<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">/usr/bin/</code></p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">Windows:<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">C:\Windows\Temp</code>、<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">C:\Users\Public</code>、IIS目录、启动项</p></li></ul><h2 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 22px; line-height: 32px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">第六章 信号五:日志异常</h2><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">6.1 现象</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">日志文件被清空或删除</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">特定时间段的日志缺失</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">日志中出现大量错误</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">日志增长突然停止</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">6.2 可能的原因</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph"><span style="font-weight: 600;">痕迹清除</span>:黑客删除包含自己活动的日志</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">日志服务被停止</span>:防止记录后续操作</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">磁盘写满</span>:可能由大量错误日志造成</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">6.3 如何检查</h3><ol start="1" style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">检查日志文件的连续性(有没有断档)</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">监控日志服务状态</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">配置日志集中存储(防止本地删除)</p></li></ol><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">6.4 特别注意</h3><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">如果发现日志被清空,这本身就是最强烈的入侵信号——黑客在掩盖痕迹。</p><h2 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 22px; line-height: 32px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">第七章 信号六:异常的计划任务/服务</h2><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">7.1 现象</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">出现不认识的计划任务</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">新增未知的系统服务</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">启动项中有不明程序</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">7.2 可能的原因</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph"><span style="font-weight: 600;">持久化后门</span>:黑客通过计划任务定期回连</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">挖矿程序</span>:定期启动挖矿</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">恶意服务</span>:伪装成系统服务运行</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">7.3 如何检查</h3><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">Linux计划任务:</p><div class="md-code-block md-code-block-light" style="--ds-md-code-banner-background-color: #f9fafb; --ds-md-code-block-border-radius: 12px; --ds-md-code-block-font-size: calc(1.143*11px); color: rgb(15, 17, 21); background: none 0% 0% / auto repeat scroll padding-box border-box rgb(249, 250, 251); border-radius: 12px; margin-top: 16px; margin-bottom: 11.43px; position: relative; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><div class="md-code-block-banner-wrap" style="z-index: 6; background-color: rgb(255, 255, 255); position: sticky; top: 0px;"><div class="md-code-block-banner md-code-block-banner-lite" style="background: none 0% 0% / auto repeat scroll padding-box border-box rgb(249, 250, 251); font-size: 12.573px; line-height: 12.573px; justify-content: space-between; display: flex; border-top-left-radius: 12px; border-top-right-radius: 12px;"><div class="_121d384" style="justify-content: space-between; align-items: center; width: 740px; padding: 6px; display: flex;"><div class="d2a24f03" style="flex-shrink: 0;"><span class="d813de27" style="font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; margin-left: 8px; font-size: 12px; line-height: 18px;">bash</span></div></div></div></div><pre style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 13px; line-height: 22px; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; overflow: auto; text-wrap-mode: wrap; word-break: break-all; padding: 16px;"><span class="token function" style="color: rgb(64, 120, 242);">crontab</span> <span class="token parameter variable" style="color: rgb(64, 120, 242);">-l</span> <span class="token comment" style="color: rgb(160, 161, 167); font-style: italic;"># 当前用户</span>
<span class="token function" style="color: rgb(64, 120, 242);">cat</span> /etc/crontab <span class="token comment" style="color: rgb(160, 161, 167); font-style: italic;"># 系统计划任务</span>
<span class="token function" style="color: rgb(64, 120, 242);">ls</span> /etc/cron.d/ <span class="token comment" style="color: rgb(160, 161, 167); font-style: italic;"># 其他计划任务</span>
systemctl list-units <span class="token comment" style="color: rgb(160, 161, 167); font-style: italic;"># 查看所有服务</span></pre><svg xmlns="http://www.w3.org/2000/svg" width="12" height="12" viewBox="0 0 12 12" fill="none" class="_9bc997d _33882ae"><path d="M-5.24537e-07 0C-2.34843e-07 6.62742 5.37258 12 12 12L0 12L-5.24537e-07 0Z" fill="currentColor"></path></svg><svg xmlns="http://www.w3.org/2000/svg" width="12" height="12" viewBox="0 0 12 12" fill="none" class="_9bc997d _28d7e84"><path d="M-5.24537e-07 0C-2.34843e-07 6.62742 5.37258 12 12 12L0 12L-5.24537e-07 0Z" fill="currentColor"></path></svg></div><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">Windows:</p><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph"><code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">schtasks</code> 命令行查看</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">任务计划程序界面</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">services.msc</code> 查看服务</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">msconfig</code> 查看启动项</p></li></ul><h2 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 22px; line-height: 32px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">第八章 信号七:数据库异常</h2><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">8.1 现象</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">数据库查询缓慢</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">大量异常查询(特别是<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">UNION</code>、<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">INTO OUTFILE</code>)</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">数据库日志中出现错误</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">数据量异常变化</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">8.2 可能的原因</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph"><span style="font-weight: 600;">SQL注入</span>:黑客正在探测或窃取数据</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">数据窃取</span>:批量导出操作</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph"><span style="font-weight: 600;">WebShell写入</span>:通过<code style="box-sizing: border-box; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: 100%; line-height: 22px; font-optical-sizing: auto; font-size-adjust: none; font-kerning: auto; font-feature-settings: normal; font-variation-settings: normal; font-language-override: normal; font-family: Menlo, Monaco, Consolas, "Cascadia Mono", "Ubuntu Mono", "DejaVu Sans Mono", "Liberation Mono", "JetBrains Mono", "Fira Code", Cousine, "Roboto Mono", "Courier New", Courier, sans-serif, system-ui; background-color: rgb(235, 238, 242); border-radius: 6px; align-items: center; padding-right: 5px; padding-left: 5px; display: inline-flex; font-size: 0.875em !important;">INTO OUTFILE</code>写入文件</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">8.3 如何检查</h3><ol start="1" style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">开启数据库审计日志</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">监控慢查询</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">检查数据库账户权限(是否有不必要的FILE权限)</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">查看数据库连接来源</p></li></ol><h2 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 22px; line-height: 32px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">第九章 信号八:安全软件被关闭</h2><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">9.1 现象</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">杀毒软件被禁用</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">防火墙规则被修改</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">EDR代理停止运行</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">无法启动安全服务</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">9.2 可能的原因</h3><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">黑客获得权限后,第一件事往往是关闭或绕过安全软件,防止被检测。</p><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">9.3 如何检查</h3><ol start="1" style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">监控安全服务的状态</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">设置告警:当安全软件停止时立即通知</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">检查安全软件的日志(是否有被停止的记录)</p></li></ol><h2 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 22px; line-height: 32px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">第十章 信号九:用户反馈异常</h2><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">10.1 现象</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">用户反映网站变慢</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">报告收到异常邮件(自称来自公司)</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">账户被盗用</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">看到奇怪的内容</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">10.2 可能的原因</h3><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">用户往往是第一个发现异常的人。他们的反馈可能是入侵的早期信号。</p><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">10.3 如何处理</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">建立便捷的反馈渠道</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">重视每一条用户报告</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">不轻易归咎于“用户操作问题”</p></li></ul><h2 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 22px; line-height: 32px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">第十一章 信号十:第三方通报</h2><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">11.1 现象</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">收到安全厂商的威胁情报</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">合作伙伴通知“你们的IP在攻击我们”</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">监管机构通报“检测到异常”</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">暗网出现自称贵司的数据出售</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">11.2 如何处理</h3><ol start="1" style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">立即核实</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">启动应急响应</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">不要否认或忽视</p></li></ol><h2 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 22px; line-height: 32px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">第十二章 发现信号后:应急响应四步法</h2><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">12.1 第一步:确认</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">多个信号交叉验证</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">排除误报</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">确定影响范围</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">12.2 第二步:隔离</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">断开受影响系统网络</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">阻止恶意IP</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">重置受影响账户</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">12.3 第三步:分析</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">保留证据(内存、磁盘镜像)</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">确定入侵路径</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">查找后门</p></li></ul><h3 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 20px; line-height: 30px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">12.4 第四步:恢复与改进</h3><ul style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">清除后门</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">修复漏洞</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">加强监控</p></li></ul><h2 style="font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-size-adjust: none; font-language-override: normal; font-kerning: auto; font-optical-sizing: auto; font-feature-settings: normal; font-variation-settings: normal; font-variant-position: normal; font-variant-emoji: normal; font-stretch: normal; font-size: 22px; line-height: 32px; font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif; margin-top: 32px; margin-bottom: 16px; color: rgb(15, 17, 21);">第十三章 结语:建立你的“入侵雷达”</h2><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">十个信号,就像是你的“入侵雷达”:</p><ol start="1" style="margin-top: 16px; margin-bottom: 16px; padding-left: 18px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;"><li><p class="ds-markdown-paragraph">资源异常</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">流量异常</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">账户异常</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">文件异常</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">日志异常</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">计划任务异常</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">数据库异常</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">安全软件异常</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">用户反馈</p></li><li style="margin-top: 6px;"><p class="ds-markdown-paragraph">第三方通报</p></li></ol><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">单独一个信号可能是误报,但多个信号同时出现,基本可以确认被入侵。</p><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">关键不是“会不会被入侵”,而是“多快能发现”。建立监控、重视信号、快速响应,才能将损失降到最低。</p><p class="ds-markdown-paragraph" style="margin-top: 16px; margin-bottom: 16px; color: rgb(15, 17, 21); font-family: quote-cjk-patch, Inter, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;">今天就开始检查:你的服务器上,有没有这些信号?</p><div><br></div><p></p>
页:
[1]