最近突然关注了一个消息,很多论坛都在传宝塔面板有后门,上传用户的隐私信息。不过我服务器就搭建了一个博客,也没存什么重要文件,所以对我来说无所谓了。
宝塔到底收集了哪些信息?
1、收集域名信息
文件:/www/server/panel/class/public.py(2858行)
def cloud_check_domain(domain):
'''
@name 从云端验证域名的可访问性,并将结果保存到文件
@author hwliang<2020-12-10>
@param domain {string} 被验证的域名
@return void
'''
try:
check_domain_path = '{}/data/check_domain/'.format(get_panel_path())
if not os.path.exists(check_domain_path):
os.makedirs(check_domain_path,384)
pdata = get_user_info()
pdata['domain'] = domain
result = httpPost('https://www.bt.cn/api/panel/check_domain',pdata)
cd_file = check_domain_path + domain +'.pl'
writeFile(cd_file,result)
except:
pass
2、检测收集的域名是否可用
文件:/www/server/panel/class/acme_v2.py(432行)
#从云端验证域名是否可访问
def cloud_check_domain(self,domain):
try:
result = requests.post('https://www.bt.cn/api/panel/check_domain',{"domain":domain,"ssl":1}).json()
return result['status']
except: return False
3、收集宝塔操作日志
文件:/www/server/panel/class/public.py(1622行)
保存:/www/server/panel/logs/request/
格式:[“2022-05-19 02:58:10”, “IP(电脑IP非服务器):1000”, “POST”, “/login?”, “用户 UA”, “{}”, 39]
#写关键请求日志
def write_request_log(reques = None):
try:
from BTPanel import request,g,session
if session.get('debug') == 1: return
if request.path in ['/service_status','/favicon.ico','/task','/system','/ajax','/control','/data','/ssl']:
return False
log_path = '{}/logs/request'.format(get_panel_path())
log_file = getDate(format='%Y-%m-%d') + '.json'
if not os.path.exists(log_path): os.makedirs(log_path)
log_data = []
log_data.append(getDate())
log_data.append(GetClientIp() + ':' + str(request.environ.get('REMOTE_PORT')))
log_data.append(request.method)
log_data.append(request.full_path)
log_data.append(request.headers.get('User-Agent'))
if request.method == 'POST':
args = str(request.form.to_dict())
if len(args) < 2048 and args.find('pass') == -1 and args.find('user') == -1:
log_data.append(args)
else:
log_data.append('{}')
else:
log_data.append('{}')
log_data.append(int((time.time() - g.request_time) * 1000))
WriteFile(log_path + '/' + log_file,json.dumps(log_data) + "\n",'a+')
rep_sys_path()
except: pass
我的宝塔也很久没更新了,然后去保存日志的位置查看,果然每天都会进行记录用户操作。
我打开了最新的 2022-05-19.json,里面记录了我的操作
["2022-04-06 21:58:36", "X:49859", "GET", "/phpmyadmin/themes/pmahomme/img/b_insrow.png?", "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36", "{}", 39]
["2022-04-06 21:58:36", "X:49796", "GET", "/phpmyadmin/themes/pmahomme/img/s_asc.png?", "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36", "{}", 30]
["2022-04-06 21:58:36", "X:49860", "GET", "/phpmyadmin/themes/pmahomme/img/b_empty.png?", "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36", "{}", 29]
["2022-04-06 21:58:36", "X:49802", "GET", "/phpmyadmin/themes/pmahomme/img/b_drop.png?", "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36", "{}", 39]
["2022-04-06 21:58:36", "X:49799", "GET", "/phpmyadmin/themes/pmahomme/img/b_browse.png?", "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36", "{}", 48]
["2022-04-06 21:58:36", "X:49797", "GET", "/phpmyadmin/themes/pmahomme/img/b_select.png?", "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36", "{}", 39]
4、打包收集的信息回传到宝塔服务器
文件:/www/server/panel/script/site_task.py(33行)
#面板日志分析统计
def logs_analysis():
logs_path = '/www/server/panel/logs/request/'
logs_tips = logs_path + 'tips/'
admin_path = public.readFile('/www/server/panel/data/admin_path.pl')
exolode_mods = ['data','warning','message','workorder','login','public','code','wxapp','webhook','webssh']
if admin_path:
很早就听人说这个request文件夹里收集信息。想问下我把request文件夹同名替换为一个文件,这样也可以吧
没试过,可能删改文件夹,也会重新生成