administrator 发表于 2023-3-19 22:28:47

惊爆:宝塔面板留后门搜集隐私信息,附紧急修复方案

宝塔面板7.7.0

https://github.com/8838/btpanel-v7.7.0


[*]curl -sSO https://raw.githubusercontent.co ... ll/install_panel.sh && bash install_panel.sh
[*]
[*]1,屏蔽手机号
[*]sed -i "s|bind_user == 'True'|bind_user == 'XXXX'|" /www/server/panel/BTPanel/static/js/index.js
[*]2,删除强制绑定手机js文件
[*]rm -f /www/server/panel/data/bind.pl
[*]3,手动解锁宝塔所有付费插件为永不过期
[*]文件路径:/www/server/panel/data/plugin.json
[*]搜索字符串:"endtime": -1全部替换为"endtime": 999999999999
[*]4,给plugin.json文件上锁防止自动修复为免费版
[*]chattr +i /www/server/panel/data/plugin.json
[*]





echo "" > /www/server/panel/script/site_task.py

chattr +i /www/server/panel/script/site_task.py

rm -rf /www/server/panel/logs/request/*

chattr +i -R /www/server/panel/logs/request

页: [1]
查看完整版本: 惊爆:宝塔面板留后门搜集隐私信息,附紧急修复方案