为什么我的 Wordpress 文件名带有随机数 [英] Why does my Wordpress have file names with random numbers
问题描述
我是 WP 的新手,正在尝试帮助朋友清理他们被黑客入侵的网站.我看到名称如下的文件:
I'm new to WP and trying to help a friend clean up their site that had been hacked. I'm seeing files with names like:
wp-comments-post234.phpwp-trackback.php111571719714.php
有没有办法判断这些文件是否正在使用和/或它们是否是恶意的?
Is there a way to tell if these files are in use and/or if they are malicious?
推荐答案
这些文件不是原生 WordPress 文件.
These files are not native WordPress files.
如果您有 ssh 访问服务器的权限,例如:
If you have ssh access to the server you can for example:
设置全新安装并使用以下命令搜索这些可疑文件:
setup a clean install and search for these suspicious files with:
find /path/to/clean/wordpress/ -type f -name 'wp-comments-post234.php'
将整个受感染 WordPress 目录与干净的目录进行比较:
compare the whole infected WordPress directory to the clean one:
diff -r -q /path/to/clean/wordpress/ /path/to/infected/wordpress/ > diff.log
您可以在这里使用各种diff 参数.这里我们使用 -r 作为 递归 和 -q 作为 brief 或 仅输出文件是否不同.
where you can play with the various diff parameters. Here we use -r for recursive and -q for brief or Output only whether files differ.
使用@evanv 的好建议找到修改过的文件并运行:
use the good suggestion from @evanv to find modified files and run:
find /path/to/infected/wordpress/ -type f -mtime -7
查找上周(7 天)内修改的文件.使用 -ctime 表示文件 创建 时间,-atime 表示文件 访问 时间.
to find files modified within the last week (7 days). Use -ctime for file creation time and -atime for file access time.
但您应该考虑重新安装 WordPress 并浏览以下 Codex 页面:
But you should consider re-installing WordPress and go through the following Codex pages:
并检查那里提到的参考文献.
and check the references mentioned there.
这篇关于为什么我的 Wordpress 文件名带有随机数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
