防止执行恶意软件javascript [英] prevent malware javascript from executing
问题描述
我正在使用wordpress网站,发现一个恶意软件脚本,每当我尝试保存页面并在所见即所得中单击文本面板时,就会将恶意软件javascript标签自动添加到该页面.这是自动添加的脚本.
i am using a wordpress site, and i found a malware script, whenever i try to save page and click on text panel in WYSIWYG, a malware javascript tag is automatically added to the page. here is the script that is automatically added.
<script type="text/javascript" src="http://cracks4free.info/5/adds.js" async=""></script>
我尝试通过以下代码删除src文件.但是它不起作用,该脚本在body标记关闭之前最后执行.我尝试使用此脚本,但是恶意软件脚本在所有JavaScript加载后加载.这是我的代码.
i tried to remove the src file by the following code. but it didn't work, The script executes last before the closing of body tag. I tried using this script, but the malware script loads after all javascript loaded. here is my code.
<script type="text/javascript">
$("script[src='http://cracks4free.info/5/adds.js']").remove()
</script>
我需要删除此代码,或防止通过javasript,jquery,ajax等任何代码执行此代码.谢谢
I need to remove this code, or prevent this code from executing through javasript, jquery, ajax anything.. Just want to get rid of this. Thanks
推荐答案
如果您的服务器已受到威胁,则需要对其进行重建:
If your server has been compromised you need to rebuild it:
- 导出您现有的内容
- 使用最新的wordpress版本重建框
- 导入您的内容
- 定期应用安全更新
尝试使用javascript清理内容不是解决方案.您已经安装了受损的Wordpress,并且其他一些脚本小子添加了自己的个人风格,这还是一个时间问题,或者更糟的事情会发生.
Trying to use javascript to clean up the content is not a solution. You've got a compromised Wordpress installation and it's a matter of time before some other script-kiddy adds their own personal touches, or something worse happens.
这篇关于防止执行恶意软件javascript的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!