WordPress没有回应

Question

我有一个被黑客攻击的WordPress网站，攻击者设法使用php代码利用邮件系统，我清理了代码，但似乎网站没有像过去那样响应（http://heroleads.com/thailand）

我查看了日志，似乎php进程被杀了，我无法弄清楚问题

Oct 23 07:07:41 leadhero lfd[46958]: *Suspicious Process* PID:46217 PPID:29512 User:herolead Uptime:75 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:07:41 leadhero lfd[46958]: *User Processing* PID:46920 Kill:0 User:herolead VM:245(MB) EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/wp-admin/admin-ajax.php Oct 23 07:07:41 leadhero lfd[46958]: *User Processing* PID:46905 Kill:0 User:herolead VM:261(MB) EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/wp-admin/admin-ajax.php Oct 23 07:08:41 leadhero lfd[47294]: *Suspicious Process* PID:46605 PPID:41522 User:herolead Uptime:114 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:08:41 leadhero lfd[47294]: *Suspicious Process* PID:46855 PPID:35891 User:herolead Uptime:75 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:09:41 leadhero lfd[47837]: *Suspicious Process* PID:47213 PPID:29156 User:herolead Uptime:75 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:09:41 leadhero lfd[47837]: *User Processing* PID:47657 Kill:0 User:herolead VM:273(MB) EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/wp-admin/admin.php Oct 23 07:10:41 leadhero lfd[48098]: *Suspicious Process* PID:47758 PPID:44027 User:herolead Uptime:75 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:10:42 leadhero lfd[48098]: *User Processing* PID:48004 Kill:0 User:herolead VM:277(MB) EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/wp-admin/admin-ajax.php Oct 23 07:11:42 leadhero lfd[48550]: *Suspicious Process* PID:48055 PPID:47692 User:herolead Uptime:75 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:11:42 leadhero lfd[48546]: *Email Queue* The exim delivery queue size is 85987 Oct 23 07:12:42 leadhero lfd[48834]: *Suspicious Process* PID:48498 PPID:46614 User:herolead Uptime:76 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:13:42 leadhero lfd[49101]: *Suspicious Process* PID:48785 PPID:43139 User:herolead Uptime:76 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:13:57 leadhero lfd[49334]: *Exceeded LOCALRELAY limit* from nfp (101 in the last hour) Oct 23 07:14:42 leadhero lfd[49470]: *Suspicious Process* PID:48977 PPID:44027 User:herolead Uptime:76 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:15:42 leadhero lfd[49635]: *Suspicious Process* PID:49444 PPID:41522 User:herolead Uptime:76 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:15:42 leadhero lfd[49635]: *User Processing* PID:49628 Kill:0 User:herolead VM:245(MB) EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/wp-admin/admin-ajax.php Oct 23 07:16:42 leadhero lfd[50157]: *Suspicious Process* PID:49596 PPID:29156 User:herolead Uptime:76 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:16:43 leadhero lfd[50155]: *Suspicious File* /tmp/index.php [leadhero:leadhero (508:506)] - Script, file extension

Answer 1

您可以尝试使用https://wordpress.org/plugins/wordfence/扫描功能扫描网站。我认为您的网站中存在一些恶意软件。 Wordfence扫描功能可以检测常见的恶意软件，它已经帮助了我很多次。

此致

阿迪

Answer 2

提供的日志是LFD loges，显示您的站点正在使用一些额外的内存并花费一些时间在您的服务器上执行php进程。我建议您使用http://sitecheck.sucuri.net/检查您的网站，并在您的帐户中安装BulletProof Security或Wordfence安全插件以保护您的网站。

此外，我可以看到您拥有超级用户权限，因此请尝试使用maldet扫描您的帐户。