在我的worpdress网站主页上有人注入脚本

时间:2018-03-30 12:17:08

标签: javascript wordpress security code-injection

我有WordPress网站。在我的主页中有人在我的帖子div之后添加了一些脚本我试图找出如何删除它但脚本是动态的,

我猜我的网站被某人黑客攻击

在这里,我将分享由某人function 7a3() {var h = document.head;if (!h) { h = document.getElementsByTagName(“head”); h = h[0]; }var s = document.createElement(“style”);s.type = “text/css”;var c = “#swboc-10o{display:flex; overflow:hidden; margin:0px}#home-right-bottom #swboc-10o>*{width:497px; flex-shrink:0; margin:0}#swboc-10o>#swboc-10{margin-left:-497px; flex-shrink:1; background-color:rgb(255, 255, 255); width:100%}@media only screen and (max-width: 1024px) and (min-width: 960px) {#swboc-10o{float: left; margin: 0 25px;}}“;if(s.styleSheet) s.styleSheet.cssText = c; else s.appendChild(document.createTextNode(c)); h.appendChild(s);}

注入的脚本
<script>function erewhonf75() {var h = document.head;if (!h) { h = document.getElementsByTagName("head"); h = h[0]; }var s = document.createElement("style");s.type = "text/css";var c = "#erewhon-f75o{display:flex; overflow:hidden; margin:10px 0px}#erewhon-f75o>*{width:407px; flex-shrink:0; margin:0}#erewhon-f75o>#erewhon-f75{margin-left:-407px; flex-shrink:1; background-color:rgb(255, 255, 255); width:100%}";if(s.styleSheet) s.styleSheet.cssText = c; else s.appendChild(document.createTextNode(c)); h.appendChild(s);}</script> 

和HTML标记是

  <div><a href="https://cialrx.com/">Cialis 10 mg</a> proved to be a really reliable drug that helps me in dealing with women. I accept it two or three hours before the meeting. When it starts to work, I feel a rush of blood to my face, a small stuffiness in my nose, but eventually it all descends to the genitals. The effect is only positive, lasting several days.</div><p id="erewhon-f75">Erewhon Santa Monica features a beautiful patio, terraced courtyard, and a street-level view of Erewhon’s open kitchen. Erewhon has been independent and family-owned for fifty years. We are proud to work with innovative and passionate vendors and farmers to bring you a unique mix of products, held to the highest standards. Hope to see you soon!</p></div>
<script>erewhonf75();</script></li></ul></div></div>

我不知道这个脚本和HTML div

我在所有项目中都进行了搜索但是我无法找到任何东西,任何人都不知道我的网站会发生什么事

2 个答案:

答案 0 :(得分:1)

最好的办法是使用Wordfence(这是一个插件,还有一个免费版本)运行扫描。大多数代码注入都是通过eval(base64_decode)片段完成的。它可能在你的functions.php文件中,但它们可能会炸毁每个php文件。

底线:安装Wordfence或任何其他扫描工具,并按照它给出的说明进行操作。确保更新所有插件和Wordpress版本。如果在git中跟踪主题代码,您也可以比较代码并从master中拉出以删除所有废话。

答案 1 :(得分:-2)

尝试文件style.css a[href="https://cialrx.com/"]{ display: none; }

然后更改密码并登录。