我有一个网站突出显示为带有恶意软件。我发现88个文件被“ php_include_obf_local”感染,并删除了所有文件。但是每次删除时仍然有一个“文件夹”,它会不断自动创建自身……如何找到恶意软件从何处注入?它也是一个WordPress网站...
我查封了所有根文件,没有发现注入代码,我已经删除了88个受感染的文件。而且我还下载了一个数据库转储,并检查是否发现了任何有关恶意软件签名的引用!
以下是示例代码,该示例代码已加载到“ index.php”文件中...
[[<script type='text/javascript' language='javascript' > window._wpemojiSettings = { "baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source": { "concatemoji":"http:\/\/tie.com.sa\/site\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.2.2" } }; !function(a,b,c) { function d(a,b) { var c=String.fromCharCode; l.clearRect(0,0,k.width,k.height),l.fillText(c.apply(this,a),0,0); var d=k.toDataURL(); l.clearRect(0,0,k.width,k.height),l.fillText(c.apply(this,b),0,0); var e=k.toDataURL(); return d===e } function e(a) { var b; if(!l||!l.fillText)return!1; switch(l.textBaseline="top",l.font="600 32px Arial",a) { case"flag":return!(b=d([55356,56826,55356,56819],[55356,56826,8203,55356,56819]))%26%26(b=d([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]),!b); case"emoji":return b=d([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340]),!b } return!1 } function f(a) { var c=b.createElement("script"); c.src=a,c.defer=c.type="text/javascript",b.getElementsByTagName("head")[0].appendChild(c) } var g,h,i,j,k=b.createElement("canvas"),l=k.getContext%26%26k.getContext("2d"); for(j=Array("flag","emoji"),c.supports= { everything:!0,everythingExceptFlag:!0 } ,i=0; i<j.length; i++)c.supports[j[i]]=e(j[i]),c.supports.everything=c.supports.everything%26%26c.supports[j[i]],"flag"!==j[i]%26%26(c.supports.everythingExceptFlag=c.supports.everythingExceptFlag%26%26c.supports[j[i]]); c.supports.everythingExceptFlag=c.supports.everythingExceptFlag%26%26!c.supports.flag,c.DOMReady=!1,c.readyCallback=function() { c.DOMReady=!0 } ,c.supports.everything||(h=function() { c.readyCallback() } ,b.addEventListener?(b.addEventListener("DOMContentLoaded",h,!1),a.addEventListener("load",h,!1)):(a.attachEvent("onload",h),b.attachEvent("onreadystatechange",function() { "complete"===b.readyState%26%26c.readyCallback() } )),g=c.source|| { } ,g.concatemoji?f(g.concatemoji):g.wpemoji%26%26g.twemoji%26%26(f(g.twemoji),f(g.wpemoji))) } (window,document,window._wpemojiSettings); </script>]]
关于如何查找和解决此问题的任何想法?