东西在写我的htaccess
[英]Something is writing my htaccess
问题描述
I have a web site built with codeigniter, and I installed last year wordpress to have a blog. 
我有一个使用Codeigniter构建的网站,去年我安装了wordpress来拥有一个博客。 But since 3 weeks ago the problem began when I tried to access my admin site and appear the codeigniter 404 error. 但是从3周前开始,当我尝试访问管理网站并出现codeigniter 404错误时,问题就开始了。 So I realized that the problem was the .htaccess an somehow was written by something. 因此我意识到问题是.htaccess,它是由某种方式编写的。 And I think is wordpress, I remove the code that was added and everything was fine, but again the htaccess was written, so I deleted my blog folder that contains all wordpress file and the problem was there again, then I delete the wp_ tables from my Database, but the problem was still there. 我认为是wordpress,删除了添加的代码,一切都很好,但是再次写入了htaccess,所以我删除了包含所有wordpress文件的Blog文件夹,问题再次出现,然后从中删除了wp_表我的数据库,但问题仍然存在。 The code that has been written is: 编写的代码是:
# BEGIN SYSTEM API
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^al/(.*)$ myfolder/wp-inf.php?$1 [L]
# END SYSTEM API
I searched for the wp-inf.php file and I found something like this: 我搜索了wp-inf.php文件,发现以下内容:
<? eval(base64_decode("ICAgIGVycm9yX3JlcG9ydGluZygwKTsgICRscnUgPSAiZ2c.....")); ?>
I don't know what to do or where to find the file that has been writing my htaccess. 我不知道该怎么办,或者在哪里可以找到写入htaccess的文件。 I have been cleaning and deleting some files, but nothing. 我一直在清理和删除一些文件,但是什么也没有。
Hope you can help me with this. 希望你能帮我这个忙。 Thank you 谢谢
Edited:****** If I decode what is inside base64_decode appear this: 编辑:******如果我解码base64_decode里面的内容,则会显示以下内容:
error_reporting(0); $lru = "gg/4623696-260514551155404-520n89823525745/765s127r625o9
(edited)
}echo $result; exit; }
1 个解决方案
解决方案1
0 2015-02-27 18:06:28
Well creating a new server and transfering the data wont help because its the files that are writing your htaccess and not an access issue. 很好地创建新服务器并传输数据将无济于事,因为它正在写入htaccess的文件而不是访问问题。 What you have to do is search all your files for 'base64_decode' and 'eval', and see if these files are default from wordpress or are created and named to confuse for example there is no file called wp-inf.php by default in wordpress. 您要做的是在所有文件中搜索“ base64_decode”和“ eval”,然后查看这些文件是否是wordpress的默认文件,或者是否创建并命名为混淆文件,例如,在默认情况下,没有名为wp-inf.php的文件。 WordPress的。 These 2 functions are 90% of the times used for malicious intentions. 这两个功能占恶意意图使用时间的90%。
- Base64_decode is used to decode any encoded string so that its difficult to read and search for (obfuscate). Base64_decode用于对任何编码的字符串进行解码,以使其难以读取和搜索(混淆)。
- Eval is used to execute any php code thats given to it. Eval用于执行提供给它的任何php代码。
You can use this decoder to decode the actual code and see what the intention was. 您可以使用此解码器解码实际代码,并查看其意图。 https://www.base64decode.org/ https://www.base64decode.org/
Another way would be to compare your folder structure with the orignal wordpress structure. 另一种方法是将您的文件夹结构与原始的wordpress结构进行比较。
To avoid this in future, try never to use any nulled theme or plugins. 为了避免将来发生这种情况,请尽量不要使用任何空主题或插件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.