简体繁体 English

帖子内的WordPress主题垃圾邮件链接

[英]Wordpress theme spam links inside posts

原文 2016-09-27 16:32:36 3 1 php/ jquery/ html/ wordpress

I'm creating my own theme in Wordpress. 我正在Wordpress中创建自己的主题。 Suddenly in my posts i got random links leading to viagra companies.. can't earse them. 突然在我的帖子中，我得到了一些通向伟哥公司的随机链接。 I already: 我已经：

Checked on plenty malware website scanners - all clear 检查了大量恶意软件网站扫描程序-全部清除
Turned off all plugins - links still appear 关闭所有插件-链接仍然出现
Changed theme - links disappear 主题已更改-链接消失

Moreover i had my own excerpt in functions.php. 此外，我在functions.php中有自己的摘录。 When i clear it and make default excerpt links disappear but also mine links. 当我清除它并使其默认摘录链接消失，但我的链接。 When i tried various ways of changing excerpt to display links (for ex. https://wordpress.stackexchange.com/questions/141125/allow-html-in-excerpt ) i always get spam links back. 当我尝试了多种方法来更改摘录以显示链接时（例如https://wordpress.stackexchange.com/questions/141125/allow-html-in-excerpt ），我总是会收到垃圾邮件链接。

I'm out of ideas. 我没主意了。 I also searched my files for some "unwanted" code but haven't found anything. 我还在文件中搜索了一些“不需要的”代码，但未找到任何内容。 Something is wrong with my theme for sure but i cannot find what. 我的主题肯定有问题，但是我找不到。

Will be grateful for any help. 将不胜感激。 Link to my website: www.weterynariagalecki.pl 链接到我的网站：www.weterynariagalecki.pl

1 个解决方案

This happens to Drupal sites a lot, I presume the same holds true for Wordpress. Drupal网站经常发生这种情况，我认为Wordpress也是如此。

Have a look at the root file system where your files are hosted. 看一下托管文件的根文件系统。 You'll probably see a file in there with 000 file permissions. 您可能会在其中看到具有000文件权限的文件。 Pretty good chance it'll be called something like page nn -sql.php or something like similar to that. 很有可能它会被称为nn -sql.php页面或类似的名称。 Could also be that index.php got replaced (again, check permissions). 也可能是index.php被替换了（再次，检查权限）。

Here is an exerpt from the Drupal.org page on how to deal with this type of hack. 这是Drupal.org页面上的摘录，内容涉及如何处理此类黑客。 Again, I know it applies to Drupal, but I believe your problem is the same: 同样，我知道它适用于Drupal，但我相信您的问题是相同的：

Where do attackers exploit Drupal systems? 攻击者在哪里利用Drupal系统？

index.php, or really any code file A common hack is simply to modify the index.php or any code file in the site such as a template file. index.php或实际上是任何代码文件一个常见的技巧就是修改index.php或站点中的任何代码文件，例如模板文件。 The methods are various: 方法多种多样：

A virus on the computer used to administer the site which uses stored credentials in a FTP tool to edit and upload the files (seriously). 用于管理站点的计算机上的病毒，该病毒使用FTP工具中存储的凭据来（严重）编辑和上传文件。 Arbitrary code execution on the server and loose server file permissions used to edit or overwrite a file. 服务器上的任意代码执行以及用于编辑或覆盖文件的宽松服务器文件权限。 Arbitrary file upload which was used to upload a command shell which was then used to modify the code. 任意文件上载，用于上载命令外壳，然后用于修改代码。 Compare all code files to known good copies, either in the revision control system or from drupal.org (the hacked! module can help with that.) 在版本控制系统中或从drupal.org中将所有代码文件与已知的良好副本进行比较（hacked！模块可以提供帮助）。

Look for files on the server that are NOT part of your known Drupal codebase, eg modules/system/qseboj.php 在服务器上查找不属于您已知的Drupal代码库的文件，例如modules / system / qseboj.php

Review the files in the "files" directory to ensure they are all appropriate. 查看“文件”目录中的文件，以确保它们均适当。

It may be helpful to review the combined metadata of owner, group, permissions and timestamps as a fingerprint of the files on the server. 将所有者，组，权限和时间戳的组合元数据作为服务器上文件的指纹进行检查可能会有所帮助。 If most of the files have one fingerprint and a single other file has a different fingerprint (eg edited about when the attack started) that can help you understand what happened. 如果大多数文件具有一个指纹，而另一个文件具有不同的指纹（例如，有关攻击何时开始进行编辑），则可以帮助您了解发生了什么。