Fara un exemplu de cautare in care apare aceasta problema nu putem sa ne dam seama.
Versiune printabilă
Fara un exemplu de cautare in care apare aceasta problema nu putem sa ne dam seama.
Presupunand ca ai doar cod injectat care utilizeaza functia eval iti recomand acest plugin care scaneaza wp si iti arata un este utilizata functia eval.
Apoi urmeaza treaba ta. Verifici unde apare folosita functia eval si daca codul respectiv nu ar trebui sa apara acolo il stergi.
Inainte de a te apuca de treaba iti recomand un backup complet si trebuie sa ai mare grija ce stergi. Acest plugin doar scaneaza wp, restul e munca ta.
Pe viitor poti cere celor care iti gazduiesc site-ul sa iti dezactiveze anumite functii care fac php vulnerabil. Trebuie sa te asiguri intai ca nu vei folosi niciuna din ele. Un articol ajutator: How to prevent base 64 encode attack - Thonky's How To Guides and Help
Sper sa te ajute. Daca nu rezolvi ne anunti sa mai cautam solutii.
Momentan am cerut ajutorul celor de la sucuri.net ofera un pachet si un plugin asemanator, problema e ca pluginul lor doar iti arata ce nu e bine, iar rezolvarea o fac supportul tehnic.
Acum fac backup-ul si apoi folosesc si pluginul tau.
--- Later Edit --- (ca mi-a fost lene sa apas "Edit")
Revin cu un mic UPDATE, se pare ca multumita pluginului sucuri.net, am reusit sa gasesc pozitia acestui base64_decode.
Astept ceva indicatii cum as putea face un update rapid la site, incat sa vad daca acele linkuri sau redirecte mai sunt facute.
--- Later Edit --- (ca mi-a fost lene sa apas "Edit")
pentru cei interesati, codul base64_decode era adaugat in wp-includes/pluggable.php. Momentan nu am reusit sa descopar cauza, o sa revin cu alte detalii.
--- Later Edit --- (ca mi-a fost lene sa apas "Edit")
Asa cum am promis, am revenit cu un update, iata ce au raspuns cei de la sucuri dupa ticket-ul trimis :
OK: Hardening ./wp-admin/setup-config.php on WordPress
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine18.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine7.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine20.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine12.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine10.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine1.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine15.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine22.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine5.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine14.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine16.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine4.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine11.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine19.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine8.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine2.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine21.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine6.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine9.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine13.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine3.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine23.php
OK: Removing backdoor from uploads directory: ./wp-content/uploads/2011/10/imagine17.php
CLEARED: Malware found on file: ./wp-content/plugins/exploit-scanner/exploit-scanner.php