Infekcja na stronie czy nie ? jak sie upewnic

[Slowa]

Sprawdzam za pomoca pluginy Wp Auth Checker i wyskakuje mi az 160 lini dla pluginów oraz 2 dla theme ? Pomoże ktoś ocenić co to ??? I ewentualniejak samemu ocenić iewentualnie ocenić..

 

 

 

Plugin scan results STATUS: ( Malicious code found in 140 plugin files )
Themes scan results = STATUS: ( Malicious code found in 2 theme files )

Plugins scan results
Line 201: "base64_encode( 'api:' . $this->api_key ),..."
Edit: /tiny-compress-images/src/class-tiny-compress-fopen.php
Line 1737: "base64_encode($encapsulated)) ...."
Edit: /all-in-one-wp-migration/lib/vendor/math/BigInteger.php
Line 930: "base64 encoded values (Visual Composer)..."
Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 932: "base64_values_callback' ), $input );..."
Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 964: "base64 values (callback)..."
Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 969: "base64_values_callback( $matches ) {..."
Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 970: "base64 characters..."
Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 971: "base64_decode( strip_tags( $matches[1] ) ) );..."
Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 976: "base64 characters..."
Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 977: "base64_encode( rawurlencode( $input ) ) . '[/..."
Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 56: "base64_encode( "{$user}:{$password}" ) ) ) {..."
Edit: /all-in-one-wp-migration/lib/model/class-ai1wm-http.php
Line 124: "base64_encode( "{$user}:{$password}" ) ) ) {..."
Edit: /all-in-one-wp-migration/lib/model/class-ai1wm-http.php
Line 1193: "base64,'.base64_encode($this->menu_svg_color(..."
Edit: /above-the-fold-optimization/admin/admin.class.php
Line 1261: "base64_encode(hash($algorithm, $script['clien..."
Edit: /above-the-fold-optimization/includes/optimization.class.php
Line 500: "base64,R0lGOD' ) && ! strpos( $file, 'lazy-lo..."
Edit: /ewww-image-optimizer/common.php
Line 653: "base64,R0lGOD' ) && ! strpos( $file, 'lazy-lo..."
Edit: /ewww-image-optimizer/common.php
Line 724: "base64,R0lGOD' ) && $image->getAttribute( 'da..."
Edit: /ewww-image-optimizer/common.php
Line 759: "base64,R0lGOD' ) || strpos( $file, 'lazy-load..."
Edit: /ewww-image-optimizer/common.php
Line 2594: "base64,"+a[t]}function ewww_load_images(t){jQ..."
Edit: /ewww-image-optimizer/common.php
Line 2608: "base64,"+a[t]}function ewww_load_images(t){jQ..."
Edit: /ewww-image-optimizer/common.php
Line 304: "base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz..."
Edit: /wp-smushit/extras/dash-notice/wpmudev-dash-notification.php
Line 740: "base64_decode( $response->data->image ); //ba..."
Edit: /wp-smushit/lib/class-wp-smush.php
Line 384: "base64_encode( pack( 'H*', $md5 ) );..."
Edit: /w3-total-cache/CdnEngine_Azure.php
Line 220: "base64\r\n";..."
Edit: /w3-total-cache/lib/Google/Http/MediaFileUpload.php
Line 221: "base64_encode($this->data) . "\r\n";..."
Edit: /w3-total-cache/lib/Google/Http/MediaFileUpload.php
Line 28: "base64_encode($data);..."
Edit: /w3-total-cache/lib/Google/Utils.php
Line 44: "base64_decode($b64);..."
Edit: /w3-total-cache/lib/Google/Utils.php
Line 378: "base64 data urls, we need to handle..."
Edit: /w3-total-cache/lib/Minify/YUI-CSS-compressor-PHP-port-4.1.0/Minifier.php
Line 395: "base64 encoded URLs...."
Edit: /w3-total-cache/lib/Minify/YUI-CSS-compressor-PHP-port-4.1.0/Minifier.php
Line 396: "base64,') !== false) {..."
Edit: /w3-total-cache/lib/Minify/YUI-CSS-compressor-PHP-port-4.1.0/Minifier.php
Line 656: "base64_encode(md5_file($file, true))) : '', '..."
Edit: /w3-total-cache/lib/S3.php
Line 713: "base64_encode(md5($input, true)),..."
Edit: /w3-total-cache/lib/S3.php
Line 1276: "base64_encode($data));..."
Edit: /w3-total-cache/lib/S3.php
Line 1277: "base64_encode($signature));..."
Edit: /w3-total-cache/lib/S3.php
Line 1350: "base64_encode(str_replace('\/', '/', json_enc..."
Edit: /w3-total-cache/lib/S3.php
Line 1965: "base64_encode(extension_loaded('hash') ?..."
Edit: /w3-total-cache/lib/S3.php
Line 133: "base64_encode(hash_hmac('sha1', $base_string,..."
Edit: /w3-total-cache/lib/OAuth/W3tcOAuth.php
Line 213: "base64_encode($signature);..."
Edit: /w3-total-cache/lib/OAuth/W3tcOAuth.php
Line 217: "base64_decode($signature);..."
Edit: /w3-total-cache/lib/OAuth/W3tcOAuth.php
Line 346: "base64_encode("$value[0]:$value[1]");..."
Edit: /w3-total-cache/lib/Azure/GuzzleHttp/Client.php
Line 1606: "base64_encode(..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Blob/BlobRestProxy.php
Line 53: "base64 representation...."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/StorageServiceSettings.php
Line 115: "base64 string...."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/StorageServiceSettings.php
Line 181: "base64_decode will return false if the $key i..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/StorageServiceSettings.php
Line 183: "Base64String = base64_decode($key, true);..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/StorageServiceSettings.php
Line 184: "Base64String) {..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/StorageServiceSettings.php
Line 135: "base64_encode(..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Authentication/SharedKeyAuthScheme.php
Line 136: "base64_decode($this->accountKey), true)..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Authentication/SharedKeyAuthScheme.php
Line 117: "base64_encode(..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Authentication/TableSharedKeyLiteAuthScheme.php
Line 118: "base64_decode($this->accountKey), true)..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Authentication/TableSharedKeyLiteAuthScheme.php
Line 95: "base64 string. It has to pass the check 'base..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Resources.php
Line 188: "base64Binary'=>'string',..."
Edit: /w3-total-cache/lib/Nusoap/class.nusoap_base.php
Line 199: "base64Binary'=>'string','base64'=>'string','u..."
Edit: /w3-total-cache/lib/Nusoap/class.nusoap_base.php
Line 203: "base64Binary'=>'string','base64'=>'string','u..."
Edit: /w3-total-cache/lib/Nusoap/class.nusoap_base.php
Line 205: "base64'=>'string','array'=>'array','Array'=>'..."
Edit: /w3-total-cache/lib/Nusoap/class.nusoap_base.php
Line 474: "base64_encode(str_replace(':','',$username).'..."
Edit: /w3-total-cache/lib/Nusoap/class.soap_transport_http.php
Line 585: "base64_encode($proxyusername.':'.$proxypasswo..."
Edit: /w3-total-cache/lib/Nusoap/class.soap_transport_http.php
Line 188: "base64Binary'=>'string',..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 199: "base64Binary'=>'string','base64'=>'string','u..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 203: "base64Binary'=>'string','base64'=>'string','u..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 205: "base64'=>'string','array'=>'array','Array'=>'..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 2627: "base64_encode(str_replace(':','',$username).'..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 2738: "base64_encode($proxyusername.':'.$proxypasswo..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 6949: "base64' || $type == 'base64Binary') {..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 6950: "base64 value');..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 6951: "base64_decode($value);..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 502: "base64' || $type == 'base64Binary') {..."
Edit: /w3-total-cache/lib/Nusoap/class.soap_parser.php
Line 503: "base64 value');..."
Edit: /w3-total-cache/lib/Nusoap/class.soap_parser.php
Line 504: "base64_decode($value);..."
Edit: /w3-total-cache/lib/Nusoap/class.soap_parser.php
Line 1021: "base64_encode(hash_hmac('sha256', $stringto..."
Edit: /w3-total-cache/lib/SNS/sdk.class.php
Line 1072: "base64(md5($querystring));..."
Edit: /w3-total-cache/lib/SNS/sdk.class.php
Line 1135: "base64_encode(hash_hmac('sha256', $bytes_to_s..."
Edit: /w3-total-cache/lib/SNS/sdk.class.php
Line 1140: "base64_encode(hash_hmac('sha256', $stringto..."
Edit: /w3-total-cache/lib/SNS/sdk.class.php
Line 66: "base64_decode($message->get('Signature'));..."
Edit: /w3-total-cache/lib/SNS/services/MessageValidator/MessageValidator.php
Line 86: "Base64...."
Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 89: "Base64-encoded string...."
Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 91: "base64($str)..."
Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 100: "base64_encode($raw);..."
Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 328: "Base64 encoded or not...."
Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 330: "base64-decode.php#81425 PHP License..."
Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 332: "Base64 encoded or not...."
Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 334: "base64($s)..."
Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 803: "base64_encode(json_encode($list))...."
Edit: /wp-asset-clean-up/classes/Main.php
Line 875: "base64_decode($wpacuList);..."
Edit: /wp-asset-clean-up/classes/Main.php
Line 883: "base64_decode($contents);..."
Edit: /wp-asset-clean-up/classes/Main.php
Line 26: "base64_encode($data);..."
Edit: /wordpress-seo/vendor/yoast/api-libs/google/service/Google_Utils.php
Line 37: "base64_decode($b64);..."
Edit: /wordpress-seo/vendor/yoast/api-libs/google/service/Google_Utils.php
Line 134: "base64\r\n";..."
Edit: /wordpress-seo/vendor/yoast/api-libs/google/service/Google_MediaFileUpload.php
Line 135: "base64_encode($data) . "\r\n";..."
Edit: /wordpress-seo/vendor/yoast/api-libs/google/service/Google_MediaFileUpload.php
Line 268: "base64 (numeric + alpha + alpha upper case) w..."
Edit: /wordpress-seo/inc/sitemaps/class-sitemaps-cache-validator.php
Line 917: "base64 URL for the svg for use in the menu...."
Edit: /wordpress-seo/inc/class-wpseo-utils.php
Line 921: "base64 Whether or not to return base64'd outp..."
Edit: /wordpress-seo/inc/class-wpseo-utils.php
Line 925: "base64 = true ) {..."
Edit: /wordpress-seo/inc/class-wpseo-utils.php
Line 928: "base64 ) {..."
Edit: /wordpress-seo/inc/class-wpseo-utils.php
Line 929: "base64,' . base64_encode( $svg );..."
Edit: /wordpress-seo/inc/class-wpseo-utils.php
Line 2593: "base64_decode( $_GET[ 'uri' ] ) ) );..."
Edit: /wp-super-cache/wp-cache.php
Line 2599: "base64_decode( $_GET[ 'uri' ] ) ) ) );..."
Edit: /wp-super-cache/wp-cache.php
Line 2710: "base64_encode( $directory ) ) ), 'wp-cache' )..."
Edit: /wp-super-cache/wp-cache.php
Line 90: "base64 and date..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 94: "Base64')) {..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 95: "base64';..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 150: "base64':..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 312: "base64':..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 313: "base64_decode($this->_currentTagContents);..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 883: "Base64..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 888: "Base64..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 897: "Base64($data)..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 904: "base64>'.base64_encode($this->data).'</base64..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 998: "base64':..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 1056: "base64':..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 1057: "Base64('base64');..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 187: "base64_encode($username) . $this->CRLF);..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer-smtp.php
Line 205: "base64_encode($password) . $this->CRLF);..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer-smtp.php
Line 62: "base64", and "quoted-printable"...."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1126: "base64', $type = 'application/octet-stream')..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1214: "base64') {..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1247: "base64') {..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1250: "base64':..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1252: "base64_encode($str), 76, $this->LE);..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1314: "Base64EncodeWrapMB($str);..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1316: "base64_encode($str);..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1355: "Base64EncodeWrapMB($str) {..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1365: "Base64 has a 4:3 ratio..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1374: "base64_encode($chunk);..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1484: "base64', $type = 'application/octet-stream')..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1510: "base64', $type = 'application/octet-stream')..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1754: "base64',$mimeType) ) {..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1506: "base64_encode( $this->authentication() );..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.wp-http.php
Line 1102: "Base64 encoded image...."
Edit: /buddypress/bp-core/bp-core-avatars.php
Line 1119: "Base64 encoded image...."
Edit: /buddypress/bp-core/bp-core-avatars.php
Line 1268: "base64,', ' ' ), array( '', '+' ), $avatar_da..."
Edit: /buddypress/bp-core/bp-core-avatars.php
Line 1269: "base64_decode( $webcam_avatar );..."
Edit: /buddypress/bp-core/bp-core-avatars.php
Line 523: "base64_encode( wp_generate_password( 64, true..."
Edit: /buddypress/bp-core/admin/bp-core-admin-schema.php
Line 518: "base64_encode( wp_generate_password( 64, true..."
Edit: /buddypress/bp-core/bp-core-update.php
Line 156: "base64_decode( stripslashes( $_COOKIE['bp_com..."
Edit: /buddypress/bp-groups/bp-groups-actions.php
Line 275: "base64_encode( json_encode( $bp->groups->comp..."
Edit: /buddypress/bp-groups/bp-groups-actions.php
Line 37: "base64 Encoding..."
Edit: /tac/tac.php
Line 38: "base64 functions...."
Edit: /tac/tac.php
Line 48: "base64")) // Check for any base64 functions..."
Edit: /tac/tac.php
Line 54: "base64"), 0, 45))) . "...\"</div>";..."
Edit: /tac/tac.php

 

[theqkash]

@Slowa Istnieje małe prawdopodobieństwo, że jest jakiś problem z bezpieczeństwem i wirusami, ale niekoniecznie - zdecydowana większość wymienionych linii to standardowe linie, które się znajdują we wspomnianych plikach.

 

Jeśli chcesz, podeślij dostęp do FTP do mnie na pw, dokonam bezpłatnie sprawdzenia i powiem Ci co jest grane.

[Slowa]

Dnia 9.03.2018 o 22:03, theqkash napisał:

@Slowa Istnieje małe prawdopodobieństwo, że jest jakiś problem z bezpieczeństwem i wirusami, ale niekoniecznie - zdecydowana większość wymienionych linii to standardowe linie, które się znajdują we wspomnianych plikach.

 

Jeśli chcesz, podeślij dostęp do FTP do mnie na pw, dokonam bezpłatnie sprawdzenia i powiem Ci co jest grane.

 

Na czym to sprawdzenie polega ?

[theqkash]

2 godziny temu, Slowa napisał:

Na czym to sprawdzenie polega ?

Na tym, że przejrzę pliki które są w wykazie oraz pozostałe pliki w poszukiwaniu czegoś podejrzanego. Jeżeli coś będzie, dam znać.

 

1 godzinę temu, AdamBoganD napisał:

Wordfence

Wordfence nie działa poprawnie na niektórych zainfekowanych instalacjach.

[jimmi]

sporo tego syfu, chyba łatwiej postawić backup i go od razu zabezpieczyć.

[Slowa]

@AdamBoganD jakieś są dobre klienty FTP - które polecisz?

 

@jimmi  co to znaczy postawić backup? W sensie przywrócić czy tak ? 

A czy jest taka możliwość że nawet po przywróceniu backupu to dalej zostanie jakiś "syf" gdzieś obok na serwerze?

Jak najlepiej robić backup i czy ma to znaczenie wgle . To znaczy - samego wordpressa czy lepiej całego serwera ? Nie wiem nie znam się 

[piotr.k]

Problemem nie jest klient ftp ale sam protokół - należy korzystać z sftp/scp a to czy użyjesz winscp, filezilli, total commandera itp. nie ma znaczenia.

Wordfence to głównie złudzenia bezpieczeństwa, proponuję zapoznać się choćby z wpmagus.pl/pliki/prezentacje/mity-nie-bezpieczenstwa/

[Takitam]

Nie rozumiem jednej rzeczy, z całym szacunkiem dla twórcy poradnika od wpmagus-  Przecież ithemes security pro robi dokładnie to co w tym poradniku - i na stronie ithemes wyraźnie jest zaznaczone, że nie chroni to przed włamem lecz zmniejsza ryzyko ataku.  Ponadto daje możliwość dwuetapowego logowania, blokuje bruteforce, pozwala na banowanie ip itp...