Skocz do zawartości

Infekcja na stronie czy nie ? jak sie upewnic


Slowa

Rekomendowane odpowiedzi

Sprawdzam za pomoca pluginy Wp Auth Checker i wyskakuje mi az 160 lini dla pluginów oraz 2 dla theme ? Pomoże ktoś ocenić co to ??? I ewentualniejak samemu ocenić iewentualnie ocenić..

 

 

 

Plugin scan results STATUS: ( Malicious code found in 140 plugin files )
Themes scan results = STATUS: ( Malicious code found in 2 theme files )

Plugins scan results
Line 201: "base64_encode( 'api:' . $this->api_key ),..."
Edit: /tiny-compress-images/src/class-tiny-compress-fopen.php
Line 1737: "base64_encode($encapsulated)) ...."
Edit: /all-in-one-wp-migration/lib/vendor/math/BigInteger.php
Line 930: "base64 encoded values (Visual Composer)..."
Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 932: "base64_values_callback' ), $input );..."
Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 964: "base64 values (callback)..."
Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 969: "base64_values_callback( $matches ) {..."
Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 970: "base64 characters..."
Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 971: "base64_decode( strip_tags( $matches[1] ) ) );..."
Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 976: "base64 characters..."
Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 977: "base64_encode( rawurlencode( $input ) ) . '[/..."
Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 56: "base64_encode( "{$user}:{$password}" ) ) ) {..."
Edit: /all-in-one-wp-migration/lib/model/class-ai1wm-http.php
Line 124: "base64_encode( "{$user}:{$password}" ) ) ) {..."
Edit: /all-in-one-wp-migration/lib/model/class-ai1wm-http.php
Line 1193: "base64,'.base64_encode($this->menu_svg_color(..."
Edit: /above-the-fold-optimization/admin/admin.class.php
Line 1261: "base64_encode(hash($algorithm, $script['clien..."
Edit: /above-the-fold-optimization/includes/optimization.class.php
Line 500: "base64,R0lGOD' ) && ! strpos( $file, 'lazy-lo..."
Edit: /ewww-image-optimizer/common.php
Line 653: "base64,R0lGOD' ) && ! strpos( $file, 'lazy-lo..."
Edit: /ewww-image-optimizer/common.php
Line 724: "base64,R0lGOD' ) && $image->getAttribute( 'da..."
Edit: /ewww-image-optimizer/common.php
Line 759: "base64,R0lGOD' ) || strpos( $file, 'lazy-load..."
Edit: /ewww-image-optimizer/common.php
Line 2594: "base64,"+a[t]}function ewww_load_images(t){jQ..."
Edit: /ewww-image-optimizer/common.php
Line 2608: "base64,"+a[t]}function ewww_load_images(t){jQ..."
Edit: /ewww-image-optimizer/common.php
Line 304: "base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz..."
Edit: /wp-smushit/extras/dash-notice/wpmudev-dash-notification.php
Line 740: "base64_decode( $response->data->image ); //ba..."
Edit: /wp-smushit/lib/class-wp-smush.php
Line 384: "base64_encode( pack( 'H*', $md5 ) );..."
Edit: /w3-total-cache/CdnEngine_Azure.php
Line 220: "base64\r\n";..."
Edit: /w3-total-cache/lib/Google/Http/MediaFileUpload.php
Line 221: "base64_encode($this->data) . "\r\n";..."
Edit: /w3-total-cache/lib/Google/Http/MediaFileUpload.php
Line 28: "base64_encode($data);..."
Edit: /w3-total-cache/lib/Google/Utils.php
Line 44: "base64_decode($b64);..."
Edit: /w3-total-cache/lib/Google/Utils.php
Line 378: "base64 data urls, we need to handle..."
Edit: /w3-total-cache/lib/Minify/YUI-CSS-compressor-PHP-port-4.1.0/Minifier.php
Line 395: "base64 encoded URLs...."
Edit: /w3-total-cache/lib/Minify/YUI-CSS-compressor-PHP-port-4.1.0/Minifier.php
Line 396: "base64,') !== false) {..."
Edit: /w3-total-cache/lib/Minify/YUI-CSS-compressor-PHP-port-4.1.0/Minifier.php
Line 656: "base64_encode(md5_file($file, true))) : '', '..."
Edit: /w3-total-cache/lib/S3.php
Line 713: "base64_encode(md5($input, true)),..."
Edit: /w3-total-cache/lib/S3.php
Line 1276: "base64_encode($data));..."
Edit: /w3-total-cache/lib/S3.php
Line 1277: "base64_encode($signature));..."
Edit: /w3-total-cache/lib/S3.php
Line 1350: "base64_encode(str_replace('\/', '/', json_enc..."
Edit: /w3-total-cache/lib/S3.php
Line 1965: "base64_encode(extension_loaded('hash') ?..."
Edit: /w3-total-cache/lib/S3.php
Line 133: "base64_encode(hash_hmac('sha1', $base_string,..."
Edit: /w3-total-cache/lib/OAuth/W3tcOAuth.php
Line 213: "base64_encode($signature);..."
Edit: /w3-total-cache/lib/OAuth/W3tcOAuth.php
Line 217: "base64_decode($signature);..."
Edit: /w3-total-cache/lib/OAuth/W3tcOAuth.php
Line 346: "base64_encode("$value[0]:$value[1]");..."
Edit: /w3-total-cache/lib/Azure/GuzzleHttp/Client.php
Line 1606: "base64_encode(..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Blob/BlobRestProxy.php
Line 53: "base64 representation...."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/StorageServiceSettings.php
Line 115: "base64 string...."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/StorageServiceSettings.php
Line 181: "base64_decode will return false if the $key i..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/StorageServiceSettings.php
Line 183: "Base64String = base64_decode($key, true);..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/StorageServiceSettings.php
Line 184: "Base64String) {..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/StorageServiceSettings.php
Line 135: "base64_encode(..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Authentication/SharedKeyAuthScheme.php
Line 136: "base64_decode($this->accountKey), true)..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Authentication/SharedKeyAuthScheme.php
Line 117: "base64_encode(..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Authentication/TableSharedKeyLiteAuthScheme.php
Line 118: "base64_decode($this->accountKey), true)..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Authentication/TableSharedKeyLiteAuthScheme.php
Line 95: "base64 string. It has to pass the check 'base..."
Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Resources.php
Line 188: "base64Binary'=>'string',..."
Edit: /w3-total-cache/lib/Nusoap/class.nusoap_base.php
Line 199: "base64Binary'=>'string','base64'=>'string','u..."
Edit: /w3-total-cache/lib/Nusoap/class.nusoap_base.php
Line 203: "base64Binary'=>'string','base64'=>'string','u..."
Edit: /w3-total-cache/lib/Nusoap/class.nusoap_base.php
Line 205: "base64'=>'string','array'=>'array','Array'=>'..."
Edit: /w3-total-cache/lib/Nusoap/class.nusoap_base.php
Line 474: "base64_encode(str_replace(':','',$username).'..."
Edit: /w3-total-cache/lib/Nusoap/class.soap_transport_http.php
Line 585: "base64_encode($proxyusername.':'.$proxypasswo..."
Edit: /w3-total-cache/lib/Nusoap/class.soap_transport_http.php
Line 188: "base64Binary'=>'string',..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 199: "base64Binary'=>'string','base64'=>'string','u..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 203: "base64Binary'=>'string','base64'=>'string','u..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 205: "base64'=>'string','array'=>'array','Array'=>'..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 2627: "base64_encode(str_replace(':','',$username).'..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 2738: "base64_encode($proxyusername.':'.$proxypasswo..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 6949: "base64' || $type == 'base64Binary') {..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 6950: "base64 value');..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 6951: "base64_decode($value);..."
Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 502: "base64' || $type == 'base64Binary') {..."
Edit: /w3-total-cache/lib/Nusoap/class.soap_parser.php
Line 503: "base64 value');..."
Edit: /w3-total-cache/lib/Nusoap/class.soap_parser.php
Line 504: "base64_decode($value);..."
Edit: /w3-total-cache/lib/Nusoap/class.soap_parser.php
Line 1021: "base64_encode(hash_hmac('sha256', $stringto..."
Edit: /w3-total-cache/lib/SNS/sdk.class.php
Line 1072: "base64(md5($querystring));..."
Edit: /w3-total-cache/lib/SNS/sdk.class.php
Line 1135: "base64_encode(hash_hmac('sha256', $bytes_to_s..."
Edit: /w3-total-cache/lib/SNS/sdk.class.php
Line 1140: "base64_encode(hash_hmac('sha256', $stringto..."
Edit: /w3-total-cache/lib/SNS/sdk.class.php
Line 66: "base64_decode($message->get('Signature'));..."
Edit: /w3-total-cache/lib/SNS/services/MessageValidator/MessageValidator.php
Line 86: "Base64...."
Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 89: "Base64-encoded string...."
Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 91: "base64($str)..."
Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 100: "base64_encode($raw);..."
Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 328: "Base64 encoded or not...."
Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 330: "base64-decode.php#81425 PHP License..."
Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 332: "Base64 encoded or not...."
Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 334: "base64($s)..."
Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 803: "base64_encode(json_encode($list))...."
Edit: /wp-asset-clean-up/classes/Main.php
Line 875: "base64_decode($wpacuList);..."
Edit: /wp-asset-clean-up/classes/Main.php
Line 883: "base64_decode($contents);..."
Edit: /wp-asset-clean-up/classes/Main.php
Line 26: "base64_encode($data);..."
Edit: /wordpress-seo/vendor/yoast/api-libs/google/service/Google_Utils.php
Line 37: "base64_decode($b64);..."
Edit: /wordpress-seo/vendor/yoast/api-libs/google/service/Google_Utils.php
Line 134: "base64\r\n";..."
Edit: /wordpress-seo/vendor/yoast/api-libs/google/service/Google_MediaFileUpload.php
Line 135: "base64_encode($data) . "\r\n";..."
Edit: /wordpress-seo/vendor/yoast/api-libs/google/service/Google_MediaFileUpload.php
Line 268: "base64 (numeric + alpha + alpha upper case) w..."
Edit: /wordpress-seo/inc/sitemaps/class-sitemaps-cache-validator.php
Line 917: "base64 URL for the svg for use in the menu...."
Edit: /wordpress-seo/inc/class-wpseo-utils.php
Line 921: "base64 Whether or not to return base64'd outp..."
Edit: /wordpress-seo/inc/class-wpseo-utils.php
Line 925: "base64 = true ) {..."
Edit: /wordpress-seo/inc/class-wpseo-utils.php
Line 928: "base64 ) {..."
Edit: /wordpress-seo/inc/class-wpseo-utils.php
Line 929: "base64,' . base64_encode( $svg );..."
Edit: /wordpress-seo/inc/class-wpseo-utils.php
Line 2593: "base64_decode( $_GET[ 'uri' ] ) ) );..."
Edit: /wp-super-cache/wp-cache.php
Line 2599: "base64_decode( $_GET[ 'uri' ] ) ) ) );..."
Edit: /wp-super-cache/wp-cache.php
Line 2710: "base64_encode( $directory ) ) ), 'wp-cache' )..."
Edit: /wp-super-cache/wp-cache.php
Line 90: "base64 and date..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 94: "Base64')) {..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 95: "base64';..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 150: "base64':..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 312: "base64':..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 313: "base64_decode($this->_currentTagContents);..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 883: "Base64..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 888: "Base64..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 897: "Base64($data)..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 904: "base64>'.base64_encode($this->data).'</base64..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 998: "base64':..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 1056: "base64':..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 1057: "Base64('base64');..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 187: "base64_encode($username) . $this->CRLF);..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer-smtp.php
Line 205: "base64_encode($password) . $this->CRLF);..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer-smtp.php
Line 62: "base64", and "quoted-printable"...."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1126: "base64', $type = 'application/octet-stream')..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1214: "base64') {..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1247: "base64') {..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1250: "base64':..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1252: "base64_encode($str), 76, $this->LE);..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1314: "Base64EncodeWrapMB($str);..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1316: "base64_encode($str);..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1355: "Base64EncodeWrapMB($str) {..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1365: "Base64 has a 4:3 ratio..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1374: "base64_encode($chunk);..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1484: "base64', $type = 'application/octet-stream')..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1510: "base64', $type = 'application/octet-stream')..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1754: "base64',$mimeType) ) {..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1506: "base64_encode( $this->authentication() );..."
Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.wp-http.php
Line 1102: "Base64 encoded image...."
Edit: /buddypress/bp-core/bp-core-avatars.php
Line 1119: "Base64 encoded image...."
Edit: /buddypress/bp-core/bp-core-avatars.php
Line 1268: "base64,', ' ' ), array( '', '+' ), $avatar_da..."
Edit: /buddypress/bp-core/bp-core-avatars.php
Line 1269: "base64_decode( $webcam_avatar );..."
Edit: /buddypress/bp-core/bp-core-avatars.php
Line 523: "base64_encode( wp_generate_password( 64, true..."
Edit: /buddypress/bp-core/admin/bp-core-admin-schema.php
Line 518: "base64_encode( wp_generate_password( 64, true..."
Edit: /buddypress/bp-core/bp-core-update.php
Line 156: "base64_decode( stripslashes( $_COOKIE['bp_com..."
Edit: /buddypress/bp-groups/bp-groups-actions.php
Line 275: "base64_encode( json_encode( $bp->groups->comp..."
Edit: /buddypress/bp-groups/bp-groups-actions.php
Line 37: "base64 Encoding..."
Edit: /tac/tac.php
Line 38: "base64 functions...."
Edit: /tac/tac.php
Line 48: "base64")) // Check for any base64 functions..."
Edit: /tac/tac.php
Line 54: "base64"), 0, 45))) . "...\"</div>";..."
Edit: /tac/tac.php

 

Odnośnik do komentarza
Udostępnij na innych stronach

@Slowa Istnieje małe prawdopodobieństwo, że jest jakiś problem z bezpieczeństwem i wirusami, ale niekoniecznie - zdecydowana większość wymienionych linii to standardowe linie, które się znajdują we wspomnianych plikach.

 

Jeśli chcesz, podeślij dostęp do FTP do mnie na pw, dokonam bezpłatnie sprawdzenia i powiem Ci co jest grane.

Właściciel w simpleideas.pl - serwery, migracje, SEO, optymalizacja wydajnościowa i pagespeed, odwirusowywanie

Polecam serwery VPS oraz hosting z oferty webh.pl - 20% rabatu z kodem PROMO777.

Sprawdź także niezależne forum o hostingu.

Odnośnik do komentarza
Udostępnij na innych stronach

  • 2 tygodnie później...
  W dniu 9.03.2018 o 21:03, theqkash napisał(a):

@Slowa Istnieje małe prawdopodobieństwo, że jest jakiś problem z bezpieczeństwem i wirusami, ale niekoniecznie - zdecydowana większość wymienionych linii to standardowe linie, które się znajdują we wspomnianych plikach.

 

Jeśli chcesz, podeślij dostęp do FTP do mnie na pw, dokonam bezpłatnie sprawdzenia i powiem Ci co jest grane.

Rozwiń  

 

Na czym to sprawdzenie polega ?

Odnośnik do komentarza
Udostępnij na innych stronach

  W dniu 18.03.2018 o 09:29, Slowa napisał(a):

Na czym to sprawdzenie polega ?

Rozwiń  


Na tym, że przejrzę pliki które są w wykazie oraz pozostałe pliki w poszukiwaniu czegoś podejrzanego. Jeżeli coś będzie, dam znać.

 

  W dniu 18.03.2018 o 10:13, AdamBoganD napisał(a):

Wordfence

Rozwiń  


Wordfence nie działa poprawnie na niektórych zainfekowanych instalacjach.

Właściciel w simpleideas.pl - serwery, migracje, SEO, optymalizacja wydajnościowa i pagespeed, odwirusowywanie

Polecam serwery VPS oraz hosting z oferty webh.pl - 20% rabatu z kodem PROMO777.

Sprawdź także niezależne forum o hostingu.

Odnośnik do komentarza
Udostępnij na innych stronach

  • 4 tygodnie później...

@AdamBoganD jakieś są dobre klienty FTP - które polecisz?

 

@jimmi  co to znaczy postawić backup? W sensie przywrócić czy tak ? 


A czy jest taka możliwość że nawet po przywróceniu backupu to dalej zostanie jakiś "syf" gdzieś obok na serwerze?

Jak najlepiej robić backup i czy ma to znaczenie wgle . To znaczy - samego wordpressa czy lepiej całego serwera ? Nie wiem nie znam się 

Odnośnik do komentarza
Udostępnij na innych stronach

Problemem nie jest klient ftp ale sam protokół - należy korzystać z sftp/scp a to czy użyjesz winscp, filezilli, total commandera itp. nie ma znaczenia.

Wordfence to głównie złudzenia bezpieczeństwa, proponuję zapoznać się choćby z wpmagus.pl/pliki/prezentacje/mity-nie-bezpieczenstwa/

Odnośnik do komentarza
Udostępnij na innych stronach

  • 3 tygodnie później...

Nie rozumiem jednej rzeczy, z całym szacunkiem dla twórcy poradnika od wpmagus-  Przecież ithemes security pro robi dokładnie to co w tym poradniku - i na stronie ithemes wyraźnie jest zaznaczone, że nie chroni to przed włamem lecz zmniejsza ryzyko ataku.  Ponadto daje możliwość dwuetapowego logowania, blokuje bruteforce, pozwala na banowanie ip itp... 

Jeśli rzeczywiście chcesz zaoszczędzić pieniądze na wtyczkach i motywach do WordPress oraz otrzymać roczny dostęp do najnowszej wersji Wtyczki lub Motywu do WordPress sprawdź ofertę Wphocus.com

 

 
Odnośnik do komentarza
Udostępnij na innych stronach

Zarchiwizowany

Ten temat przebywa obecnie w archiwum. Dodawanie nowych odpowiedzi zostało zablokowane.

  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Umieściliśmy na Twoim urządzeniu pliki cookie, aby pomóc Ci usprawnić przeglądanie strony. Możesz dostosować ustawienia plików cookie, w przeciwnym wypadku zakładamy, że wyrażasz na to zgodę. Warunki użytkowania Polityka prywatności