Tusaha Maqaalka
Ku dhawaad 90% waxaa sababa "code xaasidnimo".
WordPressIn ka badan 80% mareegaha ayaa ah plugins keena kood xaasidnimo ah akoonnada mareegaha (waxaa jira plugins degel rasmi ah, plugins streaming online, iwm.).
Midda kale waa in mawduuca (nooca dillaacsan, mawduuca budhcad-badeedda) uu yahay "code xaasidnimo" ama "faras trojan gadaasha" kaas oo soo gala server-ka si uu u faafiyo burburka.
hadda,Chen WeiliangMa ku tusi doonaa sida loo helo wakhti ka hor adiga oo falanqeynaya koodhka mawduuca WordPress?
Falanqee oo ka saar koodka xaasidnimada leh ee function.php
Waxa ugu badan ee ku saabsan "code xaasidnimo" ee WordPress waa function(s) .php ee hagaha mawduuca.
Dhamaadka faylka function.php, inta badan waxaa jira faallo xidhitaan sida tan:
//全部结束 ?>
Haddii aad ogaato in aysan jirin faallo xiritaan oo kale ah markaa waxaad hubtaa in faylkaaga function.php la farageliyay oo aad u baahan tahay inaad hubiso.
Waa maxay koodka xaasidnimada leh ee mawduuca WordPress?
Tusaale ahaan, khadka soo socda ee koodka:
- function_checkactive_widgets
- function_check_active_widget
- shaqada _hel_allwidgets_cont
- shaqada _hel_all_widgetcont
- stripos function
- shaqada stripos
- scandir function
- function _getprepare_widget
- function_prepared_widget
- shaqada __boosyada caanka ah
- add_action ("admin_head", "_checkactive_widgets");
- add_action ("init", "_getprepare_widget");
- _verify_isactivate_widgets
- _Check_isactive_widget
- _hel_allwidgetscont
- _diyaari_widgets
- __posts_ caan ah
- Saf kastaa waa madaxbannaan yahay.
- Haddii aad leedahay mid ka mid ah koodka kore ee function.php markaas waxaa laga yaabaa in lagu qaadsiiyo kood xaasidnimo ah.
- Waxaa ka mid ah, function, add_action, iwm. inta badan waa kood ka tirsan "code xaasidnimo" iyo "hawlaha diyaarinta".
Sida loo saaro function.php code fayraska xaasidnimo?
Sidoo kale way fududahay in la nadiifiyo.
Kaliya faylka function.php, hel koodhka kore oo tirtir.
Laakin marka uu cudurku qaado, dhammaan mawduucyada ku jira buugga mawduuca waa la qaadi doonaa.
Markaa waxaad ogaataa in mawduuca hadda la isticmaalay aanu ansax ahayn, oo marka la nadiifiyo, si dhakhso ah ayaa loo soo saari doonaa.
Kadib nadiifinta koodhka mawduuca, dhig faylka functional.php rukhsadaha 444 ka dibna nadiifi mawduucyo kale.
Ugu dambeyntii, ma u baahan tahay inaad beddesho oggolaanshaha ku soo celi faylka functional.php,Chen WeiliangWaxaa lagu talinayaa in 444 ogolaansho ay aad ammaan u yihiin.
Markaad rabto inaad wax ka beddesho, waa caadi inaad wax ka beddesho markaa.
Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ ) la wadaago "Waa maxay koodka xaasidnimada leh ee mawduuca WordPress?Shabakadda Analysis Code Malicious" si uu kuu caawiyo.
Ku soo dhawoow inaad wadaagto xiriirka maqaalkan:https://www.chenweiliang.com/cwl-1579.html
Ku soo dhawoow kanaalka Telegramka ee Chen Weiliang's blog si aad u hesho wararkii ugu dambeeyay!
📚 Hagahan waxa uu ka kooban yahay qiimo aad u weyn, 🌟Tani waa fursad naadir ah, ha seegin! ⏰⌛💨
Share iyo like saar hadaad jeceshahay!
Wadaagistaada iyo jeceylkaaga ayaa ah dhiirigelintayada joogtada ah!