Pregunta sobre Arreglando WordPress de Wordpress:

Un usuario preguntó 👇

# Dice que está bien (probablemente nada)
https://sitecheck.sucuri.net/results/https/domain1.com

solo obtén index.php:

<?php
// Silence is golden

¡ahí está MUY LLENO!

# first discovered this string in files that do not exist in other installations:
/home/user/web/domain.com/public_html/wp-content/themes
-rw-r--r-- 1 admin admin   28 May 14  2019 index.php
-rwxr-xr-x 1 admin admin   28 May 14  2019 .index.php.jq2vTZ
-rwxr-xr-x 1 admin admin  95K May 14  2019 temp-write-test-1498539297
drwxr-xr-x 7 admin admin 4.0K Apr  4 13:16 twentythirteen

# ¿Qué está haciendo esta prueba de escritura? # Temp-write-test-1498539297 /home/user/web/domain1.com/public_html/wp-admin/includes/file.php (sha512sum 707c3775066635c2c5b903c1e6bd4fd567ce48b73a8f94575b07690b26c

# both index.php's content:
<?php
// Silence is golden.

# content search for this term in all files of web root:
time find /home/user/web/ -type f -not -path "/proc/*" -not -path "/sys/*" -not -path "/dev/*" | xargs grep --color=auto -s -l -i "Silence is golden"

# result: (many many files contain this really confusing string)
/home/user/web/domain1.com/public_html/wp-admin/includes/privacy-tools.php
/home/user/web/domain1.com/public_html/wp-admin/includes/plugin.php
/home/user/web/domain1.com/public_html/wp-content/plugins/index.php
/home/user/web/domain1.com/public_html/wp-content/plugins/duplicator/languages/index.php
/home/user/web/domain1.com/public_html/wp-content/plugins/duplicator/lib/index.php
/home/user/web/domain1.com/public_html/wp-content/index.php
/home/user/web/domain1.com/public_html/wp-content/themes/.index.php.szHhht
/home/user/web/domain1.com/public_html/wp-content/themes/index.php

/home/user/web/domain2.com/public_html/wp-admin/includes/privacy-tools.php
/home/user/web/domain2.com/public_html/wp-admin/includes/plugin.php
/home/user/web/domain2.com/public_html/wp-content/plugins/index.php
/home/user/web/domain2.com/public_html/wp-content/plugins/duplicator/languages/index.php
/home/user/web/domain2.com/public_html/wp-content/plugins/duplicator/lib/index.php
/home/user/web/domain2.com/public_html/wp-content/themes/index.php
/home/user/web/domain2.com/public_html/wp-content/index.php

/home/user/web/domain3.com/public_html/wp-admin/includes/plugin.php
/home/user/web/domain3.com/public_html/wp-admin/includes/privacy-tools.php
/home/user/web/domain3.com/public_html/wp-content/plugins/index.php
/home/user/web/domain3.com/public_html/wp-content/plugins/duplicator/languages/index.php
/home/user/web/domain3.com/public_html/wp-content/plugins/duplicator/lib/index.php
/home/user/web/domain3.com/public_html/wp-content/themes/index.php
/home/user/web/domain3.com/public_html/wp-content/index.php

/home/user/web/domain4.com/public_html/wp-admin/includes/plugin.php
/home/user/web/domain4.com/public_html/wp-admin/includes/privacy-tools.php
/home/user/web/domain4.com/public_html/wp-content/plugins/index.php
/home/user/web/domain4.com/public_html/wp-content/themes/index.php

# those files all contain only this string
cat /home/user/web/domain1.com/public_html/wp-content/index.php
<?php
// Silence is golden.
cat /home/user/web/domain1.com/public_html/wp-content/themes/.index.php.szHhht
<?php
// Silence is golden.
cat /home/user/web/domain1.com/public_html/wp-content/themes/index.php
<?php
// Silence is golden.
cat /home/user/web/domain1.com/public_html/wp-content/uploads/wp-personal-data-exports/index.html

time find /home/user/web/ -type f -not -path "/proc/*" -not -path "/sys/*" -not -path "/dev/*" | xargs grep --color=auto -s -l -i "pastebin"

esta es la función en el archivo .php relacionada con «prueba-escritura»

/**
 * Determines which method to use for reading, writing, modifying, or deleting
 * files on the filesystem.
 *
 * The priority of the transports are: Direct, SSH2, FTP PHP Extension, FTP Sockets
 * (Via Sockets class, or <code>fsockopen()</code>). Valid values for these are: 'direct', 'ssh2',
 * 'ftpext' or 'ftpsockets'.
 *
 * The return value can be overridden by defining the <code>FS_METHOD</code> constant in <code>wp-config.php</code>,
 * or filtering via {@see 'filesystem_method'}.
 *
 * @link https://wordpress.org/support/article/editing-wp-config-php/#wordpress-upgrade-constants
 *
 * Plugins may define a custom transport handler, See WP_Filesystem().
 *
 * @since 2.5.0
 *
 * @global callable $_wp_filesystem_direct_method
 *
 * @param array  $args                         Optional. Connection details. Default empty array.
 * @param string $context                      Optional. Full path to the directory that is tested
 *                                             for being writable. Default empty.
 * @param bool   $allow_relaxed_file_ownership Optional. Whether to allow Group/World writable.
 *                                             Default false.
 * @return string The transport to use, see description for valid return values.
 */
function get_filesystem_method( $args = array(), $context = '', $allow_relaxed_file_ownership = false ) {
        // Please ensure that this is either 'direct', 'ssh2', 'ftpext', or 'ftpsockets'.
        $method = defined( 'FS_METHOD' ) ? FS_METHOD : false;

        if ( ! $context ) {
                $context = WP_CONTENT_DIR;
        }

        // If the directory doesn't exist (wp-content/languages) then use the parent directory as we'll create it.
        if ( WP_LANG_DIR == $context && ! is_dir( $context ) ) {
                $context = dirname( $context );
        }

        $context = trailingslashit( $context );

        if ( ! $method ) {

                $temp_file_name = $context . 'temp-write-test-' . str_replace( '.', '-', uniqid( '', true ) );

(@carike)

Hace 7 meses, 3 semanas

// Silence is golden yo index.php un archivo evita que alguien vea el código en esa carpeta.

No lo quite. Está ahí por una buena razón.

(@ canoodle2)

Hace 7 meses, 3 semanas

gracias por su respuesta.

lo siento, pero el cable podría dar una mejor explicación de XD, por ejemplo: «este archivo index.php es completamente normal y en este lugar para evitar que alguien vea el código en esa carpeta»

(@carike)

Hace 7 meses, 3 semanas

Nop 🙂
// Silence is golden
el estandarte de oro. Eso es lo que se mostrará en el frente si alguien intenta acceder a los archivos de esa carpeta.

(@ canoodle2)

Hace 7 meses, 3 semanas

bueno, alguien que se enamora podría pensar: “mierda. estoy hackeado? y no lo notaron porque «Golden Silence» también es para piratas informáticos de XD

¿Solucionó tu problema??

0 / 0

Deja una respuesta 0

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *