前言介紹
- 這款 WordPress 外掛「Threat Scan Plugin」是 2010-04-08 上架。
- 目前有 500 個安裝啟用數。
- 上一次更新是 2024-07-14,距離現在已有 294 天。
- 外掛最低要求 WordPress 3.0 以上版本才可以安裝。
- 有 1 人給過評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
外掛標籤
scan | virus | hacked | Threats | Malicious code |
內容簡介
這是一個非常簡單的威脅掃描工具,它會檢查內容目錄和數據庫中是否有不尋常的檔案。
它會搜尋 PHP 檔案中是否有 eval() 函數的出現,雖然 eval() 函數是 PHP 中非常有價值的一部分,但也是駭客用來感染系統的入口。除非真正需要,否則許多程式設計師會避免使用 eval() 函數。駭客有時會使用 eval() 函數來隱藏他們的惡意代碼或在感染系統時注入未來的威脅。如果您發現一個主題或外掛使用了 eval() 函數,最好刪除它並要求作者提供不使用此函數的新版本。
當您掃描系統時,您可能會看到在 JavaScript 中使用了 eval() 函數,這是因為它在 JavaScript AJAX 和 JSON 功能中使用。在這些情況下出現 eval() 函數並不意味著可能存在威脅。只是表示您應該檢查代碼,以確保它在 JavaScript 部分而不是原生 PHP 中。
該外掛繼續掃描數據庫表,尋找本不應在其中的 JavaScript 或 HTML。
通常,JavaScript 在文章主體中很常見,但如果在標題或文本字段中發現 script 標記,那可能是因為此腳本隱藏了什麼,例如隱藏的管理員使用者,以便正常管理頁面不顯示壞記錄。該掃描會尋找此類情況並顯示它認為存在可疑內容的表格和記錄號。
該掃描繼續在數據庫中查找某些 HTML,看看它是否存在於其不應存在的位置。最近的威脅已經將 HTML 放入選項表中的字段中,以便用戶會被發送到惡意站點。選項值中存在 HTML 是可疑的,應加以檢查。
插件會將某些東西放在選項表中,因此很難判斷腳本、iframe 和其他 HTML 標記是否構成威脅。它們會被報告,但在刪除這些項目之前,必須進行檢查。
此外掛僅進行簡單的掃描,並不嘗試修復任何問題。它會顯示可能不是威脅但應受檢查的檔案。如果發現任何問題,您應該嘗試維修損壞或聘請專業人員進行操作。我不是一位安全專家,而是一位在朋友的博客中發現了這些問題的程式設計師。經過多個小時的檢查,我成功解決了問題,但專業人員可能會更快更輕鬆地完成這項工作,不過他們會收取費用。
您可能沒有備份您的博客,因此如果掃描顯示您的系統很乾淨,您下一步應安裝定期備份系統的外掛之一。接下來,確保您有最新的 WordPress 版本。
如果您認為您存在問題,首先要做的是更改您的用戶 ID 和密碼。接下來備份受感染系統。任何修復 WordPress 的步驟都可能會刪除重要的數據,進而造成文章的遺失。備份將有助於恢復遺失的文章。
下一步是安裝最新版本的 WordPress,新版本通常修復了舊有威脅。
您可能希望先匯出 WordPress 文章,然後進行新的清潔安裝,接著再匯入舊文章。
如果這不起作用,那麼就是時候找專業人員進行操作了。
一次乾淨掃描並不意味著您就是安全的。請進行備份,並保持您的安裝程式是最新的!
支援
此外掛正在積極開發中,歡迎在「程式開發網頁」上提供所有意見回饋。
原文外掛簡介
This is a very simple threat scan that looks for things out of place in the content directory as well as the database.
It searches PHP files for the occurrence of the eval() function, which, although a valuable part of PHP is also the door that hackers use in order to infect systems. The eval() function is avoided by many programmers unless there is a real need. It is sometimes used by hackers to hide their malicious code or to inject future threats into infected systems. If you find a theme or a plugin that uses the eval() function it is safer to delete it and ask the author to provide a new version that does not use this function.
When you scan your system you undoubtedly see the eval used in javascript because it is used in the javascript AJAX and JSON functionality. The appearance of eval in these cases does not mean that there is a possible threat. It just means that you should inspect the code to make sure that it is in a javascript section and not native PHP.
The plugin continues its scan by checking the database tables for javascript or html where it should not be found.
Normally, javascript is common in the post body, but if the script tag is found in a title or a text field where it does not belong it is probably because the script is hiding something, such as a hidden admin user, so that the normal administration pages do not show bad records. The scan looks for this and displays the table and record number where it believes there is something hinky.
The scan continues looking in the database for certain html in places where it does not belong. Recent threats have been putting html into fields in the options table so that users will be sent to malicious sites. The presence of html in options values is suspect and should be checked.
The options table will have things placed there by plugins so it is difficult to tell if scripts, iframes, and other html tags are a threat. They will be reported, but they should be checked before deleting the entries.
This plugin is just a simple scan and does not try to fix any problems. It will show things that may not be threats, but should be checked. If anything shows up you should try to repair the damage or hire someone to do it. I am not a security expert, but a programmer who discovered these types of things in a friend’s blog. After many hours of checking I was able to fix the problem, but a professional could have done it faster and easier, although they would have charged for it.
You probably do not have a backup to your blog, so if this scan shows you are clean; your next step is to install one of the plugins that does regular backups of your system. Next make sure you have the latest WordPress version.
If you think you have problems, the first thing to do is change your user id and password. Next make a backup of the infected system. Any repairs to WordPress might delete important data so you might lose posts, and the backup will help you recover missing posts.
The next step is to install the latest version of WordPress. The new versions usually have fixes for older threats.
You may want to export your WordPress posts, make a new clean installation of WordPress, and then import the old posts.
If this doesn’t work it is time to get a pro involved.
A clean scan does not mean you are safe. Please do Backups and keep your installation up to date!
Support
This plugin is in active development. All feedback is welcome.
If this plugin helps you, you might support my programming by buying
one of my books: https://linktr.ee/keithpgraham
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Threat Scan Plugin」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
0.8 | 0.9 | 1.0 | 1.1 | 1.2 | 1.3 | 1.4 | trunk |
延伸相關外掛(你可能也想知道)
暫無相關外掛推薦。