WordPress没有响应
我有一个被黑客攻击的WordPress站点,攻击者设法使用php代码攻击邮件系统,我清理了代码,但网站似乎没有像以前那样响应(http://heroleads.com/thailand)。
我查看了日志,似乎php进程正在被杀死,我无法弄清楚问题所在。
Oct 23 07:07:41 leadhero lfd[46958]: *Suspicious Process* PID:46217 PPID:29512 User:herolead Uptime:75 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:07:41 leadhero lfd[46958]: *User Processing* PID:46920 Kill:0 User:herolead VM:245(MB) EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/wp-admin/admin-ajax.php Oct 23 07:07:41 leadhero lfd[46958]: *User Processing* PID:46905 Kill:0 User:herolead VM:261(MB) EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/wp-admin/admin-ajax.php Oct 23 07:08:41 leadhero lfd[47294]: *Suspicious Process* PID:46605 PPID:41522 User:herolead Uptime:114 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:08:41 leadhero lfd[47294]: *Suspicious Process* PID:46855 PPID:35891 User:herolead Uptime:75 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:09:41 leadhero lfd[47837]: *Suspicious Process* PID:47213 PPID:29156 User:herolead Uptime:75 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:09:41 leadhero lfd[47837]: *User Processing* PID:47657 Kill:0 User:herolead VM:273(MB) EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/wp-admin/admin.php Oct 23 07:10:41 leadhero lfd[48098]: *Suspicious Process* PID:47758 PPID:44027 User:herolead Uptime:75 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:10:42 leadhero lfd[48098]: *User Processing* PID:48004 Kill:0 User:herolead VM:277(MB) EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/wp-admin/admin-ajax.php Oct 23 07:11:42 leadhero lfd[48550]: *Suspicious Process* PID:48055 PPID:47692 User:herolead Uptime:75 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:11:42 leadhero lfd[48546]: *Email Queue* The exim delivery queue size is 85987 Oct 23 07:12:42 leadhero lfd[48834]: *Suspicious Process* PID:48498 PPID:46614 User:herolead Uptime:76 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:13:42 leadhero lfd[49101]: *Suspicious Process* PID:48785 PPID:43139 User:herolead Uptime:76 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:13:57 leadhero lfd[49334]: *Exceeded LOCALRELAY limit* from nfp (101 in the last hour) Oct 23 07:14:42 leadhero lfd[49470]: *Suspicious Process* PID:48977 PPID:44027 User:herolead Uptime:76 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:15:42 leadhero lfd[49635]: *Suspicious Process* PID:49444 PPID:41522 User:herolead Uptime:76 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:15:42 leadhero lfd[49635]: *User Processing* PID:49628 Kill:0 User:herolead VM:245(MB) EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/wp-admin/admin-ajax.php Oct 23 07:16:42 leadhero lfd[50157]: *Suspicious Process* PID:49596 PPID:29156 User:herolead Uptime:76 secs EXE:/usr/bin/php CMD:/usr/bin/php /home/herolead/public_html/thailand/index.php Oct 23 07:16:43 leadhero lfd[50155]: *Suspicious File* /tmp/index.php [leadhero:leadhero (508:506)] - Script, file extension
回答 2
Stack Overflow用户
发布于 2015-10-23 22:32:24
您可以尝试使用https://wordpress.org/plugins/wordfence/扫描功能扫描网站。我想你的网站里面有一些恶意软件。Wordfence扫描功能可以检测常见的恶意软件,它已经帮了我很多次。
致以敬意,
阿迪
Stack Overflow用户
发布于 2015-10-24 03:26:47
提供的日志是LFD日志,它显示您的站点正在使用一些额外的内存,并花费一些时间在您的服务器上执行php进程。我建议您使用http://sitecheck.sucuri.net/检查您的站点,并在您的帐户中安装BulletProof安全或字围栏安全插件来保护您的站点。
另外,我可以看到您拥有root访问权限,因此尝试使用maldet扫描您的帐户。
https://stackoverflow.com/questions/33304627
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号