– Correction de WordPress WordPress en français

0
0
0

Un utilisateur a demandé 👇

# Dit ok (probablement rien)
https://sitecheck.sucuri.net/results/https/domain1.com

récupérez simplement index.php :

<?php
// Silence is golden

C’est TRÈS COMPLET là-bas!

# first discovered this string in files that do not exist in other installations:
/home/user/web/domain.com/public_html/wp-content/themes
-rw-r--r-- 1 admin admin   28 May 14  2019 index.php
-rwxr-xr-x 1 admin admin   28 May 14  2019 .index.php.jq2vTZ
-rwxr-xr-x 1 admin admin  95K May 14  2019 temp-write-test-1498539297
drwxr-xr-x 7 admin admin 4.0K Apr  4 13:16 twentythirteen

# Que fait ce test d’écriture ? # temp-write-test-1498539297 /home/user/web/domain1.com/public_html/wp-admin/includes/file.php (sha512sum 707c3775066635c2c5b903c1e6bd4fd567ce48b73a8f94575b07690b26c

# both index.php's content:
<?php
// Silence is golden.

# content search for this term in all files of web root:
time find /home/user/web/ -type f -not -path "/proc/*" -not -path "/sys/*" -not -path "/dev/*" | xargs grep --color=auto -s -l -i "Silence is golden"

# result: (many many files contain this really confusing string)
/home/user/web/domain1.com/public_html/wp-admin/includes/privacy-tools.php
/home/user/web/domain1.com/public_html/wp-admin/includes/plugin.php
/home/user/web/domain1.com/public_html/wp-content/plugins/index.php
/home/user/web/domain1.com/public_html/wp-content/plugins/duplicator/languages/index.php
/home/user/web/domain1.com/public_html/wp-content/plugins/duplicator/lib/index.php
/home/user/web/domain1.com/public_html/wp-content/index.php
/home/user/web/domain1.com/public_html/wp-content/themes/.index.php.szHhht
/home/user/web/domain1.com/public_html/wp-content/themes/index.php

/home/user/web/domain2.com/public_html/wp-admin/includes/privacy-tools.php
/home/user/web/domain2.com/public_html/wp-admin/includes/plugin.php
/home/user/web/domain2.com/public_html/wp-content/plugins/index.php
/home/user/web/domain2.com/public_html/wp-content/plugins/duplicator/languages/index.php
/home/user/web/domain2.com/public_html/wp-content/plugins/duplicator/lib/index.php
/home/user/web/domain2.com/public_html/wp-content/themes/index.php
/home/user/web/domain2.com/public_html/wp-content/index.php

/home/user/web/domain3.com/public_html/wp-admin/includes/plugin.php
/home/user/web/domain3.com/public_html/wp-admin/includes/privacy-tools.php
/home/user/web/domain3.com/public_html/wp-content/plugins/index.php
/home/user/web/domain3.com/public_html/wp-content/plugins/duplicator/languages/index.php
/home/user/web/domain3.com/public_html/wp-content/plugins/duplicator/lib/index.php
/home/user/web/domain3.com/public_html/wp-content/themes/index.php
/home/user/web/domain3.com/public_html/wp-content/index.php

/home/user/web/domain4.com/public_html/wp-admin/includes/plugin.php
/home/user/web/domain4.com/public_html/wp-admin/includes/privacy-tools.php
/home/user/web/domain4.com/public_html/wp-content/plugins/index.php
/home/user/web/domain4.com/public_html/wp-content/themes/index.php

# those files all contain only this string
cat /home/user/web/domain1.com/public_html/wp-content/index.php
<?php
// Silence is golden.
cat /home/user/web/domain1.com/public_html/wp-content/themes/.index.php.szHhht
<?php
// Silence is golden.
cat /home/user/web/domain1.com/public_html/wp-content/themes/index.php
<?php
// Silence is golden.
cat /home/user/web/domain1.com/public_html/wp-content/uploads/wp-personal-data-exports/index.html

time find /home/user/web/ -type f -not -path "/proc/*" -not -path "/sys/*" -not -path "/dev/*" | xargs grep --color=auto -s -l -i "pastebin"

c’est la fonction dans le fichier .php liée à “test-write”

/**
 * Determines which method to use for reading, writing, modifying, or deleting
 * files on the filesystem.
 *
 * The priority of the transports are: Direct, SSH2, FTP PHP Extension, FTP Sockets
 * (Via Sockets class, or <code>fsockopen()</code>). Valid values for these are: 'direct', 'ssh2',
 * 'ftpext' or 'ftpsockets'.
 *
 * The return value can be overridden by defining the <code>FS_METHOD</code> constant in <code>wp-config.php</code>,
 * or filtering via {@see 'filesystem_method'}.
 *
 * @link https://wordpress.org/support/article/editing-wp-config-php/#wordpress-upgrade-constants
 *
 * Plugins may define a custom transport handler, See WP_Filesystem().
 *
 * @since 2.5.0
 *
 * @global callable $_wp_filesystem_direct_method
 *
 * @param array  $args                         Optional. Connection details. Default empty array.
 * @param string $context                      Optional. Full path to the directory that is tested
 *                                             for being writable. Default empty.
 * @param bool   $allow_relaxed_file_ownership Optional. Whether to allow Group/World writable.
 *                                             Default false.
 * @return string The transport to use, see description for valid return values.
 */
function get_filesystem_method( $args = array(), $context="", $allow_relaxed_file_ownership = false ) {
        // Please ensure that this is either 'direct', 'ssh2', 'ftpext', or 'ftpsockets'.
        $method = defined( 'FS_METHOD' ) ? FS_METHOD : false;

        if ( ! $context ) {
                $context = WP_CONTENT_DIR;
        }

        // If the directory doesn't exist (wp-content/languages) then use the parent directory as we'll create it.
        if ( WP_LANG_DIR == $context && ! is_dir( $context ) ) {
                $context = dirname( $context );
        }

        $context = trailingslashit( $context );

        if ( ! $method ) {

                $temp_file_name = $context . 'temp-write-test-' . str_replace( '.', '-', uniqid( '', true ) );


(@carike)

il y a 7 mois, 3 semaines

// Silence is golden je index.php un fichier empêche quelqu’un de voir le code dans ce dossier.

Ne l’enlevez pas. Il est là pour une bonne raison.


(@ canoodle2)

il y a 7 mois, 3 semaines

Merci pour votre réponse.

désolé, mais le fil pourrait donner une meilleure explication de XD, par exemple : “ce fichier index.php est tout à fait normal et à cet endroit pour empêcher quelqu’un de voir le code dans ce dossier”


(@carike)

il y a 7 mois, 3 semaines

Non 🙂
// Silence is golden
L’étalon-or C’est ce qui sera affiché au premier plan si quelqu’un essaie d’accéder aux fichiers de ce dossier.


(@ canoodle2)

il y a 7 mois, 3 semaines

eh bien, quelqu’un qui tombe amoureux pourrait penser : « merde. suis-je piraté ? et ils n’ont pas remarqué car “Golden Silence” c’est aussi pour les hackers XD

Cela a-t-il résolu votre problème ?

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *