[{"data":1,"prerenderedAt":89},["ShallowReactive",2],{"navigation":3,"post-\u002Fposts\u002F2024\u002Fwordpress-hacked":20,"surroundPosts-\u002Fposts\u002F2024\u002Fwordpress-hacked":77},[4,8,12,16],{"title":5,"path":6,"stem":7},"首页","\u002F","00.index",{"title":9,"path":10,"stem":11},"文章","\u002Fposts","01.posts",{"title":13,"path":14,"stem":15},"动态","\u002Fmoments","02.moments",{"title":17,"path":18,"stem":19},"关于","\u002Fabout","09.about",{"id":21,"title":22,"body":23,"class":57,"cover":57,"coverSize":57,"date":58,"description":29,"draft":59,"extension":60,"hideComments":59,"location":57,"meta":61,"navigation":62,"path":63,"readingTime":64,"seo":69,"sitemap":70,"stem":71,"tags":72,"time":57,"weather":57,"__hash__":76},"posts\u002Fposts\u002F2024\u002F20240327.wordpress-hacked.md","记录一次 WordPress 被恶意代码注入的问题",{"type":24,"value":25,"toc":54},"minimark",[26,30,33,41,51],[27,28,29],"p",{},"今天发现之前帮一个客户维护的服务器流量近期一直比较高，是平常的几十倍。看了下请求，都是一些奇奇怪怪的 URL，并且甚至还能返回 200。访问看了下，是一些别的产品的营销页，看了下请求来源，也都是一些营销机器人。",[27,31,32],{},"初步怀疑是客户 WordPress 的管理员密码被撞库了，然后 WordPress 本身又有一些漏洞导致代码文件被改了。上去看了下，发现篡改了很多文件。",[27,34,35,36,40],{},"后续就是将 WordPress 的代码恢复成之前的版本，清理了一些不用的管理员账号，并且把剩下唯一的管理员密码重新修改了。然后在 ",[37,38,39],"code",{},"Apache"," 上把流量较高的一些请求的路由和 UA 做了限制，直接禁止访问降低带宽。",[42,43,48],"pre",{"className":44,"code":46,"language":47},[45],"language-text","RewriteCond %{HTTP_USER_AGENT} (DataForSeoBot|SemrushBot) [NC,OR]\nRewriteCond %{REQUEST_URI} ^\u002Fgodsend\u002F [NC]\nRewriteRule .* - [F]\n","text",[37,49,46],{"__ignoreMap":50},"",[27,52,53],{},"后面流量就恢复正常了。",{"title":50,"searchDepth":55,"depth":55,"links":56},2,[],null,"2024-03-27",false,"md",{},true,"\u002Fposts\u002F2024\u002Fwordpress-hacked",{"text":65,"minutes":66,"time":67,"words":68},"2 min read",1.225,73500,245,{"title":22,"description":29},{"loc":63},"posts\u002F2024\u002F20240327.wordpress-hacked",[73,74,75],"技术","DevOps","WordPress","8M8kF_xksYyDPkt3CFRWkUA01rl8UzgjELJTcjEXnVY",[78,83],{"title":79,"path":80,"stem":81,"date":82,"description":50,"children":-1},"MP4Box.js 获取视频旋转信息","\u002Fposts\u002F2024\u002Fget-video-rotation-by-mp4box-js","posts\u002F2024\u002F20240522.get-video-rotation-by-mp4box-js","2024-05-22",{"title":84,"path":85,"stem":86,"date":87,"description":88,"children":-1},"群晖 DSM7.2 Web Station 网页服务重复无法删除的问题","\u002Fposts\u002F2024\u002Fhow-to-delete-web-service-of-synology-dsm-7-2","posts\u002F2024\u002F20240314.how-to-delete-web-service-of-synology-dsm-7-2","2024-03-14","今天遇到一个问题，记录一下，解决方案参考：Cannot modify \u002F delete Web Station Web Service created by Container Manager",1777580272451]