Home > Cloud Computing > Cloud Security

Worldpress background shell and repair methods

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Ytshengang kiyou (added on the basis of the original) from the shell method is tested by himself in this example and the fix method.

First, open the wp site and view the source code.

 

 

You can see that the other party uses the Hcms topic and the path of the topic.

Http://www.2cto.com/wp-content/themes/Hcms/

Go to the background and select "appearance"> "edit.

 

In this case, you can find a template on the right and edit it as the yster required by tester. Remember to save. (The password is incorrect during the test and cannot be linked for multiple times. However, it is strange that pwd can be directly linked to a pure number ..)

Special case: WordPress for SAE prohibits you from modifying the theme code online. You can download the code to your local device, modify the code, and upload the code again. If you encounter this problem, since you have all obtained the background password, try to see if you can break through the sae code management. In this case, you may encounter the SAE Security Authentication-security password. Since all of them have the background pwd, try this password again. If the code is edited smoothly, the effect is the same.

 

Finally, the obtained path of yundun is: http://www.2cto.com/wp-content/themes/Hcms/DES/yund.php.

 

The test is successful.

 

Solution:

1. Locking permissions, preferably readable and non-writable. (Sina cloud databases only have very low read and write permissions, while general database write permissions are very large, for example .)

2. enhance security, such as the SAE Security Authentication mentioned in the article. (It is better not to be the same as pwd in the background)

3. Hide or set the absolute directory of a fake topic and reject hacker from the first step. (I guess the specific implementation method can be explained by Daniel)

Note: This is a test conducted by the author on a friend's blog. It is a personal database, so the permission is relatively high.

Author: Blackeagle from: www. blackeagle. name

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More