網站目錄常見駭客攻擊用病毒蠕蟲與後門危險檔案清單|WordPress Joomla CMS 內容網站

National System Monitoring Hacker Code Secret Safe

如果你是 WordPress、Joomla、Drupal 等內容網站(Content Management System,CMS)、論壇(Forum)或是自架網站的 IT 技術管理者,建議你經常檢查網站目錄下是否有來歷不明或是名稱詭異的陌生檔案。

在網站目錄、子目錄下發現這些陌生檔案,很有可能就是黑帽駭客(Black Hat,又稱網路犯罪者(Cybercriminal))用來攻擊你的網站,甚至把你的網站當跳板攻擊別人用的病毒蠕蟲或後門的危險檔案。

我先前寫過一篇《資安漏洞:WordPress 11 種外掛 Plugins 和佈景主題 Themes 安全性問題》介紹 WordPress 網站經常遇到的危險。

但是現代駭客的攻擊手法時常變動,我們特別將比較常見的危險檔案名稱整理於本文章,並且隨時更新以後市面上常見的最新資訊,讓你在檢查自家網站的目錄時可以有個參考列表。

危險檔案名稱列表

網站根目錄

  • Sisi.php
  • user.php
  • seter.php
  • ivjzx.php
  • zkuhj.php
  • yt.php

網站子目錄

  • /plus/flink.php
  • /plus/moon.php
  • /plus/download.php
  • /plus/mytag_js.php
  • /admin/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php
  • /editor/editor/filemanager/connectors/aspx/connector.aspx
  • /assets/modules/evogallery/js/uploadify/uploadify.php
  • /modules/vtemskitter/uploadimage.php
  • /modules/verticalmegamenus/VerticalMegaMenusUploadImage.php
  • /modules/groupcategory/GroupCategoryUploadImage.php
  • /不特定目錄/wlwmanifest.xml

WordPress Plugins 外掛

  • /wp-content/plugins/wp-symposium/server/php/index.php
  • /wp-content/plugins/mac-dock-gallery/macdownload.php
  • /wp-content/plugins/dzs-zoomsounds/admin/upload.php
  • /wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php
  • /wp-content/plugins/cherry-plugin/admin/import-export/upload.php
  • /wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields
  • /wp-content/plugins/wp-property/third-party/uploadify/uploadify.php
  • /wp-content/plugins/simple-ads-manager/sam-ajax-admin.php
  • /wp-content/plugins/dzs-videogallery/admin/upload.php
  • /wp-content/plugins/barclaycart/uploadify/uploadify.php
  • /wp-content/plugins/sexy-contact-form/includes/fileupload/index.php
  • /wp-content/plugins/pitchprint/uploader/
  • /wp-content/plugins/cnhk-slideshow/uploadify/uploadify.php
  • /wp-content/plugins/custom-background/uploadify/uploadify.php
  • /wp-content/plugins/asset-manager/upload.php
  • /wp-content/plugins/wordpress-member-private-conversation/doupload.php
  • /wp-content/plugins/flipbook/php.php
  • /wp-content/plugins/wpstorecart/php/upload.php
  • /wp-content/plugins/wpshop/includes/ajax.php?elementCode=ajaxUpload
  • /wp-content/plugins/wp-symposium/js/uploadify/uploadify.php
  • /wp-content/plugins/formcraft/file-upload/server/php/
  • /wp-content/plugins/pica-photo-gallery/picaPhotosResize.php
  • /wp-content/plugins/wp-copysafe-pdf/lib/uploadify/uploadify.php
  • /wp-content/plugins/woocommerce-custom-t-shirt-designer/includes/templates/
  • /wp-content/plugins/acf-frontend-display/js/blueimp-jQuery-File-Upload-d45deb1
  • /wp-content/plugins/omni-secure-files/plupload/examples/upload.php
  • /wp-content/plugins/i-dump-iphone-to-wordpress-photo-uploader/uploader.php
  • /wp-content/plugins/wordpress-member-private-conversation/doupload.php
  • /wp-content/plugins/wp-checkout/vendors/uploadify/upload.php
  • /wp-content/plugins/logosware-suite-uploader/lw-suite-uploader.php
  • /wp-content/plugins/viral-optins/api/uploader/file-uploader.php
  • /wp-content/themes/purevision/scripts/admin/uploadify/uploadify.php

WordPress Theme 佈景主題

  • /wp-content/themes/evolve/js/back-end/libraries/fileuploader/upload_handler.php
  • /wp-content/themes/satoshi/functions/upload-handler.php
  • /wp-content/themes/multimedia1/server/php/
  • /wp-content/themes/betheme/muffin-options/fields/upload/field_upload.php
  • /wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php
  • /wp-content/themes/dandelion/functions/upload-handler.php
  • /wp-content/themes/highlight/lib/utils/upload-handler.php
  • /wp-content/themes/dance-studio/core/libs/imperavi/tests/file_upload.php
  • /wp-content/themes/ithemes2/themify/themify-ajax.php?upload=1
  • /wp-content/themes/amplus/functions/upload-handler.php
  • /wp-content/themes/AdvanceImage5/header.php
  • /wp-content/themes/konzept/includes/uploadify/upload.php
  • /wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php
  • /wp-content/themes/cubed_v1.2/functions/upload-handler.php
  • /wp-content/themes/MoneyTheme/uploads/upload.php
  • /wp-content/themes/eptonic/functions/jwpanel/scripts/valums_uploader/php.php
  • /wp-content/themes/pinboard/themify/themify-ajax.php?upload=1

Joomla、Drupal、論壇網站

  • empty
參考文獻
  1. WordPress 根目錄檢查 wp-config.??? 不明檔案|網路安全漏洞
  2. 資安漏洞:WordPress 11 種外掛 Plugins 和佈景主題 Themes 安全性問題
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

工程師

做你的外套 擁抱著卻不被擁抱 聽到你對他的撒嬌 可笑的是我沒資格計較(誤)!工程師不是工具人,更不是愛的僕人喔(是在傲嬌什麼)。

您可能也會喜歡…

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *