警惕!小心WordPress程序类型的钓鱼网站
今天收到一封邮件,提升安全更新升级,很明显是一个钓鱼网站。
伪装你的网站后台登录。其实真实的网址是这个:
https://wp-safe-connect.com/wp-login.php?token=ZnFjaHxmZW5nc2NuLmNvbQ==
代码中也能看出
<!DOCTYPE html><html lang="en-US" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#" data-fbscriptallow="true" data-cbscriptallow="true" data-wgscriptallow="true" data-scrapbook-source="https://bimbelsnbt.com//wp-login.php" data-scrapbook-create="20231128200627020"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Log In ‹ fengscn.com — WordPress</title>
<meta name="robots" content="noindex, follow">
<link rel="shortcut icon" href="fav.ico" type="image/x-icon">
<!-- Apple Touch Icon -->
<link rel="apple-touch-icon" sizes="180x180" href="https://bimbelsnbt.com/wp-content/uploads/2023/04/favicon-bimbel-les-privat-edumatrix.jpg">
<!-- Android Icon -->
<link rel="icon" sizes="192x192" href="favicon-bimbel-les-privat-edumatrix.jpg">
<!-- MS Edge Icon -->
<meta name="msapplication-TileImage" content="https://bimbelsnbt.com/wp-content/uploads/2023/04/favicon-bimbel-les-privat-edumatrix.jpg">
<link rel="stylesheet" id="dashicons-css" href="dashicons.min.css" type="text/css" media="all">
<link rel="stylesheet" id="buttons-css" href="buttons.min.css" type="text/css" media="all">
<link rel="stylesheet" id="forms-css" href="forms.min.css" type="text/css" media="all">
<link rel="stylesheet" id="l10n-css" href="l10n.min.css" type="text/css" media="all">
<link rel="stylesheet" id="login-css" href="login.min.css" type="text/css" media="all">
<meta name="generator" content="Site Kit by Google 1.111.1"> <meta name="referrer" content="strict-origin-when-cross-origin">
<meta name="viewport" content="width=device-width">
</head>
<body class="login js login-action-login wp-core-ui locale-en-us">
<div id="login">
<h1><a href="https://wordpress.org/">Powered by WordPress</a></h1>
<form name="loginform" id="loginform" action="/wp-login.php" method="post">
<p>
<label for="user_login">Username or Email Address</label>
<input type="text" name="log" id="user_login" class="input" value="fqch" size="20" autocapitalize="none" autocomplete="username" required="required">
</p>
<div class="user-pass-wrap">
<label for="user_pass">Password</label>
<div class="wp-pwd">
<input type="password" name="pwd" id="user_pass" class="input password-input" value="" size="20" autocomplete="current-password" spellcheck="false" required="required">
<button type="button" class="button button-secondary wp-hide-pw hide-if-no-js" data-toggle="0" aria-label="Show password">
<span class="dashicons dashicons-visibility" aria-hidden="true"></span>
</button>
</div>
</div>
<p class="forgetmenot"><input name="rememberme" type="checkbox" id="rememberme" value="forever"> <label for="rememberme">Remember Me</label></p>
<p class="submit">
<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="Log In">
<input type="hidden" name="redirect_to" value="https://fengscn.com/wp-admin/">
<input type="hidden" name="testcookie" value="1">
</p>
</form>
<p id="nav">
<a href="https://bimbelsnbt.com/wp-login.php?action=lostpassword">Lost your password?</a> </p>
<p id="backtoblog">
<a href="https://fengscn.com/">← Go to https://fengscn.com</a> </p>
</div>
<div class="clear"></div>
</body></html>不知道是国内还是国外的钓鱼选手。大家遇到的话还是要小心的。虽然说套取的密码可以修改。但是重要的网站丢失重要的数据,那就大可不必了。
原创文章,作者:超哥,如若转载,请注明出处:https://www.chaoneo.cn/archives/3494.html
如果您觉得超哥分享对您有所帮助的话,记得打赏给我😀