WordPress.org

Ready to get started?Download WordPress

Forums

AntiVirus
Site hacked, here are my codes, what do I do? (3 posts)

  1. ladyguerra
    Member
    Posted 2 years ago #

    I've heard from some people that when they visited two of my sites, they got redirected to another website. I just found this plugin and scanned both sites and some came up red. I would like to know, which ones are false alarms? And which ones are hacker codes? And could I delete these codes?

    Here were my results
    Website 1:

    index.php
    <?php	include(TEMPLATEPATH . '/featured.php'); ?> <!-- calli ..
    
    functions.php
    require_once(ABSPATH . 'wp-admin/upgrade-functions.php') ...
    
    archives.php
    <?php include (TEMPLATEPATH . '/pagination.php'); ?>
    
    scripts/timthumb.php
    ... $cache_file_name = $cache_dir . '/' . get_cache_file();
    show_cache_file( $cache_dir, $mime_type );
    $mime_type = finfo_file($finfo, $file);
    line 234 $mime_type = trim(@shell_exec('file -bi $file'));
    line 283 show_cache_file($cache_dir, $mime_type);
    line 287 function show_cache_file($cache_dir) {
    line 289 $cache_file = $cache_dir . '/' . get_cache_file();
    line 321 readfile($cache_file);
    line 329 function get_cache_file () {

    Then the scan for Website 2 shows:

    index.php
    line 14 include(TEMPLATEPATH . '/wpzoom-home.php');
    
    header.php
    line 120 <?php include (TEMPLATEPATH . '/searchform.php'); ?>
    
    search.php
    line 58 <?php include (TEMPLATEPATH . '/searchform.php'); ?>
    
    scripts/timthumb.php
    line 25 if( file_exists('timthumb-config.php')) require_once('timthumb-config.php');
    
    line 203 $imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAA ...
    
    line 203... WXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb DULB3RP6JuPuaGfuuV4fumf8Puvq ...
    
    line 203... C2NQ5MQ4ZNao9Ynzjl9ScNYpnebnDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=");
    
    line 324 if(! is_file($this->cachefile)){
    
    line 331 } else if(is_file($this->cachefile)){ //If it's not a local reque ...
    
    line 440 if(! is_file($lastCleanFile)){
    
    line 720... 'png' && OPTIPNG_ENABLED && OPTIPNG_PATH && @is_file(OPTIPNG_PATH)){
    
    line 735... ng' && PNGCRUSH_ENABLED && PNGCRUSH_PATH && @is_file(PNGCRUSH_PATH)){
    
    line 741 if(is_file($tempfile2)){
    
    line 761 $fp = fopen($tempfile,'r',0,$context);
    
    line 762 file_put_contents($tempfile4, $this->filePrependSecurityBlo ...
    
    line 763 file_put_contents($tempfile4, $fp, FILE_APPEND);
    
    line 764fclose($fp);
    
    line 768 $fh = fopen($lockFile, 'w');
    
    line 776 fclose($fh);
    
    line 779 fclose($fh);
    
    line 816 if(is_file($file)){
    
    line 869 if(! is_file(WEBSHOT_CUTYCAPT)){
    
    line 872 if(! is_file(WEBSHOT_XVFB)){
    
    line 904 if(! is_file($tempfile)){
    
    line 959 if(! is_file($this->cachefile)){
    
    line 963 $fp = fopen($this->cachefile, 'rb');
    
    line 966 $imgType = fread($fp, 3);
    
     line 974 $bytesSent = @fpassthru($fp);
    
    line 975 fclose($fp);
    
    line 979 $content = file_get_contents ($this->cachefile);
    There is no virusView line 1100self::$curlFH = fopen($tempfile, 'w');
    
    There is no virusView line 1107$curl = curl_init($url);
    
    There is no virusView line 1117$curlResult = curl_exec($curl);
    
    There is no virusView line 1118fclose(self::$curlFH);
    
    There is no virusView line 1132$img = @file_get_contents ($url);
    
    There is no virusView line 1146if(! file_put_contents($tempfile, $img)){
    
    There is no virusView line 1163$bytes = @readfile($file);
    
    There is no virusView line 1167$content = @file_get_contents ($file);
    
    wpzoom_admin/admin_functions.php
    There is no virusView line 897include_once(ABSPATH . WPINC . '/rss.php');
    
    widgets/wpzoom-video-widget.php
    There is no virusView line 5add_action('widgets_init', create_function('', 'return register_widget("Video_Widget" ...
    
    ... ce = preg_replace('/[^( -)]*/','', file_get_contents($url));
    
    functions/wpzoom-video.php
    There is no virusView line 225... ce = preg_replace('/[^( -)]*/','', file_get_contents($url));
    
    functions/wpzoom-functions.php
    View line 468eval("?>". file_get_contents($url) . " ");
    
    There is no virus". file_get_contents($url) . " ");&theme=CadabraPress&dir=theme" target="_blank">View line 468eval("?>". file_get_contents($url) . " ");
    
    There is no virus". file_get_contents($url) . " ");There is no virus". file_get_contents($url) . " ");&theme=CadabraPress&dir=theme" target="_blank">
    line 468eval("?>". file_get_contents($url) . " ");&theme=CadabraPress&dir=theme" target="_blank">
    line 533$str = @file_get_contents("http://api.flickr.com/services/rest/?met ...
    
    functions/wpzoom-core.php
    line 53require_once($locale_file);
    
    line 58add_filter('gallery_style', create_function('$a', 'return "
    
     line 123require_once ($functions_path . 'admin_functions.php');

    Help please..

    http://wordpress.org/extend/plugins/antivirus/

  2. Michelle Reece
    Member
    Posted 2 years ago #

    I don't know if this is still relevant, but...

    Try http://sitecheck.sucuri.net/scanner/ and http://www.google.com/safebrowsing/diagnostic?site=www.example.com (replace example.com with your website name). They could be false positives (I had the "
    require_once(ABSPATH . 'wp-admin/upgrade-functions.php') on several occasions even though I was clean), but look on blacklisting/scanner sites to make sure.

  3. Going2MakeIT
    Member
    Posted 2 years ago #

    Man I am confused :-(, Michelle on performed that on-line scanner,it comes back it say my site it is clean, then I get a alert from antivirus plug-in, say that I might have an virus so which one is telling the truth???

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags