Broken link, no DNS resolution for that domain name.
Also, a screenshot of the code would be useless. Post the actual code itself. Stick it on http://wordpress.pastebin.com and then paste a link to the code back here.
i’d like to post it there but i’m having a hard time just doing a ‘select all’ on either gedit or bluefish. ugh. i tried notepad under wine and just doing a copy after a select all crashed the program hence the screenshot. i could, however, send file to an e-mail address of your choosing.
strange about the dns resolution thing. the site is on yahoo. (i know, i know.)
edit: may i send the file to your otto destruct dot com e-mail address?
ach. here’s the link:
http://wordpress.pastebin.com/m46d5df79
it took be a good few minutes just to select all – copy – paste a 49k file. ugh.
Holy crap! Never seen one that complex. I’d have to write a special decoder for it.
Regardless, I would not trust it. Just delete the thing. Where did you find it, exactly?
it was in a subdirectory under my tmp subdirectory in the server. the plugins manager told me it disabled the thing and i got suspicious — a plugin in the tmp subdirectory?!? i couldn’t delete it at first. permission denied, the server said. so i had to change the permissions and not make it executable. after a day i was able to delete it. i just want to know what it does, don’t you?
Some older versions of WordPress had security holes. Some exploits for those security holes left traps in the code to have them hide their plugins by putting them in the tmp directory. So that is not all that unusual.
Regardless, it’s malicious code. Decoding it would probably take longer than it’s worth, but I feel pretty sure that it’s a backdoor into the system.
okay. i’ll take your word for it. i deleted it from the server already but i have a copy in my workstation in case i have time later on to mess with it.
thanks otto for taking the time.
