Unknown function in theme files

  • davidpodmore

    (@davidpodmore)


    8 years, 2 months ago

    Hi,

    Our site is using a custom built theme. I’ve just noticed that all theme files have had a function added the beginning, and I have no idea what it is, what it does, or where it’s come from. Linked below is an example taken from the Single Post template.

    http://textuploader.com/dh8jm

    Any ideas as to what this is? Is it malicious? Is it likely to have been added by a plugin? Can I safely remove it?

    Any help is appreciated,
    David

    • This topic was modified 8 years, 2 months ago by davidpodmore.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    8 years, 2 months ago

    Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    Thread Starter davidpodmore

    (@davidpodmore)

    8 years, 2 months ago

    Hi Andrew,

    Thanks for the quick reply! I’ll go grab that coffee…

    Cheers,
    David

    resa7070

    (@resa7070)

    8 years, 2 months ago

    SCAN SITE WITH SECURITY SCRIPTS OR REUPLOAD FILES

    afleetingglimpse

    (@afleetingglimpse)

    8 years, 2 months ago

    Just out of curiosity looked at what it was calling.

    otpuwblr = Forex
    oyulpkp = database of money transfers

    You can always put in google “otpuwblr” quotes needed and see if an exact match pops up.

    (!function_exists(‘otpuwblr’))

    also sending out data..

    mailto:fepdof in the code fepdof pops up a lot in hacked Wp sites

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Unknown function in theme files’ is closed to new replies.