Wordpress zainfekowany? (WP Authenticity Checker)

0

Przeskanowałem worpressa pluginem WP Authenticity Checker ( WAC ) . I wyskoczyło mi aż tyle lini. Czy to normalnie. Dużo jest pluginów popularnych (yoast w3cache). Proszę o pomoc czy jest to oznaka zainfekowania strony ??. Wynik pokazuje dla:

Plugin scan results **STATUS: ( Malicious code found in 140 plugin files )**
Themes scan results  =  STATUS: ( Malicious code found in 2 theme files ) 

Plugins scan results

Line 201: "base64_encode( 'api:' . $this->api_key ),..."
 Edit: /tiny-compress-images/src/class-tiny-compress-fopen.php
Line 1737: "base64_encode($encapsulated)) ...."
 Edit: /all-in-one-wp-migration/lib/vendor/math/BigInteger.php
Line 930: "base64 encoded values (Visual Composer)..."
 Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 932: "base64_values_callback' ), $input );..."
 Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 964: "base64 values (callback)..."
 Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 969: "base64_values_callback( $matches ) {..."
 Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 970: "base64 characters..."
 Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 971: "base64_decode( strip_tags( $matches[1] ) ) );..."
 Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 976: "base64 characters..."
 Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 977: "base64_encode( rawurlencode( $input ) ) . '[/..."
 Edit: /all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php
Line 56: "base64_encode( "{$user}:{$password}" ) ) ) {..."
 Edit: /all-in-one-wp-migration/lib/model/class-ai1wm-http.php
Line 124: "base64_encode( "{$user}:{$password}" ) ) ) {..."
 Edit: /all-in-one-wp-migration/lib/model/class-ai1wm-http.php
Line 1193: "base64,'.base64_encode($this->menu_svg_color(..."
 Edit: /above-the-fold-optimization/admin/admin.class.php
Line 1261: "base64_encode(hash($algorithm, $script['clien..."
 Edit: /above-the-fold-optimization/includes/optimization.class.php
Line 500: "base64,R0lGOD' ) && ! strpos( $file, 'lazy-lo..."
 Edit: /ewww-image-optimizer/common.php
Line 653: "base64,R0lGOD' ) && ! strpos( $file, 'lazy-lo..."
 Edit: /ewww-image-optimizer/common.php
Line 724: "base64,R0lGOD' ) && $image->getAttribute( 'da..."
 Edit: /ewww-image-optimizer/common.php
Line 759: "base64,R0lGOD' ) || strpos( $file, 'lazy-load..."
 Edit: /ewww-image-optimizer/common.php
Line 2594: "base64,"+a[t]}function ewww_load_images(t){jQ..."
 Edit: /ewww-image-optimizer/common.php
Line 2608: "base64,"+a[t]}function ewww_load_images(t){jQ..."
 Edit: /ewww-image-optimizer/common.php
Line 304: "base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz..."
 Edit: /wp-smushit/extras/dash-notice/wpmudev-dash-notification.php
Line 740: "base64_decode( $response->data->image ); //ba..."
 Edit: /wp-smushit/lib/class-wp-smush.php
Line 384: "base64_encode( pack( 'H*', $md5 ) );..."
 Edit: /w3-total-cache/CdnEngine_Azure.php
Line 220: "base64\r\n";..."
 Edit: /w3-total-cache/lib/Google/Http/MediaFileUpload.php
Line 221: "base64_encode($this->data) . "\r\n";..."
 Edit: /w3-total-cache/lib/Google/Http/MediaFileUpload.php
Line 28: "base64_encode($data);..."
 Edit: /w3-total-cache/lib/Google/Utils.php
Line 44: "base64_decode($b64);..."
 Edit: /w3-total-cache/lib/Google/Utils.php
Line 378: "base64 data urls, we need to handle..."
 Edit: /w3-total-cache/lib/Minify/YUI-CSS-compressor-PHP-port-4.1.0/Minifier.php
Line 395: "base64 encoded URLs...."
 Edit: /w3-total-cache/lib/Minify/YUI-CSS-compressor-PHP-port-4.1.0/Minifier.php
Line 396: "base64,') !== false) {..."
 Edit: /w3-total-cache/lib/Minify/YUI-CSS-compressor-PHP-port-4.1.0/Minifier.php
Line 656: "base64_encode(md5_file($file, true))) : '', '..."
 Edit: /w3-total-cache/lib/S3.php
Line 713: "base64_encode(md5($input, true)),..."
 Edit: /w3-total-cache/lib/S3.php
Line 1276: "base64_encode($data));..."
 Edit: /w3-total-cache/lib/S3.php
Line 1277: "base64_encode($signature));..."
 Edit: /w3-total-cache/lib/S3.php
Line 1350: "base64_encode(str_replace('\/', '/', json_enc..."
 Edit: /w3-total-cache/lib/S3.php
Line 1965: "base64_encode(extension_loaded('hash') ?..."
 Edit: /w3-total-cache/lib/S3.php
Line 133: "base64_encode(hash_hmac('sha1', $base_string,..."
 Edit: /w3-total-cache/lib/OAuth/W3tcOAuth.php
Line 213: "base64_encode($signature);..."
 Edit: /w3-total-cache/lib/OAuth/W3tcOAuth.php
Line 217: "base64_decode($signature);..."
 Edit: /w3-total-cache/lib/OAuth/W3tcOAuth.php
Line 346: "base64_encode("$value[0]:$value[1]");..."
 Edit: /w3-total-cache/lib/Azure/GuzzleHttp/Client.php
Line 1606: "base64_encode(..."
 Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Blob/BlobRestProxy.php
Line 53: "base64 representation...."
 Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/StorageServiceSettings.php
Line 115: "base64 string...."
 Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/StorageServiceSettings.php
Line 181: "base64_decode will return false if the $key i..."
 Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/StorageServiceSettings.php
Line 183: "Base64String = base64_decode($key, true);..."
 Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/StorageServiceSettings.php
Line 184: "Base64String) {..."
 Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/StorageServiceSettings.php
Line 135: "base64_encode(..."
 Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Authentication/SharedKeyAuthScheme.php
Line 136: "base64_decode($this->accountKey), true)..."
 Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Authentication/SharedKeyAuthScheme.php
Line 117: "base64_encode(..."
 Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Authentication/TableSharedKeyLiteAuthScheme.php
Line 118: "base64_decode($this->accountKey), true)..."
 Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Authentication/TableSharedKeyLiteAuthScheme.php
Line 95: "base64 string. It has to pass the check 'base..."
 Edit: /w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Resources.php
Line 188: "base64Binary'=>'string',..."
 Edit: /w3-total-cache/lib/Nusoap/class.nusoap_base.php
Line 199: "base64Binary'=>'string','base64'=>'string','u..."
 Edit: /w3-total-cache/lib/Nusoap/class.nusoap_base.php
Line 203: "base64Binary'=>'string','base64'=>'string','u..."
 Edit: /w3-total-cache/lib/Nusoap/class.nusoap_base.php
Line 205: "base64'=>'string','array'=>'array','Array'=>'..."
 Edit: /w3-total-cache/lib/Nusoap/class.nusoap_base.php
Line 474: "base64_encode(str_replace(':','',$username).'..."
 Edit: /w3-total-cache/lib/Nusoap/class.soap_transport_http.php
Line 585: "base64_encode($proxyusername.':'.$proxypasswo..."
 Edit: /w3-total-cache/lib/Nusoap/class.soap_transport_http.php
Line 188: "base64Binary'=>'string',..."
 Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 199: "base64Binary'=>'string','base64'=>'string','u..."
 Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 203: "base64Binary'=>'string','base64'=>'string','u..."
 Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 205: "base64'=>'string','array'=>'array','Array'=>'..."
 Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 2627: "base64_encode(str_replace(':','',$username).'..."
 Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 2738: "base64_encode($proxyusername.':'.$proxypasswo..."
 Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 6949: "base64' || $type == 'base64Binary') {..."
 Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 6950: "base64 value');..."
 Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 6951: "base64_decode($value);..."
 Edit: /w3-total-cache/lib/Nusoap/nusoap.php
Line 502: "base64' || $type == 'base64Binary') {..."
 Edit: /w3-total-cache/lib/Nusoap/class.soap_parser.php
Line 503: "base64 value');..."
 Edit: /w3-total-cache/lib/Nusoap/class.soap_parser.php
Line 504: "base64_decode($value);..."
 Edit: /w3-total-cache/lib/Nusoap/class.soap_parser.php
Line 1021: "base64_encode(hash_hmac('sha256', $string_to_..."
 Edit: /w3-total-cache/lib/SNS/sdk.class.php
Line 1072: "base64(md5($querystring));..."
 Edit: /w3-total-cache/lib/SNS/sdk.class.php
Line 1135: "base64_encode(hash_hmac('sha256', $bytes_to_s..."
 Edit: /w3-total-cache/lib/SNS/sdk.class.php
Line 1140: "base64_encode(hash_hmac('sha256', $string_to_..."
 Edit: /w3-total-cache/lib/SNS/sdk.class.php
Line 66: "base64_decode($message->get('Signature'));..."
 Edit: /w3-total-cache/lib/SNS/services/MessageValidator/MessageValidator.php
Line 86: "Base64...."
 Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 89: "Base64-encoded string...."
 Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 91: "base64($str)..."
 Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 100: "base64_encode($raw);..."
 Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 328: "Base64 encoded or not...."
 Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 330: "base64-decode.php#81425 PHP License..."
 Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 332: "Base64 encoded or not...."
 Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 334: "base64($s)..."
 Edit: /w3-total-cache/lib/SNS/utilities/utilities.class.php
Line 803: "base64_encode(json_encode($list))...."
 Edit: /wp-asset-clean-up/classes/Main.php
Line 875: "base64_decode($wpacuList);..."
 Edit: /wp-asset-clean-up/classes/Main.php
Line 883: "base64_decode($contents);..."
 Edit: /wp-asset-clean-up/classes/Main.php
Line 26: "base64_encode($data);..."
 Edit: /wordpress-seo/vendor/yoast/api-libs/google/service/Google_Utils.php
Line 37: "base64_decode($b64);..."
 Edit: /wordpress-seo/vendor/yoast/api-libs/google/service/Google_Utils.php
Line 134: "base64\r\n";..."
 Edit: /wordpress-seo/vendor/yoast/api-libs/google/service/Google_MediaFileUpload.php
Line 135: "base64_encode($data) . "\r\n";..."
 Edit: /wordpress-seo/vendor/yoast/api-libs/google/service/Google_MediaFileUpload.php
Line 268: "base64 (numeric + alpha + alpha upper case) w..."
 Edit: /wordpress-seo/inc/sitemaps/class-sitemaps-cache-validator.php
Line 917: "base64 URL for the svg for use in the menu...."
 Edit: /wordpress-seo/inc/class-wpseo-utils.php
Line 921: "base64 Whether or not to return base64'd outp..."
 Edit: /wordpress-seo/inc/class-wpseo-utils.php
Line 925: "base64 = true ) {..."
 Edit: /wordpress-seo/inc/class-wpseo-utils.php
Line 928: "base64 ) {..."
 Edit: /wordpress-seo/inc/class-wpseo-utils.php
Line 929: "base64,' . base64_encode( $svg );..."
 Edit: /wordpress-seo/inc/class-wpseo-utils.php
Line 2593: "base64_decode( $_GET[ 'uri' ] ) ) );..."
 Edit: /wp-super-cache/wp-cache.php
Line 2599: "base64_decode( $_GET[ 'uri' ] ) ) ) );..."
 Edit: /wp-super-cache/wp-cache.php
Line 2710: "base64_encode( $directory ) ) ), 'wp-cache' )..."
 Edit: /wp-super-cache/wp-cache.php
Line 90: "base64 and date..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 94: "Base64')) {..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 95: "base64';..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 150: "base64':..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 312: "base64':..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 313: "base64_decode($this->_currentTagContents);..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 883: "Base64..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 888: "Base64..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 897: "Base64($data)..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 904: "base64>'.base64_encode($this->data).'</base64..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 998: "base64':..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 1056: "base64':..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 1057: "Base64('base64');..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php
Line 187: "base64_encode($username) . $this->CRLF);..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer-smtp.php
Line 205: "base64_encode($password) . $this->CRLF);..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer-smtp.php
Line 62: "base64", and "quoted-printable"...."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1126: "base64', $type = 'application/octet-stream')..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1214: "base64') {..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1247: "base64') {..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1250: "base64':..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1252: "base64_encode($str), 76, $this->LE);..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1314: "Base64EncodeWrapMB($str);..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1316: "base64_encode($str);..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1355: "Base64EncodeWrapMB($str) {..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1365: "Base64 has a 4:3 ratio..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1374: "base64_encode($chunk);..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1484: "base64', $type = 'application/octet-stream')..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1510: "base64', $type = 'application/octet-stream')..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1754: "base64',$mimeType) ) {..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.mailer.php
Line 1506: "base64_encode( $this->authentication() );..."
 Edit: /buddypress/bp-forums/bbpress/bb-includes/backpress/class.wp-http.php
Line 1102: "Base64 encoded image...."
 Edit: /buddypress/bp-core/bp-core-avatars.php
Line 1119: "Base64 encoded image...."
 Edit: /buddypress/bp-core/bp-core-avatars.php
Line 1268: "base64,', ' ' ), array( '', '+' ), $avatar_da..."
 Edit: /buddypress/bp-core/bp-core-avatars.php
Line 1269: "base64_decode( $webcam_avatar );..."
 Edit: /buddypress/bp-core/bp-core-avatars.php
Line 523: "base64_encode( wp_generate_password( 64, true..."
 Edit: /buddypress/bp-core/admin/bp-core-admin-schema.php
Line 518: "base64_encode( wp_generate_password( 64, true..."
 Edit: /buddypress/bp-core/bp-core-update.php
Line 156: "base64_decode( stripslashes( $_COOKIE['bp_com..."
 Edit: /buddypress/bp-groups/bp-groups-actions.php
Line 275: "base64_encode( json_encode( $bp->groups->comp..."
 Edit: /buddypress/bp-groups/bp-groups-actions.php
Line 37: "base64 Encoding..."
 Edit: /tac/tac.php
Line 38: "base64 functions...."
 Edit: /tac/tac.php
Line 48: "base64")) // Check for any base64 functions..."
 Edit: /tac/tac.php
Line 54: "base64"), 0, 45))) . "...\"</div>";..."
 Edit: /tac/tac.php

0

niekoniecznie, przeleć jakimś skanerem online https://sitecheck.sucuri.net/ i zoba co pokaże

0

Z kolei druga wtyczke Expoit Skaner wykazuje 666 bledów
(Results Level Severe (666 matches) ) a w tym jest cos takiego: ** ( a prócz tego pod wszystki jest jeszcze sekcja Level Warning (1115 matches) ) ...** i kolejne błedy ...
aha strona praktycznie swieza z pluginami do optymalizacji itp..

wp-admin/includes/class-pclzip.php:4068
Often used to execute malicious code	// eval('$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT
wp-admin/includes/file.php:1013
Used by malicious scripts to decode previously obscured data/programs	$expected_raw_md5 = base64_decode( $expected_md5 );
wp-includes/js/tw-sack.min.js:1
Often used to execute malicious code	is.argumentSeparator)},this.runResponse=function(){eval(this.response)},this.runAJAX=function(a){if(thi
wp-includes/js/tw-sack.js:119
Often used to execute malicious code	eval(this.response);
wp-includes/js/jquery/jquery.form.min.js:11
Often used to execute malicious code	e?b:null},I=a.parseJSON||function(a){return window.eval("("+a+")")},J=function(b,c,d){var e=b.getRespon
wp-includes/js/jquery/jquery.schedule.js:30
Often used to execute malicious code	ctx["func"]=eval("function () { "+ctx["func"]+" }");}
wp-includes/js/tinymce/tiny_mce_popup.js:192
Often used to execute malicious code	eval(evil);
wp-includes/js/json2.js:504
Often used to execute malicious code	j = eval('(' + text + ')');
wp-includes/js/json2.min.js:1
Often used to execute malicious code	eplace(rx_three,"]").replace(rx_four,"")))return j=eval("("+text+")"),"function"==typeof reviver?walk({
wp-includes/js/plupload/moxie.js:3278
Used by malicious scripts to decode previously obscured data/programs	// * example 1: base64_decode('S2V2aW4gdmFuIFpvbm5ldmVsZA==');
wp-includes/ID3/module.audio.ogg.php:679
Used by malicious scripts to decode previously obscured data/programs	$flac->setStringMode(base64_decode($ThisFileInfo_ogg_comments_raw[$i]['value']));
wp-includes/ID3/module.audio.ogg.php:686
Used by malicious scripts to decode previously obscured data/programs	$data = base64_decode($ThisFileInfo_ogg_comments_raw[$i]['value']);
wp-includes/random_compat/random_bytes_com_dotnet.php:66
Used by malicious scripts to decode previously obscured data/programs	$buf .= base64_decode($util->GetRandom($bytes, 0));
wp-includes/SimplePie/Sanitize.php:244
Used by malicious scripts to decode previously obscured data/programs	$data = base64_decode($data);
wp-includes/class-wp-simplepie-sanitize-kses.php:46
Used by malicious scripts to decode previously obscured data/programs	$data = base64_decode( $data );
wp-includes/class-wp-customize-widgets.php:1289
Used by malicious scripts to decode previously obscured data/programs	$decoded = base64_decode( $value['encoded_serialized_instance'], true );
wp-includes/IXR/class-IXR-message.php:196
Used by malicious scripts to decode previously obscured data/programs	$value = base64_decode($this->_currentTagContents);
wp-includes/class-snoopy.php:678
Often used to execute malicious code	// I didn't use preg eval (//e) since that is only available in PHP 4.0.
wp-includes/class-phpmailer.php:3411
Used by malicious scripts to decode previously obscured data/programs	$data = base64_decode($data);
wp-includes/class-json.php:22
Often used to execute malicious code	* Javascript, and can be directly eval()'ed with no further parsing
wp-includes/class-smtp.php:471
Used by malicious scripts to decode previously obscured data/programs	$challenge = base64_decode(substr($this->last_reply, 4));
wp-content/cache/object/ac6/a9c/ac6a9c2d3b3c1fd69b69f842874407dc.php:1
Often used to execute malicious code	.php";s:4:"line";s:78:"// eval(#$#$'$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT";s:7:"line_no";i:4068 [line truncated]
wp-content/cache/object/ac6/a9c/ac6a9c2d3b3c1fd69b69f842874407dc.php:1
Used by malicious scripts to decode previously obscured data/programs	.php";s:4:"line";s:78:"// eval('$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT";s:7:"line_no";i:4068;s:4:"de [line truncated]
wp-content/themes/boombox/includes/plugins/essb.php:179
Used by malicious scripts to decode previously obscured data/programs	$options = json_decode( base64_decode( $default_options ), true );
wp-content/plugins/all-in-one-wp-migration/lib/vendor/servmask/database/class-ai1wm-database.php:971
Used by malicious scripts to decode previously obscured data/programs	$input = rawurldecode( base64_decode( strip_tags( $matches[1] ) ) );
wp-content/plugins/above-the-fold-optimization/public/js/critical-css-editor.min.js:1
Often used to execute malicious code	']*["']/.test(text)?(this.type="string",this.value=eval(text)):Colors[text.toLowerCase()]?(this.type="c
wp-content/plugins/above-the-fold-optimization/admin/js/csslint.js:4346
Often used to execute malicious code	this.value = eval(text);
wp-content/plugins/above-the-fold-optimization/admin/js/codemirror.min.js:1
Often used to execute malicious code	']*["']/.test(text)?(this.type="string",this.value=eval(text)):Colors[text.toLowerCase()]?(this.type="c
wp-content/plugins/wp-smushit/lib/class-wp-smush.php:740
Used by malicious scripts to decode previously obscured data/programs	$image = base64_decode( $response->data->image ); //base64_decode is n
wp-content/plugins/w3-total-cache/pub/js/metadata.js:91
Often used to execute malicious code	data = eval("(" + data + ")");
wp-content/plugins/w3-total-cache/lib/Google/Utils.php:44
Used by malicious scripts to decode previously obscured data/programs	return base64_decode($b64);
wp-content/plugins/w3-total-cache/lib/OAuth/W3tcOAuth.php:217
Used by malicious scripts to decode previously obscured data/programs	$decoded_sig = base64_decode($signature);
wp-content/plugins/w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/StorageServiceSettings.php:183
Used by malicious scripts to decode previously obscured data/programs	$isValidBase64String = base64_decode($key, true);
wp-content/plugins/w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Authentication/SharedKeyAuthScheme.php:136
Used by malicious scripts to decode previously obscured data/programs	hash_hmac('sha256', $signature, base64_decode($this->accountKey), true)
wp-content/plugins/w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Authentication/TableSharedKeyLiteAuthScheme.php:118
Used by malicious scripts to decode previously obscured data/programs	hash_hmac('sha256', $signature, base64_decode($this->accountKey), true)
wp-content/plugins/w3-total-cache/lib/Azure/MicrosoftAzureStorage/Common/Internal/Resources.php:95
Used by malicious scripts to decode previously obscured data/programs	a valid base64 string. It has to pass the check 'base64_decode(<user_account_key>, true)'.";
wp-content/plugins/w3-total-cache/lib/Nusoap/class.soapclient.php:711
Often used to execute malicious code	eval($evalStr);
wp-content/plugins/w3-total-cache/lib/Nusoap/class.soapclient.php:713
Often used to execute malicious code	eval("\$proxy = new nusoap_proxy_$r('');");
wp-content/plugins/w3-total-cache/lib/Nusoap/nusoap.php:3993
Often used to execute malicious code	s->debug('in invoke_method, calling function using eval()');
wp-content/plugins/w3-total-cache/lib/Nusoap/nusoap.php:3997
Often used to execute malicious code	ebug('in invoke_method, calling class method using eval()');
wp-content/plugins/w3-total-cache/lib/Nusoap/nusoap.php:4000
Often used to execute malicious code	g('in invoke_method, calling instance method using eval()');
wp-content/plugins/w3-total-cache/lib/Nusoap/nusoap.php:4019
Often used to execute malicious code	@eval($funcCall);
wp-content/plugins/w3-total-cache/lib/Nusoap/nusoap.php:6951
Used by malicious scripts to decode previously obscured data/programs	return base64_decode($value);
wp-content/plugins/w3-total-cache/lib/Nusoap/nusoap.php:7798
Often used to execute malicious code	eval($evalStr);
wp-content/plugins/w3-total-cache/lib/Nusoap/nusoap.php:7800
Often used to execute malicious code	eval("\$proxy = new nusoap_proxy_$r('');");
wp-content/plugins/w3-total-cache/lib/Nusoap/class.soap_parser.php:504
Used by malicious scripts to decode previously obscured data/programs	return base64_decode($value);
wp-content/plugins/w3-total-cache/lib/SNS/services/MessageValidator/MessageValidator.php:66
Used by malicious scripts to decode previously obscured data/programs	$incomingSignature = base64_decode($message->get('Signature'));
wp-content/plugins/w3-total-cache/PgCache_ContentGrabber.php:1664
Often used to execute malicious code	$result = eval( $code );
wp-content/plugins/wp-asset-clean-up/classes/Main.php:875
Used by malicious scripts to decode previously obscured data/programs	$json = base64_decode($wpacuList);
wp-content/plugins/wp-asset-clean-up/classes/Main.php:883
Used by malicious scripts to decode previously obscured data/programs	$data['contents'] = base64_decode($contents);
wp-content/plugins/wordpress-seo/js/dist/jquery.tablesorter.min.js:3
Often used to execute malicious code	mark("Evaling expression:"+dynamicExp,new Date());}eval(dynamicExp);cache.normalized.sort(sortWrapper);
wp-content/plugins/wordpress-seo/vendor/yoast/api-libs/google/service/Google_Utils.php:37
Used by malicious scripts to decode previously obscured data/programs	return base64_decode($b64);
wp-content/plugins/wp-super-cache/wp-cache.php:2593
Used by malicious scripts to decode previously obscured data/programs	hp' ), preg_replace( '/[ <>\'\"\r\n\t\(\)]/', '', base64_decode( $_GET[ 'uri' ] ) ) );
wp-content/plugins/wp-super-cache/wp-cache.php:2599
Used by malicious scripts to decode previously obscured data/programs	\r\n\t\(\)]/', '', preg_replace("/(\?.*)?$/", '', base64_decode( $_GET[ 'uri' ] ) ) ) );
wp-content/plugins/exploit-scanner/readme.txt:114
Often used to execute malicious code	* Fixed the eval() check incorrectly matching function names tha
wp-content/plugins/buddypress/bp-forums/bbpress/bb-includes/js/jquery/interface.js:12
Often used to execute malicious code	eval(function(p,a,c,k,e,d){e=function(c){return(c<a?
wp-content/plugins/buddypress/bp-forums/bbpress/bb-includes/backpress/class.ixr.php:313
Used by malicious scripts to decode previously obscured data/programs	$value = base64_decode($this->_currentTagContents);
wp-content/plugins/buddypress/bp-core/bp-core-avatars.php:1269
Used by malicious scripts to decode previously obscured data/programs	$webcam_avatar = base64_decode( $webcam_avatar );
wp-content/plugins/buddypress/bp-groups/bp-groups-actions.php:156
Used by malicious scripts to decode previously obscured data/programs	bp->groups->completed_create_steps = json_decode( base64_decode( stripslashes( $_COOKIE['bp_completed_create_st

0

w szczegolnosci to mnie zastanawia:

this.read=function(t){for(var e="",i=0;i<t;i++)e+=String.fromCharCode(this.readByte());return e},this.readUnsigned=function(){var t=this.readBy [line truncated]
this.read=function(t){for(var e="",i=0;i<t;i++)e+=String.fromCharCode(this.readByte());return e},this.readUnsigned=function(){var t=this.readBy [line truncated]
tpl : '<iframe id="fancybox-frame{rnd}" name="fancybox-frame{
s += String.fromCharCode(this.readByte());
switch (String.fromCharCode(block.sentinel)) { // For ease of matching
se = new VBArray(this.responseText).toArray().map(String.fromCharCode).join('');
testDrive.innerHTML = testText.value || String.fromCharCode(160);
testDrive.innerHTML = testText.value || String.fromCharCode(160);
$html = sprintf( '<iframe %s></iframe>', implode( ' ', $iframe_atts ) );
if( _value.indexOf( '<iframe' ) != '-1' ) {
if ( strpos( $value, '<iframe' ) !== false ) {

0

Podepnę się pod temat. Mam powtarzający się problem z malware. Jak się tego pozbyć i zabezpieczyć żeby się nie pojawiało ponownie?
Mój dostawca serwera przeskanował serwer i wysłał listę podejrzanych plików.
Postawiłem strony na nowo i w ciągu 24 godzin problem znowu się pojawił.

0

Krystian_4775 napisał(a):

Podepnę się pod temat. Mam powtarzający się problem z malware. Jak się tego pozbyć i zabezpieczyć żeby się nie pojawiało ponownie?
Mój dostawca serwera przeskanował serwer i wysłał listę podejrzanych plików.
Postawiłem strony na nowo i w ciągu 24 godzin problem znowu się pojawił.
Podpinam raz jeszcze plik bo tamten coś nie działa.

2

zmienić konto hostingowe i zamienić wordpressa na html/css

Wordpress zainfekowany? (WP Authenticity Checker)

Krystian_4775 napisał(a):

1 użytkowników online, w tym zalogowanych: 0, gości: 1

Praca dla programistów

Forum dyskusyjne

Sprawy administracyjne

O nas

Skontaktuj się z nami