Reputation: 2178
WebSite Hacked: Trouble Understanding Infected Php Code
By the way I am using WordPress, and the file containing this is being required by wp-config.
I have identified that the source code below is responsible for the redirection of our website to another site.I tried understanding the code but was really confused how its being coded. I can only understand base64_decode.
Here is the snippet:
defined('Œ9¼42¹938153¼¹¹7') || define('Œ9¼42¹938153¼¹¹7',__FILE__);
global $¸¸3º84200½º¸½½50;global $ˆ961949»½¸92º286;
if(!function_exists('Ž¼30¹193592¹0¼6»')){
function Ž¼30¹193592¹0¼6»($º987½8¹02½2¹05º¼,$‡¹½67345¼24¼62¸½=''){
if(empty($º987½8¹02½2¹05º¼)) return '';
$º987½8¹02½2¹05º¼=base64_decode($º987½8¹02½2¹05º¼);How do I understand this for example, Ž¼30¹193592¹0¼6»?
Upvotes: 0
Views: 112
Answers (1)
Reputation: 1256
This code is obfuscated https://en.wikipedia.org/wiki/Obfuscation_(software)
Ž¼30¹193592¹0¼6»
is the name of a function defined in this code :-)
It's much more difficult to understand the role of a function called Ž¼30¹193592¹0¼6»() than redirectTo()
You can find some deobfuscators on the web, but I would suggest you to give up trying understand this code, it's a waste of time.
Upvotes: 2
Related Questions
- Need to identify malicious code in hacked Wordpress site so I can stop other sites getting hacked
- PHP Wordpress site compromised, what is this obfuscated code doing?
- My website got hacked - what does this code do?
- php script containing devil hack
- PHP code help - hacked apache server
- PHP hack files found - help decoding and identifying
- Can some one decode this dirty code?
- Hacked Code Decoded
- webapp hacked, but what is the exact code inserted? echo(gzinflate(base64_decode(".....")
- hacked website unusual php file