我用WP Antivirus Site Protection扫描了我的网站,发现一个受感染的文件。
此文件是我的网站模板中的主文件。
恶意软件类型:php.var.function.14
这是恶意代码吗?如果是这样,请提出如何防止恶意活动的建议。
任何人都可以,请告诉我这个php代码会做什么?
代码如下:
<?php
add_action( 'admin_menu', 'register_header_adv_page' );
function register_header_adv_page(){
add_submenu_page( 'wb_add_adv','wb_header_adv', 'تبلیغات هدر', 'manage_options', 'wb_header_adv','wb_header_adv' );
}
//---------------------------------------------------
function wb_header_adv(){
global $wpdb;
//------------------------add--------------------
if(isset($_POST['add_header_btn'])){
$date=date("Y-m-d H:i:s");
if($_POST['H1']=='update'){
$wpdb->query("update ".$wpdb->prefix."softadv set advid='".$_POST['h1r_adv_id']."', showadv='".$_POST['show_header1']."' where location='H1R'");
$wpdb->query("update ".$wpdb->prefix."softadv set advid='".$_POST['h1l_adv_id']."',showadv='".$_POST['show_header1']."' where location='H1L'");
} else{
$location="H1R";
$wpdb->query("insert into ".$wpdb->prefix."softadv (date,showadv,type,location,advid) values('".$date."','".$_POST['show_header1']."','img','".$location."','".$_POST['h1r_adv_id']."')");
$location="H1L";
$wpdb->query("insert into ".$wpdb->prefix."softadv (date,showadv,type,location,advid) values('".$date."','".$_POST['show_header1']."','img','".$location."','".$_POST['h1l_adv_id']."')");
}
$date=date("Y-m-d H:i:s");
if($_POST['H2']=='update'){
$wpdb->query("update ".$wpdb->prefix."softadv set advid='".$_POST['h2r_adv_id']."', showadv='".$_POST['show_header2']."' where location='H2R'");
$wpdb->query("update ".$wpdb->prefix."softadv set advid='".$_POST['h2l_adv_id']."',showadv='".$_POST['show_header2']."' where location='H2L'");
} else{
$location="H2R";
$wpdb->query("insert into ".$wpdb->prefix."softadv (date,showadv,type,location,advid) values('".$date."','".$_POST['show_header2']."','img','".$location."','".$_POST['h2r_adv_id']."')");
$location="H2L";
$wpdb->query("insert into ".$wpdb->prefix."softadv (date,showadv,type,location,advid) values('".$date."','".$_POST['show_header2']."','img','".$location."','".$_POST['h2l_adv_id']."')");
}
$date=date("Y-m-d H:i:s");
if($_POST['H3']=='update'){
if($_POST['h3_type']=="slider"){
$advids = serialize($_POST['h3r_adv_id']);
}else{
$advids = $_POST['h3r_adv_id'];
}
$wpdb->query("update ".$wpdb->prefix."softadv set advid='".$advids."', showadv='".$_POST['show_header3']."',type='".$_POST['h3_type']."' where location='H3R'");
} else{
$location="H3R";
if($_POST['h3_type']=="slider"){
$advids = serialize($_POST['h3r_adv_id']);
}else{
$advids = $_POST['h3r_adv_id'];
}
$wpdb->query("insert into ".$wpdb->prefix."softadv (date,showadv,type,location,advid) values('".$date."','".$_POST['show_header3']."','".$_POST['h3_type']."','".$location."','".$advids."')");
}
}
//-----------------------select------------------
$h1r_adv = $wpdb->get_row( "SELECT showadv,advid FROM ".$wpdb->prefix."softadv where location='H1R'");
$header1_showadv=$h1r_adv->showadv;
$h1r_id=$h1r_adv->advid;
//------------
$h1l_adv = $wpdb->get_row( "SELECT showadv,advid FROM ".$wpdb->prefix."softadv where location='H1L'");
$h1l_id=$h1l_adv->advid;
//----------
$h2r_adv = $wpdb->get_row( "SELECT showadv,advid FROM ".$wpdb->prefix."softadv where location='H2R'");
$header2_showadv=$h2r_adv->showadv;
$h2r_id=$h2r_adv->advid;
//------------
$h2l_adv = $wpdb->get_row( "SELECT showadv,advid FROM ".$wpdb->prefix."softadv where location='H2L'");
$h2l_id=$h2l_adv->advid;
//----------
$h3r_adv = $wpdb->get_row( "SELECT showadv,advid,type FROM ".$wpdb->prefix."softadv where location='H3R'");
$header3_showadv=$h3r_adv->showadv;
$h3r_id=$h3r_adv->advid;
$h3r_type=$h3r_adv->type;
//------------
?>
<h3>پلن 1</h3>
<form method="post">
<div class="line"></div>
<table>
<tr>
<td colspan="2">
<label><input type="checkbox" name="show_header1" value="1" <?php if($header1_showadv) echo 'checked'; ?> />نمایش</label>
</td>
</tr>
<tr>
<td>
تبلیغات سمت راست :
</td>
<td>
<select name="h1r_adv_id">
<option>انتخاب تبلیغ</option>
<?php show_img_adv_list_in_select('header',$h1r_id,'img') ?>
</select>
</td>
</tr>
<tr>
<td>
تبلیغات سمت چپ :
</td>
<td>
<select name="h1l_adv_id">
<option>انتخاب تبلیغ</option>
<?php show_img_adv_list_in_select('header',$h1l_id,'img') ?>
</select>
</td>
</tr>
</table>
<h3>پلن 2</h3>
<div class="line"></div>
<table>
<tr>
<td colspan="2">
<label><input type="checkbox" name="show_header2" value="1" <?php if($header2_showadv) echo 'checked'; ?> />نمایش</label>
</td>
</tr>
<tr>
<td>
تبلیغات سمت راست :
</td>
<td>
<select name="h2r_adv_id">
<option>انتخاب تبلیغ</option>
<?php show_img_adv_list_in_select('header',$h2r_id,'img') ?>
</select>
</td>
</tr>
<tr>
<td>
تبلیغات سمت چپ :
</td>
<td>
<select name="h2l_adv_id">
<option value="">انتخاب تبلیغ</option>
<?php show_img_adv_list_in_select('header',$h2l_id,'img') ?>
</select>
</td>
</tr>
</table>
<h3>پلن 3</h3>
<div class="line"></div>
<table>
<tr>
<td colspan="2">
<label><input type="checkbox" name="show_header3" value="1" <?php if($header3_showadv) echo 'checked'; ?> />نمایش</label>
</td>
</tr>
<tr>
<td colspan="2">
<select name="h3_type" class="h3_type">
<option <?php if($h3r_type=="img") echo "selected"; ?> value="img">بنر</option>
<option <?php if($h3r_type=="slider") echo "selected"; ?> value="slider">اسلایدر</option>
</select>
</td>
</tr>
<tr>
<td>
تبلیغات سمت راست :
</td>
<td>
<select <?php if($h3r_type=="slider"){ echo 'name="h3r_adv_id[]" multiple';} else if($h3r_type=="img") echo 'name="h3r_adv_id"'; ?> class="h3r_adv_id">
<option>انتخاب تبلیغ</option>
<?php show_img_adv_list_in_select('header',$h3r_id,$h3r_type) ?>
</select>
</td>
</tr>
<tr>
<td>
<input type="submit" value="ذخیره" name="add_header_btn" class="button-primary add_h_adv_btn" />
</td>
<td></td>
</tr>
</table>
<input type="hidden" value="<?php if ( null !== $h1r_adv ) { echo "update"; } ?>" name="H1" />
<input type="hidden" value="<?php if ( null !== $h2r_adv ) { echo "update"; } ?>" name="H2" />
<input type="hidden" value="<?php if ( null !== $h3r_adv ) { echo "update"; } ?>" name="H3" />
</form>
<?php
}
//--------------------------------------------------