Frage
About a week ago, I found some strange code in all of my wordpress and SMF sites' files. The code is in every file which uses Wordpress' or SMF's API, even if it's not a default file of the specified system. It's starting with a $zend_framework variable, and if I uncode it with unphp.net, I get an obfuscated strange PHP class.
I contacted my host, if it's a 'normal' error of the zend framework, but they said no, it's some weird code.
I searched for some answer in Google and I found some articles that says that there's some hackers may use this way to hack a Wordpress website, but I did not found any sign of unwished logins to my website, but sometimes it does some weird things, for example, one of my API (which uses Wordpress' API) stopped working perfectly about the time when this code appeared in the files. It's worked before, but after it, for example, instead of the 'Bad request' message it's returned a 'A@' message.
What is this code? It's a bug of the zend framework, or somebody is trying to hack my website?
Here is the code decoded with UnPHP: http://www.unphp.net/decode/c0958d9db747d5a32c8308ba2fcf4d27/
Lösung
Someone isn't trying to hack your website, they've succeeded. This is a well known Wordpress exploit. It has nothing to do with Zend Framework (which Wordpress doesn't use). You need to restore your site from a safe backup, or start from a clean Wordpress install.
More info here: http://www.justbeck.com/zend_framework-wordpress-hacks/
https://stackoverflow.com/questions/17952474
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian