De-obfuscate a backdoor PHP script
See this post:
This: ‘\x63\x72\x65\x61\x74\x65\x5f\x66\x75\x6e\x63\x74\x69\x6f\x6e’ is hex encoded “create_function” string. This is a PHP function that creates a function dynamically from a string. This is a backdoor. What can it do, for example?
- It can upload arbitrary files
- It can execute mysql queries
- Its can shell command
Others have detected the following as a Trojan function.
‘function letmein() {die’
Saturday at LA Fitness
Spring Hill couple inspires research into coconut oil for Alzheimer’s patients
Story by Jodie Tillman, Staff Writer for the Tampa Bay Times
See Article: http://www.tampabay.com/news/health/spring-hill-couple-inspires-research-into-coconut-oil-for-alzheimers/2124596
According to this Article:
Researchers at the University of South Florida’s Byrd Alzheimer’s Institute recently received a $250,000 grant from a private foundation to conduct what is thought to be the first clinical trial of the effects of coconut oil on mild to moderate cases of Alzheimer’s disease.
“One hallmark of Alzheimer’s is that some parts of the brain stop processing glucose, the primary source of energy. What could plug that fuel gap and keep the brain cells alive? One theory: ketones.”
“In 2008, she [Dr. Mary Newport] read a report on a small study of a new medicinal drink. The brew’s key ingredient is a type of fat known as a medium chain triglyceride. The liver converts part of those fats into an energy source called ketones.”
“At that time, the medicinal drink in the study had not yet hit the market. Dr. Newport learned that nonhydrogenated coconut oil is made up mostly of medium-chain triglycerides. She bought a jar of coconut oil and started spooning it into her husband’s [Steve’s] oatmeal.”
“She [Dr. Mary Newport] says she started seeing results within days. Steve improved his score on an exam used to screen for dementia. His drawings of clock faces — an important test for Alzheimer’s progression — improved. His tremors subsided. He could engage with others.”
Spring Hill couple inspires research into coconut…
Spring Hill couple inspires research into coconut oil for Alzheimer’s patients soa.li/KjHLkEI
Script to find base64_decode in your wordpress files
Has your wordpress website been infected by unwanted base64_decode? One indication is that when web-surfers find your website by searching in Google, the Google link is blocked from visiting your website (and their free Avast anti-virus probably shows a nasty alert warning when they click your website link from Google).
Here is a tool (a useful script) that can help you identify which files might be infected. The full article, explanation and script can be found at the following link. You will find the script both with and without comments.
http://blog.aw-snap.info/p/simple-script-to-find-base64decode-in.html
Just copy and paste the script into a new .php file that you create and place the file in the root directory of your wordpress website. Install and use an app like Notepad++ to edit and save the new file.
If you only wish to check for the string occurences of ‘base64_decode’ then you can insert leading double forward slash // at the beginning of each line of script “$str_to_find[]” in order to “comment-out” and disable checking for anything else. For Example:
$str_to_find[]=’base64_decode’;
// $str_to_find[]=’edoced_46esab’;
// Comment: Previous line is base64_decode reversed
// $str_to_find[]=’preg_replace’;
// $str_to_find[]=’HTTP_REFERER’;
// $str_to_find[]=’HTTP_USER_AGENT’;
If you wish to better limit your search to identify the string ‘eval (base64_decode’ then you should modify the first variable in the list to instead be this:
$str_to_find[]=’eval (base64_decode’;
If you don’t understand much of this at all, then please hire your friendly neighborhood IT geek and let him or her fix it for you. Good luck.
