Script to find base64_decode in your wordpress files

Has your wordpress website been infected by unwanted base64_decode?  One indication is that when web-surfers find your website by searching in Google, the Google link is blocked from visiting your website (and their free Avast anti-virus probably shows a nasty alert warning when they click your website link from Google).

Here is a tool (a useful script) that can help you identify which files might be infected.  The full article, explanation and script can be found at the following link.  You will find the script both with and without comments.

http://blog.aw-snap.info/p/simple-script-to-find-base64decode-in.html

Just copy and paste the script into a new .php file that you create and place the file in the root directory of your wordpress website.  Install and use an app like Notepad++ to edit and save the new file.

If you only wish to check for the string occurences of ‘base64_decode’ then you can insert leading double forward slash // at the beginning of each line of script “$str_to_find[]” in order to “comment-out” and disable checking for anything else.  For Example:

$str_to_find[]=’base64_decode’;
//     $str_to_find[]=’edoced_46esab’;
//     Comment: Previous line is base64_decode reversed
//     $str_to_find[]=’preg_replace’;
//     $str_to_find[]=’HTTP_REFERER’;
//     $str_to_find[]=’HTTP_USER_AGENT’;

If you wish to better limit your search to identify the string ‘eval (base64_decode’ then you should modify the first variable in the list to instead be this:

$str_to_find[]=’eval (base64_decode’;

If you don’t understand much of this at all, then please hire your friendly neighborhood IT geek and let him or her fix it for you.  Good luck.

Print Friendly, PDF & Email