crmacdonald1 on "[Plugin: Anti-Malware (Get Off Malicious Scripts)] Great Plugin! Found "potential threats" - question* (apologies for the length!)"

So! I've been frustrated with some hackery run amok on my site.

I don't have a shared hosting environment, and only manage 1 website.

I have installed your plugin and found some "Potential Threats".

I'm not as seasoned as others in this matter, and while I understand the basics in malicious coding (base64, iframe, eval), my problem is, when I find it, I don't know how much of the coding is malicious (in other words, I don't always know where the malicious code ends, and where the safe/ regular coding begins [or vice versa]).

Should the entire run of coding that the plugin has found and labelled as "Potential Threats" be considered malicious? Or just part of it? The coding that the plugin found is definitely malicious, as I see "eval" and such buzzwords contained in it to tip me off as such.

Here's what the plugin found:

_________________________________________________________________
_________________________________________________________________

...\wp-content\plugins\gotmls\images\trace.php

<?php eval('$_SERVER["REMOTE_ADDR"] = "'.$_SERVER["REMOTE_ADDR"].'";');
// Debug Tracer function by ELI at GOTMLS.NET
function GOTMLS_debug_trace($file) {
if (!session_id())
@session_start();
if (!isset($_SESSION["GOTMLS_traces"]))
$_SESSION["GOTMLS_traces"] = 0;
if (!isset($_SESSION["GOTMLS_trace_includes"]))
$_SESSION["GOTMLS_trace_includes"] = array();
if (isset($_SESSION["GOTMLS_trace_includes"][$_SESSION["GOTMLS_traces"]][$file]))
$_SESSION["GOTMLS_traces"] = microtime(true);
if (!$GOTMLS_headers_sent && $GOTMLS_headers_sent = headers_sent($filename, $linenum)) {
if (!$filename)
$filename = __("an unknown file",'gotmls');
if (!is_numeric($linenum))
$linenum = __("unknown",'gotmls');
$_SESSION["GOTMLS_trace_includes"][$_SESSION["GOTMLS_traces"]][$file] = microtime(true).sprintf(__(': Headers sent by %1$s on line %2$s.','gotmls'), $filename, $linenum);
} else
$_SESSION["GOTMLS_trace_includes"][$_SESSION["GOTMLS_traces"]][$file] = microtime(true);
if (isset($_GET["GOTMLS_traces"]) && count($_SESSION["GOTMLS_trace_includes"][$_SESSION["GOTMLS_traces"]]) > $_GET["GOTMLS_includes"]) {
$_SESSION["GOTMLS_traces"] = microtime(true);
foreach ($_SESSION["GOTMLS_trace_includes"] as $trace => $array)
if ($trace < $_GET["GOTMLS_traces"])
unset($_SESSION["GOTMLS_trace_includes"][$trace]);
die(print_r(array("".substr($_SESSION["GOTMLS_traces"], 0, 10)."

",$_SESSION["GOTMLS_trace_includes"],"

")));
	}
}