False Hacking Attempt

never saw that message. could it come from a plugin or something on your server?

probably the only think you can do is reinstall wordpress if you already have a backup.

I never heard of that function in WP, that’s why I ask if something could be the source of the error.

Aha! Ok, a few months ago or so, I was hacked (but not rooted) due to a wordtube-button.php flaw and the intruder did quite some changes here and there, including some file system/tools managing php tools. However, after cleaning up the system (he/she left trails in the system like horde of elephants though) I have done some security maintenance like php hardening, mod_security for apache, set-up local firewall, chrooted apache and, naturally, upgrade of WP and wordtube by deleting old version, except wp-config.php, which has (had!) at the beginning this piece of code:

foreach($_GET as $a) {
if(preg_match(“/((http:\/\/|https:\/\/|ftp:\/\/).+)/i”,$a)){
die(“Hacking attempt”);
}
}
foreach($_REQUEST as $a) {
if(preg_match(“/((http:\/\/|https:\/\/|ftp:\/\/).+)/i”,$a)){
die(“Hacking attempt”);
}
}
foreach($_COOKIE as $a) {
if(preg_match(“/((http:\/\/|https:\/\/|ftp:\/\/).+)/i”,$a)){
die(“Hacking attempt”);
}
}

It looked pretty, well, “normal” to me and I haven’t seen a new wp-config since the first installation of WP, so I have left it there. Now after your comments, I looked into the original wp-config and of course, no trace of this code anywhere. Anyway, this is obviously solved but can someone explain what’s the purpose of this? Or is it just to make WP useless?

And thx again for help! ??